diff --git a/u_common.go b/u_common.go index 3ec65ac..febc4d1 100644 --- a/u_common.go +++ b/u_common.go @@ -146,14 +146,15 @@ var ( HelloRandomizedNoALPN = ClientHelloID{helloRandomizedNoALPN, helloAutoVers, nil} // The rest will will parrot given browser. - HelloFirefox_Auto = HelloFirefox_99 + HelloFirefox_Auto = HelloFirefox_102 HelloFirefox_55 = ClientHelloID{helloFirefox, "55", nil} HelloFirefox_56 = ClientHelloID{helloFirefox, "56", nil} HelloFirefox_63 = ClientHelloID{helloFirefox, "63", nil} HelloFirefox_65 = ClientHelloID{helloFirefox, "65", nil} HelloFirefox_99 = ClientHelloID{helloFirefox, "99", nil} + HelloFirefox_102 = ClientHelloID{helloFirefox, "102", nil} - HelloChrome_Auto = HelloChrome_100 + HelloChrome_Auto = HelloChrome_102 HelloChrome_58 = ClientHelloID{helloChrome, "58", nil} HelloChrome_62 = ClientHelloID{helloChrome, "62", nil} HelloChrome_70 = ClientHelloID{helloChrome, "70", nil} @@ -161,9 +162,10 @@ var ( HelloChrome_83 = ClientHelloID{helloChrome, "83", nil} HelloChrome_87 = ClientHelloID{helloChrome, "87", nil} HelloChrome_96 = ClientHelloID{helloChrome, "96", nil} - HelloChrome_100 = ClientHelloID{helloFirefox, "100", nil} + HelloChrome_100 = ClientHelloID{helloChrome, "100", nil} + HelloChrome_102 = ClientHelloID{helloChrome, "102", nil} - HelloIOS_Auto = HelloIOS_12_1 + HelloIOS_Auto = HelloIOS_14 HelloIOS_11_1 = ClientHelloID{helloIOS, "111", nil} // legacy "111" means 11.1 HelloIOS_12_1 = ClientHelloID{helloIOS, "12.1", nil} HelloIOS_13 = ClientHelloID{helloIOS, "13", nil} diff --git a/u_parrots.go b/u_parrots.go index 3309965..e0bfa9b 100644 --- a/u_parrots.go +++ b/u_parrots.go @@ -424,7 +424,7 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) { &UtlsCompressCertExtension{[]CertCompressionAlgo{ CertCompressionBrotli, }}, - &ALPSExtension{SupportedProtocols: []string{"h2"}}, + &ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}}, &UtlsGREASEExtension{}, &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, }, @@ -509,11 +509,7 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) { CertCompressionBrotli, }}, &UtlsGREASEExtension{}, - &ApplicationSettingsExtension{ - SupportedALPNList: []string{ - "h2", - }, - }, + &ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}}, &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, }, }, nil @@ -636,6 +632,78 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) { &FakeRecordSizeLimitExtension{0x4001}, &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, }}, nil + case HelloChrome_102: + return ClientHelloSpec{ + CipherSuites: []uint16{ + GREASE_PLACEHOLDER, + TLS_AES_128_GCM_SHA256, + TLS_AES_256_GCM_SHA384, + TLS_CHACHA20_POLY1305_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + }, + CompressionMethods: []byte{ + 0x00, // compressionNone + }, + Extensions: []TLSExtension{ + &UtlsGREASEExtension{}, + &SNIExtension{}, + &UtlsExtendedMasterSecretExtension{}, + &RenegotiationInfoExtension{Renegotiation: RenegotiateOnceAsClient}, + &SupportedCurvesExtension{[]CurveID{ + GREASE_PLACEHOLDER, + X25519, + CurveP256, + CurveP384, + }}, + &SupportedPointsExtension{SupportedPoints: []byte{ + 0x00, // pointFormatUncompressed + }}, + &SessionTicketExtension{}, + &ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}}, + &StatusRequestExtension{}, + &SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []SignatureScheme{ + ECDSAWithP256AndSHA256, + PSSWithSHA256, + PKCS1WithSHA256, + ECDSAWithP384AndSHA384, + PSSWithSHA384, + PKCS1WithSHA384, + PSSWithSHA512, + PKCS1WithSHA512, + }}, + &SCTExtension{}, + &KeyShareExtension{[]KeyShare{ + {Group: CurveID(GREASE_PLACEHOLDER), Data: []byte{0}}, + {Group: X25519}, + }}, + &PSKKeyExchangeModesExtension{[]uint8{ + PskModeDHE, + }}, + &SupportedVersionsExtension{[]uint16{ + GREASE_PLACEHOLDER, + VersionTLS13, + VersionTLS12, + }}, + &UtlsCompressCertExtension{[]CertCompressionAlgo{ + CertCompressionBrotli, + }}, + &ApplicationSettingsExtension{SupportedProtocols: []string{"h2"}}, + &UtlsGREASEExtension{}, + &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, + }, + }, nil + case HelloFirefox_99: return ClientHelloSpec{ TLSVersMin: VersionTLS10, @@ -718,6 +786,85 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) { &FakeRecordSizeLimitExtension{Limit: 0x4001}, //record_size_limit &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, //padding }}, nil + case HelloFirefox_102: + return ClientHelloSpec{ + TLSVersMin: VersionTLS10, + TLSVersMax: VersionTLS13, + CipherSuites: []uint16{ + TLS_AES_128_GCM_SHA256, + TLS_CHACHA20_POLY1305_SHA256, + TLS_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_AES_256_GCM_SHA384, + TLS_RSA_WITH_AES_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + }, + CompressionMethods: []byte{ + compressionNone, + }, + Extensions: []TLSExtension{ + &SNIExtension{}, //server_name + &UtlsExtendedMasterSecretExtension{}, //extended_master_secret + &RenegotiationInfoExtension{Renegotiation: RenegotiateOnceAsClient}, //extensionRenegotiationInfo + &SupportedCurvesExtension{[]CurveID{ //supported_groups + X25519, + CurveP256, + CurveP384, + CurveP521, + CurveID(FakeFFDHE2048), + CurveID(FakeFFDHE3072), + }}, + &SupportedPointsExtension{SupportedPoints: []byte{ //ec_point_formats + pointFormatUncompressed, + }}, + &SessionTicketExtension{}, + &ALPNExtension{AlpnProtocols: []string{"h2"}}, //application_layer_protocol_negotiation + &StatusRequestExtension{}, + &DelegatedCredentialsExtension{ + AlgorithmsSignature: []SignatureScheme{ //signature_algorithms + ECDSAWithP256AndSHA256, + ECDSAWithP384AndSHA384, + ECDSAWithP521AndSHA512, + ECDSAWithSHA1, + }, + }, + &KeyShareExtension{[]KeyShare{ + {Group: X25519}, + {Group: CurveP256}, //key_share + }}, + &SupportedVersionsExtension{[]uint16{ + VersionTLS13, //supported_versions + VersionTLS12, + }}, + &SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []SignatureScheme{ //signature_algorithms + ECDSAWithP256AndSHA256, + ECDSAWithP384AndSHA384, + ECDSAWithP521AndSHA512, + PSSWithSHA256, + PSSWithSHA384, + PSSWithSHA512, + PKCS1WithSHA256, + PKCS1WithSHA384, + PKCS1WithSHA512, + ECDSAWithSHA1, + PKCS1WithSHA1, + }}, + &PSKKeyExchangeModesExtension{[]uint8{ //psk_key_exchange_modes + PskModeDHE, + }}, + &FakeRecordSizeLimitExtension{Limit: 0x4001}, //record_size_limit + &UtlsPaddingExtension{GetPaddingLen: BoringPaddingStyle}, //padding + }}, nil case HelloIOS_11_1: return ClientHelloSpec{ TLSVersMax: VersionTLS12, diff --git a/u_tls_extensions.go b/u_tls_extensions.go index 619d1d6..3e87875 100644 --- a/u_tls_extensions.go +++ b/u_tls_extensions.go @@ -356,15 +356,15 @@ func (e *ALPNExtension) Read(b []byte) (int, error) { return e.Len(), io.EOF } -type ALPSExtension struct { +type ApplicationSettingsExtension struct { SupportedProtocols []string } -func (e *ALPSExtension) writeToUConn(uc *UConn) error { +func (e *ApplicationSettingsExtension) writeToUConn(uc *UConn) error { return nil } -func (e *ALPSExtension) Len() int { +func (e *ApplicationSettingsExtension) Len() int { bLen := 2 + 2 + 2 // Type + Length + ALPS Extension length for _, s := range e.SupportedProtocols { bLen += 1 + len(s) // Supported ALPN Length + actual length of protocol @@ -372,7 +372,7 @@ func (e *ALPSExtension) Len() int { return bLen } -func (e *ALPSExtension) Read(b []byte) (int, error) { +func (e *ApplicationSettingsExtension) Read(b []byte) (int, error) { if len(b) < e.Len() { return 0, io.ErrShortBuffer } @@ -911,45 +911,3 @@ func (e *DelegatedCredentialsExtension) Read(b []byte) (int, error) { } return e.Len(), io.EOF } - -type ApplicationSettingsExtension struct { - SupportedALPNList []string -} - -func (e *ApplicationSettingsExtension) writeToUConn(uc *UConn) error { - return nil -} - -func (e *ApplicationSettingsExtension) Len() int { - result := 6 //id + first length + second length - for _, element := range e.SupportedALPNList { - result += 1 + len(element) //byte for string length + allocation for string in bytes - } - return result -} - -func (e *ApplicationSettingsExtension) Read(b []byte) (int, error) { - if len(b) < e.Len() { - return 0, io.ErrShortBuffer - } - - b[0] = byte(extensionApplicationSettings >> 8) - b[1] = byte(0x69) - currentIndex := 6 - - for _, alpn := range e.SupportedALPNList { - b[currentIndex] = byte(len(alpn)) //set length of string in bytes - currentIndex++ - for _, char := range alpn { - b[currentIndex] = byte(char) //convert char to byte - currentIndex++ - } - } - - b[2] = 0x00 - b[3] = byte(e.Len() - 4) //len minus id and itself (2+2) - b[4] = 0x00 - b[5] = byte(e.Len() - 6) //len minus id big length and itself 5 (2+2+2) - - return e.Len(), io.EOF -}