You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run this code several times, and in Wireshark click on each request and go to "Transport Layer Security" > "TLS1.3" > "Handshake Protocol" - Look at "JA3 fullstring". Notice the JA3 fullstring value for each request is exactly the same. I tried different websites, I always see the same JA3 for each request, which is: 771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-45-43-5-23-35-13-65281-16-65037-18-51-10-11-17513-27,29-23-24,0. It appears to be hard coded. If I try a different client_identifier it changes to a different string, but again it appears hard code, every request has the same JA3 string which can be confirmed using Wireshark. This product is supposed to spoof JA3, but its not when the same JA3 string never changes.
If you add the option "random_tls_extension_order=True", it randomize the JA3 string, but again it appears the JA3 string is hard coded, and all this option does is move around the numbers. I think it would be easy to detect, all you would have to do is look for the numbers in the string. The order changes, but not the numbers.
If you remove the client_identifier and add a JA3_string= it doesnt work. Wireshark shows the hard coded JA3 string is still used. The value you put for JA3_string isnt used.
There are some very obvious problems here:
The documentation doesnt say if you use client_identifier YOU HAVE TO USE random_tls_extension_order=True otherwise the JA3 string will be exactly the same for each response. This is how I identified the issue, all of a sudden a website was quickly blocking me. When I ran Wireshark and looked at the JA3 I realised each request I was making had exactly the same JA3 string.
Originally I got the impression that if I am emulating Chrome version 120, I wouldn't need to use random_tls_extension_order=True because Chrome 120 randomizes each string. If you are emulating Chrome 120, there should be no need to use random_tls_extension_order=True because the Chrome web browser randomizes the string. The documentation should explicitly state that you always have to use random_tls_extension_order=True for Chrome when using client_identifier. Or it should be made the default.
The JA3 string appears to be hard coded. Even using the JA3_string doesnt cause the JA3 string to change. I would expect whatever value I put for JA3_string should be used, but it's not.
The documentation should clearly state that you have to use either client_identifier or JA3_string, but not both. I dont think the documentation says this.
By default Chrome randomizes the JA3 string, so why do I need to put random_tls_extension_order=True when using client_identifider? That makese no sense to me. By default Chrome randomizes the JA3 string, but by default this product doesnt. If you are spoofing Chrome, shouldnt the JA3 by default look like a JA3 string Chrome would use? I have no idea why you need to specify random_tls_extension_order=True, it should be the default. Why would someone use this and not want the JA3 random?
In the past, with a older version, I know that specifying the JA3_string DID work, because I would run my script with the JA3 string statically assigned, and in wireshark I would see the JA3 string I specified. But in the current version, 1.0.1 it doesnt work. In Wireshark I do not see the JA3 I specify, I just see the same JA3 string over and over. I will not consider using this package again until JA3_string works again. The documentation badly needs updating. This product doesnt work.
The text was updated successfully, but these errors were encountered:
This product doesnt work at all.
import tls_client
s = tls_client.Session(client_identifier="chrome_120")
response = s.get('https://yahoo.com')
There are some very obvious problems here:
Originally I got the impression that if I am emulating Chrome version 120, I wouldn't need to use random_tls_extension_order=True because Chrome 120 randomizes each string. If you are emulating Chrome 120, there should be no need to use random_tls_extension_order=True because the Chrome web browser randomizes the string. The documentation should explicitly state that you always have to use random_tls_extension_order=True for Chrome when using client_identifier. Or it should be made the default.
In the past, with a older version, I know that specifying the JA3_string DID work, because I would run my script with the JA3 string statically assigned, and in wireshark I would see the JA3 string I specified. But in the current version, 1.0.1 it doesnt work. In Wireshark I do not see the JA3 I specify, I just see the same JA3 string over and over. I will not consider using this package again until JA3_string works again. The documentation badly needs updating. This product doesnt work.
The text was updated successfully, but these errors were encountered: