From 59919e5ec0cdb2a901c2574d95d33d0188cfdd13 Mon Sep 17 00:00:00 2001 From: Andy Wang Date: Sun, 23 Apr 2023 15:14:14 +0200 Subject: [PATCH] Remove gopacket dependency due to pcap --- go.mod | 2 - go.sum | 13 ------ internal/client/chrome_test.go | 70 ++++++++++++++----------------- internal/client/firefox_test.go | 23 +++++----- internal/client/safari_test.go | 24 +++++------ internal/test/integration_test.go | 2 +- 6 files changed, 53 insertions(+), 81 deletions(-) diff --git a/go.mod b/go.mod index fcea442..62c97dc 100644 --- a/go.mod +++ b/go.mod @@ -4,8 +4,6 @@ go 1.14 require ( github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3 - github.com/dreadl0ck/ja3 v1.0.4 - github.com/dreadl0ck/tlsx v1.0.1-google-gopacket github.com/gorilla/mux v1.8.0 github.com/gorilla/websocket v1.4.2 github.com/juju/ratelimit v1.0.1 diff --git a/go.sum b/go.sum index 227294d..e2c9ee8 100644 --- a/go.sum +++ b/go.sum @@ -3,16 +3,9 @@ github.com/cbeuw/connutil v0.0.0-20200411215123-966bfaa51ee3/go.mod h1:6jR2SzckG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/dreadl0ck/ja3 v1.0.4 h1:/2wao59Ezn8xBWxn8CVq8eRcPZHbhoTdX6fmg7tQtnw= -github.com/dreadl0ck/ja3 v1.0.4/go.mod h1:jATodgf1qBzTGieskRF2O1DXEwDgzEdqQjVcMMrCNpI= -github.com/dreadl0ck/tlsx v1.0.1-google-gopacket h1:/P3y+CGRiCQbW0nZU2jWkEwKfXLkpEgHNhbbqlnrTTM= -github.com/dreadl0ck/tlsx v1.0.1-google-gopacket/go.mod h1:amAb73WEEgPHWniMfwro6UpN6St3e5ypgq2tXM89IOo= github.com/dsnet/compress v0.0.1 h1:PlZu0n3Tuv04TzpfPbrnI0HW/YwodEXDS+oPKahKF0Q= github.com/dsnet/compress v0.0.1/go.mod h1:Aw8dCMJ7RioblQeTqt88akK31OvO8Dhf5JflhBbQEHo= github.com/dsnet/golib v0.0.0-20171103203638-1ea166775780/go.mod h1:Lj+Z9rebOhdfkVLjJ8T6VcRQv3SXugXy999NBtR9aFY= -github.com/google/gopacket v1.1.17/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= -github.com/google/gopacket v1.1.18 h1:lum7VRA9kdlvBi7/v2p7/zcbkduHaCH/SVVyurs7OpY= -github.com/google/gopacket v1.1.18/go.mod h1:UdDNZ1OO62aGYVnPhxT1U6aI7ukYtA/kB8vaU0diBUM= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc= @@ -44,24 +37,18 @@ go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190328230028-74de082e2cca/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190405154228-4b34438f7a67/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= diff --git a/internal/client/chrome_test.go b/internal/client/chrome_test.go index b2303d6..f322770 100644 --- a/internal/client/chrome_test.go +++ b/internal/client/chrome_test.go @@ -2,12 +2,6 @@ package client import ( "encoding/hex" - "github.com/cbeuw/Cloak/internal/common" - "github.com/dreadl0ck/ja3" - "github.com/dreadl0ck/tlsx" - "github.com/stretchr/testify/assert" - "sort" - "strings" "testing" ) @@ -32,35 +26,35 @@ func TestMakeGREASE(t *testing.T) { } } -func TestChromeJA3(t *testing.T) { - result := common.AddRecordLayer((&Chrome{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) - assert.Equal(t, 517, len(result)) - - hello := tlsx.ClientHelloBasic{} - err := hello.Unmarshal(result) - assert.Nil(t, err) - - // Chrome shuffles the order of extensions, so it needs special handling - full := string(ja3.Bare(&hello)) - // TLSVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats - parts := strings.Split(full, ",") - - // TLSVersion,Ciphers - assert.Equal(t, - []string{ - "771", - "4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53", - }, parts[0:2]) - // EllipticCurves,EllipticCurvePointFormats - assert.Equal(t, - []string{ - "29-23-24", "0", - }, parts[3:5]) - - normaliseExtensions := func(extensions string) []string { - extensionParts := strings.Split(parts[2], "-") - sort.Strings(extensionParts) - return extensionParts - } - assert.Equal(t, normaliseExtensions("10-5-45-0-17513-13-18-11-23-16-35-27-65281-43-51-21"), normaliseExtensions(parts[2])) -} +//func TestChromeJA3(t *testing.T) { +// result := common.AddRecordLayer((&Chrome{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) +// assert.Equal(t, 517, len(result)) +// +// hello := tlsx.ClientHelloBasic{} +// err := hello.Unmarshal(result) +// assert.Nil(t, err) +// +// // Chrome shuffles the order of extensions, so it needs special handling +// full := string(ja3.Bare(&hello)) +// // TLSVersion,Ciphers,Extensions,EllipticCurves,EllipticCurvePointFormats +// parts := strings.Split(full, ",") +// +// // TLSVersion,Ciphers +// assert.Equal(t, +// []string{ +// "771", +// "4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53", +// }, parts[0:2]) +// // EllipticCurves,EllipticCurvePointFormats +// assert.Equal(t, +// []string{ +// "29-23-24", "0", +// }, parts[3:5]) +// +// normaliseExtensions := func(extensions string) []string { +// extensionParts := strings.Split(parts[2], "-") +// sort.Strings(extensionParts) +// return extensionParts +// } +// assert.Equal(t, normaliseExtensions("10-5-45-0-17513-13-18-11-23-16-35-27-65281-43-51-21"), normaliseExtensions(parts[2])) +//} diff --git a/internal/client/firefox_test.go b/internal/client/firefox_test.go index c9de536..8e04d9b 100644 --- a/internal/client/firefox_test.go +++ b/internal/client/firefox_test.go @@ -2,9 +2,6 @@ package client import ( "encoding/hex" - "github.com/cbeuw/Cloak/internal/common" - "github.com/dreadl0ck/ja3" - "github.com/dreadl0ck/tlsx" "github.com/stretchr/testify/assert" "strings" "testing" @@ -17,16 +14,16 @@ var hd = clientHelloFields{ serverName: "github.com", } -func TestFirefoxJA3(t *testing.T) { - result := common.AddRecordLayer((&Firefox{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) - - hello := tlsx.ClientHelloBasic{} - err := hello.Unmarshal(result) - assert.Nil(t, err) - - digest := ja3.DigestHex(&hello) - assert.Equal(t, "ad55557b7cbd735c2627f7ebb3b3d493", digest) -} +//func TestFirefoxJA3(t *testing.T) { +// result := common.AddRecordLayer((&Firefox{}).composeClientHello(hd), common.Handshake, common.VersionTLS11) +// +// hello := tlsx.ClientHelloBasic{} +// err := hello.Unmarshal(result) +// assert.Nil(t, err) +// +// digest := ja3.DigestHex(&hello) +// assert.Equal(t, "ad55557b7cbd735c2627f7ebb3b3d493", digest) +//} func TestFirefoxComposeClientHello(t *testing.T) { result := hex.EncodeToString((&Firefox{}).composeClientHello(hd)) diff --git a/internal/client/safari_test.go b/internal/client/safari_test.go index 3d3e22b..2a91b59 100644 --- a/internal/client/safari_test.go +++ b/internal/client/safari_test.go @@ -1,10 +1,6 @@ package client import ( - "github.com/cbeuw/Cloak/internal/common" - "github.com/dreadl0ck/ja3" - "github.com/dreadl0ck/tlsx" - "github.com/stretchr/testify/assert" "testing" ) @@ -15,16 +11,16 @@ var safariHd = clientHelloFields{ serverName: "github.com", } -func TestSafariJA3(t *testing.T) { - result := common.AddRecordLayer((&Safari{}).composeClientHello(safariHd), common.Handshake, common.VersionTLS11) - - hello := tlsx.ClientHelloBasic{} - err := hello.Unmarshal(result) - assert.Nil(t, err) - - digest := ja3.DigestHex(&hello) - assert.Equal(t, "773906b0efdefa24a7f2b8eb6985bf37", digest) -} +//func TestSafariJA3(t *testing.T) { +// result := common.AddRecordLayer((&Safari{}).composeClientHello(safariHd), common.Handshake, common.VersionTLS11) +// +// hello := tlsx.ClientHelloBasic{} +// err := hello.Unmarshal(result) +// assert.Nil(t, err) +// +// digest := ja3.DigestHex(&hello) +// assert.Equal(t, "773906b0efdefa24a7f2b8eb6985bf37", digest) +//} func TestSafariComposeClientHello(t *testing.T) { result := (&Safari{}).composeClientHello(safariHd) diff --git a/internal/test/integration_test.go b/internal/test/integration_test.go index 04e9099..6df255c 100644 --- a/internal/test/integration_test.go +++ b/internal/test/integration_test.go @@ -121,7 +121,7 @@ var singleplexTCPConfig = client.RawConfig{ RemotePort: "9999", LocalHost: "127.0.0.1", LocalPort: "9999", - BrowserSig: "chrome", + BrowserSig: "safari", } func generateClientConfigs(rawConfig client.RawConfig, state common.WorldState) (client.LocalConnConfig, client.RemoteConnConfig, client.AuthInfo) {