Skip to content

Commit

Permalink
Add customization of JA4 fingerprint, H2 settings, headers for br…
Browse files Browse the repository at this point in the history 
…owser impersonation (#341)

* Add `SetCiphersAction`

* Add more extension testing

* Use custom `Ja3FingerPrint` struct

* Exclude client_extension 34

* Add more client extension default value

* Update fingerprint tests

* Use https://check.ja3.zone/ for test endpoint

* Add repetition for local test

* Add handling of extra encrypted extensions (client)

* Fix fake certificate compress (unhandled by bouncycastle)

* Fix ja3.zone always return 711 even on TLS13

* Update local tests

* Add `delegate_credentials` mock

* Regroup settings announcement in on flushed buffer

* Add H2 initialwindow size announcement

* Add grease in protocol version

* More signature adjustment

* Remove custom sorting at fluxzy level

* Add ImpersonateAction

* Put scheme before Path (controlled by cloud flare)

* Add option to avoid replacing if header already exists

* Add ImpersonageAgent to identify client

* Add firefox 133 configuration

* Add secp256r1 to default early keys

* Fix encrypted client hello should work without grease

* Make SignatureAndHash algorithmls customizable through Fingerprint

* Add Impersonate Profile `Chrome_Android_131`

* Refactor namespaces for Impersonate classes

* Use stock Fluxzy.BouncyCastle package

* Added edge 131 impersonate profile

* Rename ImpersonateAgent to ImpersonateProfile

* More renaming

* Remove SetTlsCiphersActions

* Add sample for Impersonation

* Refactor names

* Add default impersonate profile generation

* Minimize allocations on protocol versions resolving

* Refactor TlsFingerPrint add Comments

* Change default test values for fingerprint

* Add Early key shared group as editable settings

* Sanitize unit tests

* Rename to built-in profiles
  • Loading branch information
@haga-rak
haga-rak authored Jan 7, 2025
1 parent e97925e commit df25602
Show file tree
Hide file tree
Showing 64 changed files with 4,442 additions and 1,602 deletions.
55 changes: 55 additions & 0 deletions docs/actions/ImpersonateAction.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
## impersonateAction

### Description

Impersonate a browser or client by changing the TLS fingerprint, HTTP/2 settings and headers.

### Evaluation scope

Evaluation scope defines the timing where this filter will be applied.

{.alert .alert-info}
:::
**requestHeaderReceivedFromClient** This scope occurs the moment fluxzy parsed the request header receiveid from client
:::

### YAML configuration name

impersonateAction

### Settings

The following table describes the customizable properties available for this action:

{.property-table .property-table-action}
:::
| Property | Type | Description | DefaultValue |
| :------- | :------- | :------- | -------- |
| nameOrConfigFile | string | | |

:::
### Example of usage

The following examples apply this action to any exchanges

Impersonate CHROME 131 on Windows.

```yaml
rules:
- filter:
typeKind: AnyFilter
actions:
- typeKind: ImpersonateAction
nameOrConfigFile: Chrome_Windows_131
```
### .NET reference
View definition of [ImpersonateAction](https://docs.fluxzy.io/api/Fluxzy.Rules.Actions.ImpersonateAction.html) for .NET integration.
### See also
This action has no related action
43 changes: 43 additions & 0 deletions docs/actions/SetJa3FingerPrintAction.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
## setJa3FingerPrintAction

### Description

Set a JA3 fingerprint of ongoing connection.

### Evaluation scope

Evaluation scope defines the timing where this filter will be applied.

{.alert .alert-info}
:::
**requestHeaderReceivedFromClient** This scope occurs the moment fluxzy parsed the request header receiveid from client
:::

### YAML configuration name

setJa3FingerPrintAction

### Settings

The following table describes the customizable properties available for this action:

{.property-table .property-table-action}
:::
| Property | Type | Description | DefaultValue |
| :------- | :------- | :------- | -------- |
| value | string | | |

:::
### Example of usage

This filter has no specific usage example


### .NET reference

View definition of [SetJa3FingerPrintAction](https://docs.fluxzy.io/api/Fluxzy.Rules.Actions.SetJa3FingerPrintAction.html) for .NET integration.

