Skip to content

Commit d5cdf5d

Browse files
authored
Bugfix: FingerprintClientHello should work when the dump contains the client's greeting and subsequent frames. Lack of subsequent frames should not lead to inoperability of FingerprintClientHello. (#121)
1 parent ef21c92 commit d5cdf5d

2 files changed

Lines changed: 24 additions & 1 deletion

File tree

u_fingerprinter.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ func (f *Fingerprinter) FingerprintClientHello(data []byte) (*ClientHelloSpec, e
9999
}
100100

101101
var extensions cryptobyte.String
102-
if !s.ReadUint16LengthPrefixed(&extensions) || !s.Empty() {
102+
if !s.ReadUint16LengthPrefixed(&extensions) {
103103
return nil, errors.New("unable to read extensions data")
104104
}
105105

u_fingerprinter_test.go

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -714,3 +714,26 @@ func TestUTLSHandshakeClientFingerprintedSpecFromRaw(t *testing.T) {
714714

715715
runUTLSClientTestTLS13(t, test, hello)
716716
}
717+
718+
// FingerprintClientHello should work when the dump contains the client's greeting and subsequent frames.
719+
// Lack of subsequent frames should not lead to inoperability of FingerprintClientHello.
720+
func TestFingerprintDumpLargerThanExtensions(t *testing.T) {
721+
// Dump of curl/7.74.0 with some test request https://tlsfingerprint.io/id/37695dd988f0c8b8
722+
dump := "1603010200010001fc03032e763fe74cd8472de77d17eef1cf4cb9b18d0163196a69337d0d7c6c844a1b71202aef889ccf5bdef725185b7c0cc51a100311c7c3992b1d206beaef121a111cc5003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010001750000000e000c0000096c6f63616c686f7374000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d00204f21193633f4a0c751143f0084941995cc6fb7cb87545f56f07877c99615f074001500be000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001403030001011703030045f621cd4a3c52c89e0d94c6f6a79d5863274af09696811cb73c433aa05ea5bb7a266cbc11cdbd18a553c9b4ba02c202ec709faabfdd9e9b76c1b2162dd8296cdbc9e6451742170303005ff37ae5fd6c2f240472c6248abb2a82dd2e634d4da4f67d0db94cf56eebe7e9e3766f6458f87c82bdd70a4d75e0f904c368a7c57beba6d76ea9d3f6d06e26cdf1dcb4c6fa2067f269268e91e94ade464efdb2e5f5cf2f7930faeb6f2a4a3bc2"
723+
// shortDump := "1603010200010001fc03032e763fe74cd8472de77d17eef1cf4cb9b18d0163196a69337d0d7c6c844a1b71202aef889ccf5bdef725185b7c0cc51a100311c7c3992b1d206beaef121a111cc5003e130213031301c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff010001750000000e000c0000096c6f63616c686f7374000b000403000102000a000c000a001d0017001e00190018337400000010000e000c02683208687474702f312e31001600000017000000310000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602002b00050403040303002d00020101003300260024001d00204f21193633f4a0c751143f0084941995cc6fb7cb87545f56f07877c99615f074001500be00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
724+
helloBytes, err := hex.DecodeString(dump)
725+
if err != nil {
726+
t.Error(err)
727+
return
728+
}
729+
f := &Fingerprinter{
730+
AllowBluntMimicry: true,
731+
}
732+
clientHelloSpec, err := f.FingerprintClientHello(helloBytes)
733+
if err != nil {
734+
t.Errorf("got error: %v; expected to succeed", err)
735+
}
736+
if clientHelloSpec == nil {
737+
t.Error("clientHelloSpec cannot be nil")
738+
}
739+
}

0 commit comments

Comments
 (0)