-
Notifications
You must be signed in to change notification settings - Fork 347
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLSFingerprint is lost on all requests after the first #290
Comments
same issue |
I will take the time to verify and research the solution |
The first one, it's because client reuse connection by default, no tls handshake after the first request. If you disable keep alive: package main
import (
"encoding/json"
"fmt"
"io"
"github.com/imroc/req/v3"
)
const urlString string = "https://client.tlsfingerprint.io"
type tlsFingerprintResponse struct {
NormID string `json:"norm_id"`
}
func PrintFingerprint(respBody io.Reader) {
body, _ := io.ReadAll(respBody)
var res tlsFingerprintResponse
json.Unmarshal(body, &res)
fmt.Println(res.NormID)
}
func main() {
client := req.C().EnableTraceAll().DisableKeepAlives()
client = client.SetUserAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36").
SetTLSFingerprintChrome()
resp, _ := client.R().Get(urlString)
PrintFingerprint(resp.Body)
resp, _ = client.R().Get(urlString)
PrintFingerprint(resp.Body)
resp, _ = client.R().Get(urlString)
PrintFingerprint(resp.Body)
} will got: ffa2ee96ff7b42d4 # Good Chrome fingerprint
ffa2ee96ff7b42d4 # Good Chrome fingerprint
ffa2ee96ff7b42d4 # Good Chrome fingerprint |
The second one is a real issue, will fix it in the next release. |
Thank you @imroc |
Regarding issue 1. I've traced it back a little to try to find out why a keep alive was causing the bad tls fingerprint on requests after the first. It appears to be sending a standard crypto/tls handshake even when it reuses a connection? I added a Println to I also noticed for these requests, the trace tells us that the connection was not reused. Perhaps the connection was reused but the TLS layer was closed? Response
Code package main
import (
"encoding/json"
"fmt"
"io"
"github.com/imroc/req/v3"
)
const urlString string = "https://client.tlsfingerprint.io"
type tlsFingerprintResponse struct {
NormID string `json:"norm_id"`
}
func PrintFingerprint(respBody io.Reader) {
body, _ := io.ReadAll(respBody)
var res tlsFingerprintResponse
json.Unmarshal(body, &res)
fmt.Println(res.NormID)
}
func main() {
client := req.C().EnableTraceAll() //.DisableKeepAlives()
client = client.SetUserAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36").
SetTLSFingerprintChrome()
resp, _ := client.R().Get(urlString)
PrintFingerprint(resp.Body)
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
resp, _ = client.R().Get(urlString)
PrintFingerprint(resp.Body)
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
resp, _ = client.R().Get(urlString)
PrintFingerprint(resp.Body)
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
}
``` |
It seems that |
Damn! I'm sure it will be back up over the next few days, they've had downtime before The only site i've found that is similar is package main
import (
"encoding/json"
"fmt"
"io"
"github.com/imroc/req/v3"
)
const urlString string = "https://tls.browserleaks.com/tls"
type tlsFingerprintResponse struct {
NormID string `json:"ja3_hash"`
}
func PrintFingerprint(respBody io.Reader) {
body, _ := io.ReadAll(respBody)
var res tlsFingerprintResponse
json.Unmarshal(body, &res)
fmt.Println(res.NormID)
}
func main() {
client := req.C().EnableTraceAll() //.DisableKeepAlives()
client = client.SetUserAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36").
SetTLSFingerprintChrome()
resp, err := client.R().Get(urlString)
if err != nil {
fmt.Println("err on request 1", err)
} else {
PrintFingerprint(resp.Body)
}
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
resp, err = client.R().Get(urlString)
if err != nil {
fmt.Println("err on request 2", err)
} else {
PrintFingerprint(resp.Body)
}
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
resp, err = client.R().Get(urlString)
if err != nil {
fmt.Println("err on request 3", err)
} else {
PrintFingerprint(resp.Body)
}
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
} |
err on request 2 Get "https://tls.browserleaks.com/tls": unexpected EOF
IsConnReused true It seems the server does not allow reuse connection (cuz server cannot detect tls info if reuse connection) |
And |
Sorry you're right, I should have used ja3n_hash (normalised version) In this example the hash still changes on the third request (after the second one failing) package main
import (
"encoding/json"
"fmt"
"io"
"github.com/imroc/req/v3"
)
const urlString string = "https://tls.browserleaks.com/tls"
type tlsFingerprintResponse struct {
NormID string `json:"ja3n_hash"`
NormText string `json:"ja3n_text"`
}
func PrintFingerprint(respBody io.Reader) {
body, _ := io.ReadAll(respBody)
var res tlsFingerprintResponse
json.Unmarshal(body, &res)
fmt.Println(res.NormID)
fmt.Println(res.NormText)
fmt.Println("")
}
func main() {
client := req.C().EnableTraceAll() //.DisableKeepAlives()
client = client.SetUserAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36").
SetTLSFingerprintChrome()
resp, err := client.R().Get(urlString)
if err != nil {
fmt.Println("err on request 1", err)
} else {
PrintFingerprint(resp.Body)
}
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
resp, err = client.R().Get(urlString)
if err != nil {
fmt.Println("err on request 2", err)
} else {
PrintFingerprint(resp.Body)
}
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
resp, err = client.R().Get(urlString)
if err != nil {
fmt.Println("err on request 3", err)
} else {
PrintFingerprint(resp.Body)
}
fmt.Println("IsConnReused", resp.TraceInfo().IsConnReused)
} |
@adaml881 Nice catch! I reproduced this issue and fixed in the latest release, upgrade and try it! |
@imroc great job. I've tested both original issues from the start of this thread. Can confirm they are fixed. Thank you so much |
I've noticed 2 issues relating to TLS Fingerprints. I hope someone could advise if it's a bug or if it's something I'm doing wrong.
SetTLSFingerprintChrome()
on theclient
It's only effective for the first request that theclient
makesGives the output
2 When you use
EnableForceHTTP2()
it prevents theSetTLSFingerprintChrome
from working on all requestsThe text was updated successfully, but these errors were encountered: