[+] fix panic on GetLastChromeVersion (#106)

Noooste · actions-user · web-flow · commit 8d108b471e6c · 2024-06-30T21:04:50.000+02:00
* [+] fix panic on GetLastChromeVersion

* chore: Updated coverage badge.

---------

Co-authored-by: GitHub Action &lt;action@github.com&gt;
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # AzureTLS Client 
 [![GoDoc](https://godoc.org/github.com/Noooste/azuretls-client?status.svg)](https://godoc.org/github.com/Noooste/azuretls-client)
-![Coverage](https://img.shields.io/badge/Coverage-77.7%25-brightgreen)
+![Coverage](https://img.shields.io/badge/Coverage-77.8%25-brightgreen)
 [![build](https://github.com/Noooste/azuretls-client/actions/workflows/push.yml/badge.svg)](https://github.com/Noooste/azuretls-client/actions/workflows/push.yml)
 [![Go Report Card](https://goreportcard.com/badge/Noooste/azuretls-client)](https://goreportcard.com/report/Noooste/azuretls-client)
 [![License](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/Noooste/azuretls-client/blob/master/LICENSE)
diff --git a/profiles.go b/profiles.go
@@ -3,13 +3,36 @@ package azuretls
 import (
 	"github.com/Noooste/fhttp/http2"
 	tls "github.com/Noooste/utls"
+	"math/rand"
 )
 
+// since version 110, Chrome TLS Client Hello extensions are shuffled
+// https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild
+// replace the rdn.Shuffle with a custom shuffle to avoid the panic
+// see issue 102
+func getShuffledExtensions(extensions []tls.TLSExtension) []tls.TLSExtension {
+	extensionsLength := len(extensions)
+
+	dest := make([]tls.TLSExtension, extensionsLength)
+	perm := rand.Perm(extensionsLength)
+	for i, v := range perm {
+		dest[v] = extensions[i]
+	}
+
+	final := make([]tls.TLSExtension, 0, extensionsLength+3) // first grease + last grease + padding
+	final = append(final, &tls.UtlsGREASEExtension{})
+	final = append(final, dest...)
+	final = append(final, &tls.UtlsGREASEExtension{})
+	final = append(final, &tls.UtlsPaddingExtension{GetPaddingLen: tls.BoringPaddingStyle})
+
+	return final
+}
+
 // GetLastChromeVersion apply the latest Chrome version
 // Current Chrome version : 121
 func GetLastChromeVersion() *tls.ClientHelloSpec {
 	extensions := []tls.TLSExtension{
-		&tls.UtlsGREASEExtension{},
+		// &tls.UtlsGREASEExtension{},
 		&tls.KeyShareExtension{KeyShares: []tls.KeyShare{
 			{Group: tls.CurveID(tls.GREASE_PLACEHOLDER), Data: []byte{0}},
 			{Group: tls.X25519Kyber768Draft00},
@@ -58,35 +81,22 @@ func GetLastChromeVersion() *tls.ClientHelloSpec {
 			0x00, // pointFormatUncompressed
 		}},
 		tls.BoringGREASEECH(),
-		&tls.UtlsGREASEExtension{},
-		&tls.UtlsPaddingExtension{GetPaddingLen: tls.BoringPaddingStyle},
+		// &tls.UtlsGREASEExtension{},
+		// &tls.UtlsPaddingExtension{GetPaddingLen: tls.BoringPaddingStyle},
 	}
 
-	extensionsLength := len(extensions)
-	lastTwo := extensionsLength - 2
-
-	// since version 110, Chrome TLS Client Hello extensions are shuffled
-	// https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild
-	rdn.Shuffle(extensionsLength, func(i, j int) {
-		if i >= lastTwo || j >= lastTwo || i == 0 || j == 0 {
-			// ignore GREASE extensions and padding extension
-			return
-		}
-		extensions[i], extensions[j] = extensions[j], extensions[i]
-	})
-
 	return &tls.ClientHelloSpec{
 		CipherSuites: []uint16{
 			tls.GREASE_PLACEHOLDER,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
 			tls.TLS_AES_128_GCM_SHA256,
 			tls.TLS_AES_256_GCM_SHA384,
-	                tls.TLS_CHACHA20_POLY1305_SHA256,
-	                tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	                tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	                tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	                tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	                tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
@@ -97,7 +107,7 @@ func GetLastChromeVersion() *tls.ClientHelloSpec {
 		CompressionMethods: []byte{
 			0x00, // compressionNone
 		},
-		Extensions: extensions,
+		Extensions: getShuffledExtensions(extensions),
 	}
 }
 
diff --git a/test/ja3_test.go b/test/ja3_test.go
@@ -6,6 +6,7 @@ import (
 	"github.com/Noooste/azuretls-client"
 	"log"
 	"strings"
+	"sync"
 	"testing"
 )
 
@@ -326,3 +327,23 @@ func TestJa3(t *testing.T) {
 		fmt.Println(response.StatusCode, string(response.Body))
 	}
 }
+
+func test(wg *sync.WaitGroup) {
+	defer wg.Done()
+	for i := 0; i < 1e3; i++ {
+		azuretls.GetLastChromeVersion()
+	}
+}
+
+func TestGetLastChromeVersion(t *testing.T) {
+	var (
+		wg = new(sync.WaitGroup)
+	)
+
+	for i := 0; i < 1e3; i++ {
+		wg.Add(1)
+		go test(wg)
+	}
+
+	wg.Wait()
+}
