It can work, but ends up requiring reimplementing a chunk of the TLS protocol parser and doing the same parsing twice per connection. I’d generally favor a three line out of tree stdlib patch over that. Skimming your linked code, you’ll also want to make sure you have proper handling of the TLS record layer so as not to get truncated client hellos.
I’m glad it’s doable, but a somewhat unfortunate situation. Very few things need or want the raw hello, there’s a good existing API for most of the parsed information (ClientHelloInfo), and the client hello itself is small and rarely changes. To me the oversight is that ClientHelloInfo is missing one field (extensions) which prevents it from being useful for most fingerprinting. -eli > On Jul 16, 2023, at 12:51 PM, phus lu <phus...@gmail.com> wrote: > > An update on > https://github.com/golang/go/issues/32936#issuecomment-1637032504 that can > extract raw clienthello bytes without stdlib patch. > > 在2023年3月7日星期二 UTC+8 06:14:41<Aurora> 写道: >> Is it possible to capture the whole TLS handshake data coming from a HTTP >> client request, enough to actually build a JA3 hash out of it? >> >> The tls.ClientHelloInfo does apparently give some but not all the parts >> which are needed to build a JA3 hash. > > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com > <mailto:golang-nuts+unsubscr...@googlegroups.com>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/b43fc53b-c1f4-4b96-a156-19e76badfdb4n%40googlegroups.com > > <https://groups.google.com/d/msgid/golang-nuts/b43fc53b-c1f4-4b96-a156-19e76badfdb4n%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/5EE78C14-58D3-47DD-AE3E-ED020F94AB75%40siliconsprawl.com.
