Trying to add extensions to my rust fingerprint

Question

Trying to add extensions to my rust fingerprint

ahmadmarhaba opened this issue 2 years ago · 2 comments

I am tryin to change my rust client fingerprint by adding (27,17513,41) ext numbers => 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-[ 27 ext here ]-[ 17513 ext here ]-21-[ 41 ext here ],29-23-24,0

What I did:

Read the openssl doc and the tls ext table https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xml
Found a getter ExtensionType::CERT_COMPRESSION, ExtensionType::PADDING but no setter.
I am not using actual certificate in my rust client as I also disabled checking for it with verify mode.
Calling https://tls.peet.ws/api/clean to read my ja3
Tried using clear_option and set_option to add and remove SslOption::NO_COMPRESSION but it did nothing // Disables the use of TLS compression
Read the github code and rust doc as all I can find is this about it (2020-12-02 draft-ietf-tls-certificate-compression is now RFC 8879)
Using boring / boring-hyper / hyper in my rust client
Tried using rustls but not enough supported ciphers.

Do I need to have an actual certificate and find someway to compress it? Did I miss something crucial? If there is a solution, does it work on rest of the ExtensionTypes? Is it not implemented for rust yet?

Tryin to mimic the chrome fingerprint for rust, I already have an app running in electron client and Go (with libraries) both have chrome fingerprint. Now doing it in rust for benchmark.

Any help or advice would be great, thanks alot.

let mut connector = HttpConnector::new();
connector.enforce_http(false);

let mut ssl = SslConnector::builder(SslMethod::tls()).unwrap();

ssl.set_verify(SslVerifyMode::NONE);
ssl.enable_ocsp_stapling();
ssl.enable_signed_cert_timestamps();
ssl.set_alpn_protos(b"\x02h2\x06http/2").unwrap();
ssl.set_cipher_list("ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA").unwrap();

let ssl = HttpsConnector::with_connector(connector, ssl).unwrap();

let client = Client::builder()
    .pool_max_idle_per_host(0)
    .build::<_, Body>(ssl);

let req = Request::builder()
    .method(Method::GET)
    .uri("https://tls.peet.ws/api/clean")
    .header("user-agent", "my agent")
    .body(Body::from(""))
    .unwrap();

let res = client.request(req).await.unwrap();
let buf = body::to_bytes(res).await.unwrap();
println!("{:#?}", buf);

Answer 1 · 2023-08-29T09:13:04.000Z

any idea about this？

Answer 2 · 2023-08-31T06:57:07.000Z

It seems that you do not modify tls extensions as well. The order of tls extensions is randomized now in new version of chrome. Do you have any idea to set tls extensions in boring ssl?