CycleTLS icon indicating copy to clipboard operation
CycleTLS copied to clipboard

Published 20 hours ago verified publisher icon Danny-Dasilva

uTlsConn.Handshake() error: remote error: tls: error decoding message

Open Tsyklop opened this issue 1 year ago • 1 comments

Description

I use last version of cycle-tls. Site works on http/2

JA3: 771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-21,29-23-24-25-0-1,0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0

Headers:

"accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8" "accept-encoding": "gzip, deflate, br" "accept-language": "ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3" "host": "site.de" "sec-fetch-dest": "document" "sec-fetch-mode": "navigate" "sec-fetch-site": "none" "sec-fetch-user": "?1" "TE": "trailers" "upgrade-insecure-requests": "1" "user-agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0"

https://tools.scrapfly.io/api/fp/ja3?extended=1 gives me next ja3 token: 772,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-45-28-41,0-1-2-3-4-5,0

https://tls.peet.ws/api/clean gives me next ja3 token:
771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-34-51-43-13-45-28-21,29-23-24-25-0-1,0

ja3 tokens above not working - tls: error decoding message.

But the next token works, but its for Chrome:

771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-21,29-23-24,0

Golang Version: 1.18.5

Issue Type

Bug

Operating System

Windows 10

Node Version

Node 14.x

Golang Version

Other

Relevant Log Output

Get "https://site.de/ru-de/": uTlsConn.Handshake() error: remote error: tls: error decoding message

Tsyklop avatar Sep 26 '22 14:09 Tsyklop

But the next token works, but its for Chrome: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-21,29-23-24,0

it's weird to get 771, it can't be chrome, 771 is tls 1.2, chrome is tls 1.3 (772). most of online ja3 fp are out of date, you should check https://scrapfly.io/web-scraping-tools/ja3-fingerprint which seems to be the most accurate

kasiusm avatar Oct 01 '22 14:10 kasiusm

i found a fix for myself

make sure you dont have 41 in your SSLExtension part of the ja3. 41 = pre_shared_key cycletls cant use this when it doesnt know/have the shared key already i don't know whether its ja3 will update to show it does after its got a shared_key

itschasa avatar Oct 07 '22 15:10 itschasa

772 is never a valid number for TLS

89z avatar Oct 29 '22 20:10 89z