Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add random tls impersonate #489

Merged
merged 2 commits into from
Jul 4, 2023
Merged

Add random tls impersonate #489

merged 2 commits into from
Jul 4, 2023

Conversation

Mzack9999
Copy link
Member

Description

This PR implements random TLS impersonate for standard http crawler. Hybrid crawling already support natively tls extension randomization.

Closes #136

@Mzack9999 Mzack9999 added the Type: Enhancement Most issues will probably ask for additions or changes. label Jun 22, 2023
@Mzack9999 Mzack9999 self-assigned this Jun 22, 2023
@Mzack9999 Mzack9999 linked an issue Jun 22, 2023 that may be closed by this pull request
Support TLS ClientHello randomization #136
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 22, 2023
View reviewed changes
pkg/engine/common/http.go
DialContext: dialer.Dial,
DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
if options.TlsImpersonate {
return dialer.DialTLSWithConfigImpersonate(ctx, network, addr, &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS10}, impersonate.Random, nil)

Check failure

Code scanning / CodeQL

Disabled TLS certificate check

InsecureSkipVerify should not be used in production code.
pkg/engine/common/http.go
DialContext: dialer.Dial,
DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
if options.TlsImpersonate {
return dialer.DialTLSWithConfigImpersonate(ctx, network, addr, &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS10}, impersonate.Random, nil)

Check failure

Code scanning / CodeQL

Insecure TLS configuration

Using insecure TLS version VersionTLS10 for MinVersion.
@ehsandeep ehsandeep added the Status: In Progress This issue is being worked on, and has someone assigned. label Jun 27, 2023
@Mzack9999 Mzack9999 marked this pull request as ready for review July 3, 2023 14:32
@Mzack9999 Mzack9999 removed the Status: In Progress This issue is being worked on, and has someone assigned. label Jul 3, 2023
dogancanbakir
dogancanbakir approved these changes Jul 4, 2023
View reviewed changes
Copy link
Member

@dogancanbakir dogancanbakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

$ for i in {1..10}; do echo https://scanme.sh | go run . -tlsi; done
image

@ehsandeep ehsandeep merged commit d4385db into dev Jul 4, 2023
@ehsandeep ehsandeep deleted the feat-136-random-tls-impersonate branch July 4, 2023 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dogancanbakir dogancanbakir dogancanbakir approved these changes

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@Mzack9999 Mzack9999

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support TLS ClientHello randomization
3 participants
@Mzack9999 @ehsandeep @dogancanbakir