851917e049
This commit refactors existing text utility functions into the application layer for broad reuse and integrates them across the codebase. Initially, these utilities were confined to test code, which limited their application. Changes: - Move text utilities to the application layer. - Centralize text utilities into dedicated files for better maintainability. - Improve robustness of utility functions with added type checks. - Replace duplicated logic with centralized utility functions throughout the codebase. - Expand unit tests to cover refactored code parts.
70 lines
3.2 KiB
TypeScript
70 lines
3.2 KiB
TypeScript
/**
|
|
* Modifies the TLS fingerprint of Node.js HTTP client to circumvent TLS fingerprinting blocks.
|
|
* TLS fingerprinting is a technique used to identify clients based on the unencrypted data sent
|
|
* during the TLS handshake, used for blocking or identifying non-browser clients like debugging
|
|
* proxies or automated scripts.
|
|
*
|
|
* However, Node.js's HTTP client does not fully support all methods required for impersonating a
|
|
* browser's TLS fingerprint, as reported in https://github.com/nodejs/undici/issues/1983.
|
|
* While this implementation can alter the TLS fingerprint by randomizing the cipher suite order,
|
|
* it may not perfectly mimic specific browser fingerprints due to limitations in the TLS
|
|
* implementation of Node.js.
|
|
*
|
|
* For more detailed information, visit:
|
|
* - https://archive.today/2024.03.13-102042/https://httptoolkit.com/blog/tls-fingerprinting-node-js/
|
|
* - https://check.ja3.zone/ (To check your tool's or browser's fingerprint)
|
|
* - https://github.com/lwthiker/curl-impersonate (A solution for curl)
|
|
* - https://github.com/depicts/got-tls (Cipher manipulation support for Node.js)
|
|
*/
|
|
|
|
import { constants } from 'crypto';
|
|
import tls from 'tls';
|
|
import { indentText } from '@/application/Common/Text/IndentText';
|
|
|
|
export function randomizeTlsFingerprint() {
|
|
tls.DEFAULT_CIPHERS = getShuffledCiphers().join(':');
|
|
console.log(indentText(
|
|
`TLS context:\n${indentText([
|
|
'Original ciphers:', indentText(constants.defaultCipherList),
|
|
'Current ciphers:', indentText(getTlsContextInfo()),
|
|
].join('\n'))}`,
|
|
));
|
|
}
|
|
|
|
export function getTlsContextInfo(): string {
|
|
return [
|
|
`Ciphers: ${tls.DEFAULT_CIPHERS}`,
|
|
`Minimum TLS protocol version: ${tls.DEFAULT_MIN_VERSION}`,
|
|
`Node fingerprint: ${constants.defaultCoreCipherList === tls.DEFAULT_CIPHERS ? 'Visible' : 'Masked'}`,
|
|
].join('\n');
|
|
}
|
|
|
|
/**
|
|
* Shuffles the order of TLS ciphers, excluding the top 3 most important ciphers to maintain
|
|
* security preferences. This approach modifies the default cipher list of Node.js to create a
|
|
* unique TLS fingerprint, thus helping to circumvent detection mechanisms based on static
|
|
* fingerprinting. It leverages randomness in the cipher order as a simple method to generate a
|
|
* new, unique TLS fingerprint which is not easily identifiable. The technique is based on altering
|
|
* parameters used in the TLS handshake process, particularly the cipher suite order, to avoid
|
|
* matching known fingerprints that could identify the client as a Node.js application.
|
|
*
|
|
* For more details, refer to:
|
|
* - https://archive.today/2024.03.13-102234/https://getsetfetch.org/blog/tls-fingerprint.html
|
|
*/
|
|
export function getShuffledCiphers(): readonly string[] {
|
|
const nodeOrderedCipherList = constants.defaultCoreCipherList.split(':');
|
|
const totalTopCiphersToKeep = 3;
|
|
// Keep the most important ciphers in the same order
|
|
const fixedCiphers = nodeOrderedCipherList.slice(0, totalTopCiphersToKeep);
|
|
// Shuffle the rest
|
|
const shuffledCiphers = nodeOrderedCipherList.slice(totalTopCiphersToKeep)
|
|
.map((cipher) => ({ cipher, sort: Math.random() }))
|
|
.sort((a, b) => a.sort - b.sort)
|
|
.map(({ cipher }) => cipher);
|
|
const ciphers = [
|
|
...fixedCiphers,
|
|
...shuffledCiphers,
|
|
];
|
|
return ciphers;
|
|
}
|