Update Firefox signature to version 88

3 years ago · 8709bc0b2f
parent 365f52a0e2
commit 8709bc0b2f
2 changed files with 16 additions and 18 deletions
--- a/internal/client/firefox.go
+++ b/internal/client/firefox.go
@ -1,4 +1,4 @@
-// Fingerprint of Firefox 68
+// Fingerprint of Firefox 88

 package client

@ -23,27 +23,25 @@ func (f *Firefox) composeExtensions(SNI []byte, keyShare []byte) []byte {
 		return ret
 	}
 	// extension length is always 399, and server name length is variable
-	var ext [14][]byte
+	var ext [12][]byte
 	ext[0] = addExtRec([]byte{0x00, 0x00}, SNI)          // server name indication
 	ext[1] = addExtRec([]byte{0x00, 0x17}, nil)          // extended_master_secret
 	ext[2] = addExtRec([]byte{0xff, 0x01}, []byte{0x00}) // renegotiation_info
 	suppGroup, _ := hex.DecodeString("000c001d00170018001901000101")
 	ext[3] = addExtRec([]byte{0x00, 0x0a}, suppGroup)          // supported groups
 	ext[4] = addExtRec([]byte{0x00, 0x0b}, []byte{0x01, 0x00}) // ec point formats
-	ext[5] = addExtRec([]byte{0x00, 0x23}, []byte{})           // Session tickets
-	APLN, _ := hex.DecodeString("000c02683208687474702f312e31")
-	ext[6] = addExtRec([]byte{0x00, 0x10}, APLN)                                 // app layer proto negotiation
-	ext[7] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request
-	ext[8] = addExtRec([]byte{0x00, 0x33}, composeKeyShare(keyShare))            // key share
+	ALPN, _ := hex.DecodeString("000c02683208687474702f312e31")
+	ext[5] = addExtRec([]byte{0x00, 0x10}, ALPN)                                 // app layer proto negotiation
+	ext[6] = addExtRec([]byte{0x00, 0x05}, []byte{0x01, 0x00, 0x00, 0x00, 0x00}) // status request
+	ext[7] = addExtRec([]byte{0x00, 0x33}, composeKeyShare(keyShare))            // key share
 	suppVersions, _ := hex.DecodeString("080304030303020301")
-	ext[9] = addExtRec([]byte{0x00, 0x2b}, suppVersions) // supported versions
+	ext[8] = addExtRec([]byte{0x00, 0x2b}, suppVersions) // supported versions
 	sigAlgo, _ := hex.DecodeString("001604030503060308040805080604010501060102030201")
-	ext[10] = addExtRec([]byte{0x00, 0x0d}, sigAlgo)            // Signature Algorithms
-	ext[11] = addExtRec([]byte{0x00, 0x2d}, []byte{0x01, 0x01}) // psk key exchange modes
-	ext[12] = addExtRec([]byte{0x00, 0x1c}, []byte{0x40, 0x01}) // record size limit
-	// len(ext[0]) + 237 + 4 + len(padding) = 399
-	// len(padding) = 158 - len(ext[0])
-	ext[13] = addExtRec([]byte{0x00, 0x15}, make([]byte, 163-len(SNI))) // padding
+	ext[9] = addExtRec([]byte{0x00, 0x0d}, sigAlgo)             // Signature Algorithms
+	ext[10] = addExtRec([]byte{0x00, 0x1c}, []byte{0x40, 0x01}) // record size limit
+	// len(ext[0]) + 218 + 4 + len(padding) = 399
+	// len(padding) = 177 - len(ext[0])
+	ext[11] = addExtRec([]byte{0x00, 0x15}, make([]byte, 177-len(ext[0]))) // padding
 	var ret []byte
 	for _, e := range ext {
 		ret = append(ret, e...)
@ -60,7 +58,7 @@ func (f *Firefox) composeClientHello(hd clientHelloFields) (ch []byte) {
 	clientHello[4] = []byte{0x20}             // session id length 32
 	clientHello[5] = hd.sessionId             // session id
 	clientHello[6] = []byte{0x00, 0x24}       // cipher suites length 36
-	cipherSuites, _ := hex.DecodeString("130113031302c02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a")
+	cipherSuites, _ := hex.DecodeString("130113031302c02bc02fcca9cca8c02cc030c00ac009c013c014009c009d002f0035000a")
 	clientHello[7] = cipherSuites // cipher suites
 	clientHello[8] = []byte{0x01} // compression methods length 1
 	clientHello[9] = []byte{0x00} // compression methods
--- a/internal/client/firefox_test.go
+++ b/internal/client/firefox_test.go
@ -7,14 +7,14 @@ import (
 )

 func TestComposeExtensions(t *testing.T) {
-	target, _ := hex.DecodeString("000000170015000012636f6e73656e742e676f6f676c652e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b00020100002300000010000e000c02683208687474702f312e310005000501000000000033006b0069001d00206075db0a43812b2e4e0f44157f04295b484ccfc6d70e577c1e6113aa18e088270017004104948052ae52043e654641660ebbadb527c8280262e61f64b0f6f1794f32e1000865a49e4cbe2027c78e7180861e4336300815fa0f1b0091c4d788b97f809a47d3002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201002d00020101001c000240010015008c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")
+	target, _ := hex.DecodeString("000000170015000012636f6e73656e742e676f6f676c652e636f6d00170000ff01000100000a000e000c001d00170018001901000101000b000201000010000e000c02683208687474702f312e310005000501000000000033006b0069001d00208d8ea1b80430b7710b65f0d89b0144a5eeb218709ce6613d4fc8bfb117657c150017004104bcffff92fc5a5aa656a04342cef647cf59a365678743ec64409a1444360c58b552c92ee6d0aad8573d1b8ca91a160e28de18bf9b46f8950c50957f606e04a970002b0009080304030303020301000d0018001604030503060308040805080604010501060102030201001c0002400100150096000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000")

 	serverName := "consent.google.com"
-	keyShare, _ := hex.DecodeString("6075db0a43812b2e4e0f44157f04295b484ccfc6d70e577c1e6113aa18e08827")
+	keyShare, _ := hex.DecodeString("8d8ea1b80430b7710b65f0d89b0144a5eeb218709ce6613d4fc8bfb117657c15")
 	sni := makeServerName(serverName)
 	result := (&Firefox{}).composeExtensions(sni, keyShare)
 	// skip random secp256r1
-	if !bytes.Equal(result[:137], target[:137]) || !bytes.Equal(result[202:], target[202:]) {
+	if !bytes.Equal(result[:133], target[:133]) || !bytes.Equal(result[198:], target[198:]) {
 		t.Errorf("got %x", result)
 	}
 }