### See also

This action has no related action

95 changes: 95 additions & 0 deletions docs/impersonate-profiles/Chrome_Android_131.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"networkSettings": {
"ja3FingerPrint": "772,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,27-13-65281-18-43-0-35-10-5-51-11-16-17513-65037-23-45,4588-29-23-24,0",
"greaseMode": true,
"overrideClientExtensionsValues": null,
"signatureAlgorithms": [
1027,
2052,
1025,
1283,
2053,
1281,
2054,
1537
]
},
"h2Settings": {
"settings": [
{
"identifier": 1,
"value": 65536
},
{
"identifier": 2,
"value": 0
},
{
"identifier": 4,
"value": 6291456
},
{
"identifier": 6,
"value": 262144
}
],
"removeDefaultValues": true
},
"headers": [
{
"name": "sec-ch-ua",
"value": "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""
},
{
"name": "sec-ch-ua-mobile",
"value": "?0"
},
{
"name": "sec-ch-ua-platform",
"value": "\"Android\""
},
{
"name": "Upgrade-Insecure-Requests",
"value": "1"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"
},
{
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"skipIfExists": true
},
{
"name": "Sec-Fetch-Site",
"value": "none"
},
{
"name": "Sec-Fetch-Mode",
"value": "navigate"
},
{
"name": "Sec-Fetch-User",
"value": "?1"
},
{
"name": "Sec-Fetch-Dest",
"value": "document"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br, zstd",
"skipIfExists": true
},
{
"name": "Accept-language",
"value": "en-US,en;q=0.9",
"skipIfExists": true
},
{
"name": "Priority",
"value": "u=0, i"
}
]
}
95 changes: 95 additions & 0 deletions docs/impersonate-profiles/Chrome_Windows_131.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"networkSettings": {
"ja3FingerPrint": "772,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,45-0-65037-17513-35-10-13-65281-16-51-23-27-18-43-11-5,4588-29-23-24,0",
"greaseMode": true,
"overrideClientExtensionsValues": null,
"signatureAlgorithms": [
1027,
2052,
1025,
1283,
2053,
1281,
2054,
1537
]
},
"h2Settings": {
"settings": [
{
"identifier": 1,
"value": 65536
},
{
"identifier": 2,
"value": 0
},
{
"identifier": 4,
"value": 6291456
},
{
"identifier": 6,
"value": 262144
}
],
"removeDefaultValues": true
},
"headers": [
{
"name": "sec-ch-ua",
"value": "\"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""
},
{
"name": "sec-ch-ua-mobile",
"value": "?0"
},
{
"name": "sec-ch-ua-platform",
"value": "\"Windows\""
},
{
"name": "Upgrade-Insecure-Requests",
"value": "1"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
},
{
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"skipIfExists": true
},
{
"name": "Sec-Fetch-Site",
"value": "none"
},
{
"name": "Sec-Fetch-Mode",
"value": "navigate"
},
{
"name": "Sec-Fetch-User",
"value": "?1"
},
{
"name": "Sec-Fetch-Dest",
"value": "document"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br, zstd",
"skipIfExists": true
},
{
"name": "Accept-language",
"value": "en-US,en;q=0.9",
"skipIfExists": true
},
{
"name": "Priority",
"value": "u=0, i"
}
]
}
95 changes: 95 additions & 0 deletions docs/impersonate-profiles/Edge_Windows_131.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
{
"networkSettings": {
"ja3FingerPrint": "772,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,5-10-35-51-23-43-18-0-27-17513-11-16-65281-13-45-65037,4588-29-23-24,0",
"greaseMode": true,
"overrideClientExtensionsValues": null,
"signatureAlgorithms": [
1027,
2052,
1025,
1283,
2053,
1281,
2054,
1537
]
},
"h2Settings": {
"settings": [
{
"identifier": 1,
"value": 65536
},
{
"identifier": 2,
"value": 0
},
{
"identifier": 4,
"value": 6291456
},
{
"identifier": 6,
"value": 262144
}
],
"removeDefaultValues": true
},
"headers": [
{
"name": "sec-ch-ua",
"value": "\"Microsoft Edge\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""
},
{
"name": "sec-ch-ua-mobile",
"value": "?0"
},
{
"name": "sec-ch-ua-platform",
"value": "\"Windows\""
},
{
"name": "Upgrade-Insecure-Requests",
"value": "1"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0"
},
{
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"skipIfExists": true
},
{
"name": "Sec-Fetch-Site",
"value": "none"
},
{
"name": "Sec-Fetch-Mode",
"value": "navigate"
},
{
"name": "Sec-Fetch-User",
"value": "?1"
},
{
"name": "Sec-Fetch-Dest",
"value": "document"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br, zstd",
"skipIfExists": true
},
{
"name": "Accept-language",
"value": "en-US,en;q=0.9",
"skipIfExists": true
},
{
"name": "Priority",
"value": "u=0, i"
}
]
}
Loading

0 comments on commit df25602

Please sign in to comment.