Skip to content

Jarijaas/go-tls-exposed

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
cpu
cpu
 
 
http
http
 
 
nettrace
nettrace
 
 
tls
tls
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

This module is based on the golang crypto/tls package (more specifically, at the point of the commit https://github.com/golang/go/commit/8fcf318123e15abf6ce35e33831bdb64a4e071ff). The tls package was modified to expose parameters that were not modifiable normally and to support changing the order of the extensions in the ClientHello message.

This was done in order to defeat tls fingerprint checks that some web services perform, such as the Google Android Authentication API.

Do not use this module for security sensitive work because I may have introduced vulnerabilities into the tls package.

The following parameters were added into the tls.Config struct:

CompressionMethods []uint8
Scts                         bool
OscpStapling                 bool
SupportedCurves              []CurveID
SupportedPoints              []uint8
SecureRenegotiationSupported bool
SupportedSignatureAlgorithms []SignatureScheme
SupportedVersions            []uint16
ClientHelloVersion           uint16
TicketSupported              bool
PskModes                     []uint8
Extensions                   []uint16 // Extensions are appended on this order to the message
RawClientHello	[]byte // If set, uses this instead of constructing ClientHello based on the configured parameters

Usage example:

package main

import (
	xtls "github.com/Jarijaas/go-tls-exposed/tls"
	"log"
)

func main() {
	conf := &xtls.Config{
		CipherSuites: []uint16{
			0x1302, 0x1303, 0x1301, 0xc02c,
			0xc030, 0xc02b, 0xc02f, 0xcca9,
			0xcca8, 0x00a3, 0x009f, 0x00a2,
			0x009e, 0xccaa, 0xc0af, 0xc0ad,
			0xc024, 0xc028, 0xc00a, 0xc014,
			0xc0a3, 0xc09f, 0x006b, 0x006a,
			0x0039, 0x0038, 0xc0ae, 0xc0ac,
			0xc023, 0xc027, 0xc009, 0xc013,
			0xc0a2, 0xc09e, 0x0067, 0x0040,
			0x0033, 0x0032, 0x009d, 0x009c,
			0xc0a1, 0xc09d, 0xc0a0, 0xc09c,
			0x003d, 0x003c, 0x0035, 0x002f,
			0x00ff,
		},
		TicketSupported:   true,
		PskModes:          []uint8{xtls.PskModeDHE},
		SupportedVersions: []uint16{xtls.VersionTLS13, xtls.VersionTLS12},
		SupportedSignatureAlgorithms: []xtls.SignatureScheme{
			0x0403, 0x0503, 0x0603, 0x0807, 0x0808, 0x0809, 0x080a, 0x080b, 0x0804, 0x0805,
			0x0806, 0x0401, 0x0501, 0x0601, 0x0303, 0x0301, 0x0302, 0x0402, 0x0502, 0x0602,
		},
		OscpStapling:                 true,
		Scts:                         true,
		CompressionMethods:           []uint8{xtls.CompressionNone},
		SecureRenegotiationSupported: false,
		ClientHelloVersion:           xtls.VersionTLS12,
		SupportedPoints:              []uint8{xtls.PointFormatUncompressed, 1, 2},
		SupportedCurves:              []xtls.CurveID{0x001d, 0x0017, 0x001e, 0x0019, 0x0018},
		Extensions: []uint16{
			xtls.ExtensionServerName, xtls.ExtensionSupportedPoints, xtls.ExtensionSupportedCurves,
			xtls.ExtensionSessionTicket, xtls.ExtensionEncryptThenMac, xtls.ExtensionExtendedMasterSecret,
			xtls.ExtensionSignatureAlgorithms, xtls.ExtensionSupportedVersions, xtls.ExtensionSignatureAlgorithmsCert,
			xtls.ExtensionPSKModes, xtls.ExtensionKeyShare,
		},
	}

	conn, err := xtls.Dial("tcp", "android.clients.google.com:443", conf)
	if err != nil {
		log.Println(err)
		return
	}
	defer conn.Close()
}

About

Exposed crypto/tls

Topics

tls golang fingerprinting

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages