Comments (4)
Full customization of the frames might be overkill, perhaps we should just set the recommended SETTINGS frame based on the selected browser fingerprint (especially chrome).
from burp-awesome-tls.
Hi @sleeyax. Thanks for your great work with this project. Would be happy to help with this feature. Any tips you could provide to help me get started?
from burp-awesome-tls.
Hey @ChrisMcMStone sure thing, thanks for your interest and willingness to contribute to the project! It's been a while but I can point you in a general direction.
The inital settings are created here: https://github.com/sleeyax/burp-awesome-tls/blob/main/src-go/server/internal/net/http2/transport.go#L674
You could patch it like this (this is from a different project of mine, so adjust accordingly):
From 2c399035ddb74e8c40e7f60fba3299b463fd44fd Mon Sep 17 00:00:00 2001
From: Sleeyax <[email protected]>
Date: Thu, 3 Jun 2021 21:46:23 +0200
Subject: [PATCH] Customizable initial SETTINGS frame
---
packages/http2/transport.go | 22 ++++++++++++++++++++--
1 file changed, 20 insertions(+), 2 deletions(-)
diff --git a/packages/http2/transport.go b/packages/http2/transport.go
index ff71e3e..7ab542d 100644
--- a/packages/http2/transport.go
+++ b/packages/http2/transport.go
@@ -89,6 +89,21 @@ type Transport struct {
// plain-text "http" scheme. Note that this does not enable h2c support.
AllowHTTP bool
+ // HeaderTableSize is the http2 SETTINGS_HEADER_TABLE_SIZE to send in the initial settings frame.
+ HeaderTableSize uint32
+
+ // EnablePush is the http2 SETTINGS_ENABLE_PUSH to send in the initial settings frame.
+ EnablePush uint32
+
+ // MaxConcurrentStreams is the http2 SETTINGS_MAX_CONCURRENT_STREAMS to send in the initial settings frame.
+ MaxConcurrentStreams uint32
+
+ // InitialWindowSize is the http2 SETTINGS_INITIAL_WINDOW_SIZE to send in the initial settings frame.
+ InitialWindowSize uint32
+
+ // MaxFrameSize is the http2 SETTINGS_MAX_FRAME_SIZE to send in the initial settings frame.
+ MaxFrameSize uint32
+
// MaxHeaderListSize is the http2 SETTINGS_MAX_HEADER_LIST_SIZE to
// send in the initial settings frame. It is how many bytes
// of response headers are allowed. Unlike the http2 spec, zero here
@@ -675,8 +690,11 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
}
initialSettings := []Setting{
- {ID: SettingEnablePush, Val: 0},
- {ID: SettingInitialWindowSize, Val: transportDefaultStreamFlow},
+ {ID: SettingHeaderTableSize, Val: t.HeaderTableSize},
+ {ID: SettingEnablePush, Val: t.EnablePush},
+ {ID: SettingMaxConcurrentStreams, Val: t.MaxConcurrentStreams},
+ {ID: SettingInitialWindowSize, Val: t.InitialWindowSize},
+ {ID: SettingMaxFrameSize, Val: t.MaxFrameSize},
}
if max := t.maxHeaderListSize(); max != 0 {
initialSettings = append(initialSettings, Setting{ID: SettingMaxHeaderListSize, Val: max})
Next, make sure any hardcoded defaults are overriden by these new settings:
diff --git a/packages/http2/transport.go b/packages/http2/transport.go
index 7ab542d..82a691f 100644
--- a/packages/http2/transport.go
+++ b/packages/http2/transport.go
@@ -648,10 +648,10 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
tconn: c,
readerDone: make(chan struct{}),
nextStreamID: 1,
- maxFrameSize: 16 << 10, // spec default
- initialWindowSize: 65535, // spec default
- maxConcurrentStreams: 1000, // "infinite", per spec. 1000 seems good enough.
- peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead.
+ maxFrameSize: t.MaxFrameSize, // spec default
+ initialWindowSize: t.InitialWindowSize, // spec default
+ maxConcurrentStreams: t.MaxConcurrentStreams, // "infinite", per spec. 1000 seems good enough.
+ peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead.
streams: make(map[uint32]*clientStream),
singleUse: singleUse,
wantSettingsAck: true,
@@ -666,14 +666,14 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
}
cc.cond = sync.NewCond(&cc.mu)
- cc.flow.add(int32(initialWindowSize))
+ cc.flow.add(int32(t.InitialWindowSize))
// TODO: adjust this writer size to account for frame size +
// MTU + crypto/tls record padding.
cc.bw = bufio.NewWriter(stickyErrWriter{c, &cc.werr})
cc.br = bufio.NewReader(c)
cc.fr = NewFramer(cc.bw, cc.br)
- cc.fr.ReadMetaHeaders = hpack.NewDecoder(initialHeaderTableSize, nil)
+ cc.fr.ReadMetaHeaders = hpack.NewDecoder(t.InitialWindowSize, nil)
cc.fr.MaxHeaderListSize = t.maxHeaderListSize()
// TODO: SetMaxDynamicTableSize, SetMaxDynamicTableSizeLimit on
@@ -703,7 +703,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro
cc.bw.Write(clientPreface)
cc.fr.WriteSettings(initialSettings...)
cc.fr.WriteWindowUpdate(0, transportDefaultConnFlow)
- cc.inflow.add(transportDefaultConnFlow + initialWindowSize)
+ cc.inflow.add(transportDefaultConnFlow + int32(t.InitialWindowSize))
cc.bw.Flush()
if cc.werr != nil {
cc.Close()
Finally, you can set set the correct initial settings frame based on the specified r.TlsFingerprint
here: https://github.com/sleeyax/burp-awesome-tls/blob/main/src-go/server/roundtripper.go#L115
You can use Charles proxy to see which settings are the defaults for several browsers. Please try to add support for the latest Chrome version at minimum.
I hope that's enough information to get you started. Good luck and have fun!
from burp-awesome-tls.
Hi @ChrisMcMStone any news? Let me know if you need any additional help!
from burp-awesome-tls.
Related Issues (20)
- -
- 返回错误 HOT 2
- Awesome TLS error: create spec from client hello: FingerprintClientHello: unsupported extension 65037 HOT 1
- Errors HOT 1
- Java version error HOT 1
- 加载插件时报错 HOT 1
- burp and browser config HOT 3
- HTTP2 SETTINGS iOS support HOT 12
- Failed to connect to 127.0.0.1:8887 HOT 2
- Self signed certificate and not working port HOT 3
- [WINDOWS] Burp Suite crashes on startup with burp-awesome-tls extension enabled HOT 3
- Bring back custom client hello (hex string field)
- Run the server independent of Burp suite HOT 1
- Burpsuite reported an error when adding awesome tls
- java.lang.NumberFormatException: Cannot parse null string HOT 2
- Awesome TLS error: create spec from client hello: FingerprintClientHello: unsupported extension 65037 HOT 6
- Support for akamai_fingerprint? HOT 3
- Awesome TLS error HOT 2
- Requests being forced to use HTTP/1.1 protocol HOT 4
- Used HTTP protocol version information lost HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from burp-awesome-tls.