extensions from example and cloudflare issues

[hueta]

Hi! Thank you for great project, theres not a lot of ways to works with ja3, your work is great help!

I have implemented your project in my proxy server but encountered some issues

1. for ja3 string from example i get error:

ExtensionType(27)

if i remove -27 from string it works good, but i cannot visit any page behind cloudflare - i get 502 error and text "Bad Gateway: client error (Connect)"

it can be checked for example, on dune.com

I will greatly appreciate if you will point me in right direction to solve it

Thx again for you work!

@XOR-op

[XOR-op]

I want to make sure the following things:

1. Does the example itself run well?
2. Does your own code run well?
3. The error is returned from which call?
4. I'd like to see your code snippet, especially around how the builder is constructed. The extension type 27 is about certificate compression, so maybe something is messed on that, e.g. the supported compression algorithm. If you could, you can also use WireShark to check what are the compression options for a normal connection.

[hueta]

@XOR-op

when i tried to run example i encoutered error in build:

error[E0425]: cannot find function, tuple struct or tuple variant BIO_ctrl in this scope
--> C:\Users\root.cargo\registry\src\index.crates.io-1949cf8c6b5b557f\aws-lc-sys-0.14.1\src\lib.rs:88:14
|
88 | unsafe { BIO_ctrl(b, BIO_CTRL_INFO, 0, pp.cast::<c_void>()) }
| ^^^^^^^^ not found in this scope

error[E0425]: cannot find function, tuple struct or tuple variant CRYPTO_library_init in this scope
--> C:\Users\root.cargo\registry\src\index.crates.io-1949cf8c6b5b557f\aws-lc-sys-0.14.1\src\lib.rs:92:14
|
92 | unsafe { CRYPTO_library_init() }
| ^^^^^^^^^^^^^^^^^^^ not found in this scope

For more information about this error, try rustc --explain E0425.
error: could not compile aws-lc-sys (lib) due to 2 previous errors

i'm building on windows, so i had to change branch to v0.23.12
and rustls version in cargo.toml to rustls = "0.23.12"

it ran after that, but with same error

thread 'main' panicked at examples\client.rs:51:41:
called Result::unwrap() on an Err value: ExtensionType("27")
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

in my code i use exact same code as in example

my proxy is basically for of hudsucker (https://github.com/omjadas/hudsucker). it works without ja-tools, but on cloudflare sites i'm recognized as bot, but proxy itself works

i will try to see handshake with wireshark later, but will appreciate help with current extension issue

[XOR-op]

Reproduced on my side with v0.23.12. I'll investigate this issue. Seems something went wrong during upgrading from 0.23.4

[hueta]

i tried to downgrade to 'unofficial-rel-0.23'
managed to succesfully build client.rs but if i change url in it to, say, dune.com (cloudflare example) then i get error
thread 'main' panicked at examples\client.rs:71:6:
called Result::unwrap() on an Err value: Custom { kind: InvalidData, error: AlertReceived(DecodeError) }

also when used downgraded version with hyper-rustls ^0.27 it worked, but all sites that check tls fingerprints show that no extensions available, and ja4 hash is t13i000000_000000000000_

builder code is equal to example

[XOR-op]

I have fixed the v0.23.12 bug. The cloudflare site bug is still under investigation.

[XOR-op]

@hueta I tested it against multiple different TLS server implementations. Those from large corps e.g. cloudflare, google and meta won't work, but others like github work well. I have no clue on what's going on now since I'm busy, but I'll try to figure it out when I have time. Please stay tuned.