telemetry: Fix MITM tests

2025-01-27 20:35:58 +03:00 · 2018-05-07 16:42:35 -06:00 · 2018-05-07 16:42:35 -06:00 · fe03c1aefa
commit fe03c1aefa
parent 078770a5a6
2 changed files with 31 additions and 27 deletions
--- a/caddyhttp/httpserver/mitm.go
+++ b/caddyhttp/httpserver/mitm.go
@ -67,7 +67,7 @@ func (h *tlsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	ua := r.Header.Get("User-Agent")

 	// report this request's UA in connection with this ClientHello
-	go telemetry.AppendUnique("tls_client_hello_ua:"+info.Key(), ua)
+	go telemetry.AppendUnique("tls_client_hello_ua:"+caddytls.ClientHelloInfo(info).Key(), ua)

 	var checked, mitm bool
 	if r.Header.Get("X-BlueCoat-Via") != "" || // Blue Coat (masks User-Agent header to generic values)
@ -212,7 +212,7 @@ func (c *clientHelloConn) Read(b []byte) (n int, err error) {
 	c.listener.helloInfosMu.Unlock()

 	// report this ClientHello to telemetry
-	chKey := rawParsed.Key()
+	chKey := caddytls.ClientHelloInfo(rawParsed).Key()
 	go telemetry.SetNested("tls_client_hello", chKey, rawParsed)
 	go telemetry.AppendUnique("tls_client_hello_count", chKey)

@ -374,7 +374,7 @@ func (l *tlsHelloListener) Accept() (net.Conn, error) {
 // by Durumeric, Halderman, et. al. in
 // "The Security Impact of HTTPS Interception":
 // https://jhalderm.com/pub/papers/interception-ndss17.pdf
-type rawHelloInfo struct{ caddytls.ClientHelloInfo }
+type rawHelloInfo caddytls.ClientHelloInfo

 // advertisesHeartbeatSupport returns true if info indicates
 // that the client supports the Heartbeat extension.
--- a/caddyhttp/httpserver/mitm_test.go
+++ b/caddyhttp/httpserver/mitm_test.go
@ -32,44 +32,48 @@ func TestParseClientHello(t *testing.T) {
 			// curl 7.51.0 (x86_64-apple-darwin16.0) libcurl/7.51.0 SecureTransport zlib/1.2.8
 			inputHex: `010000a6030358a28c73a71bdfc1f09dee13fecdc58805dcce42ac44254df548f14645f7dc2c00004400ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009f009e006b0067003900330016009d009c003d003c0035002f000a00af00ae008d008c008b01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000`,
 			expected: rawHelloInfo{
-				cipherSuites:       []uint16{255, 49196, 49195, 49188, 49187, 49162, 49161, 49160, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 159, 158, 107, 103, 57, 51, 22, 157, 156, 61, 60, 53, 47, 10, 175, 174, 141, 140, 139},
-				extensions:         []uint16{10, 11, 13, 5, 18, 23},
-				compressionMethods: []byte{0},
-				curves:             []tls.CurveID{23, 24, 25},
-				points:             []uint8{0},
+				Version:            0x303,
+				CipherSuites:       []uint16{255, 49196, 49195, 49188, 49187, 49162, 49161, 49160, 49200, 49199, 49192, 49191, 49172, 49171, 49170, 159, 158, 107, 103, 57, 51, 22, 157, 156, 61, 60, 53, 47, 10, 175, 174, 141, 140, 139},
+				Extensions:         []uint16{10, 11, 13, 5, 18, 23},
+				CompressionMethods: []byte{0},
+				Curves:             []tls.CurveID{23, 24, 25},
+				Points:             []uint8{0},
 			},
 		},
 		{
 			// Chrome 56
 			inputHex: `010000c003031dae75222dae1433a5a283ddcde8ddabaefbf16d84f250eee6fdff48cdfff8a00000201a1ac02bc02fc02cc030cca9cca8cc14cc13c013c014009c009d002f0035000a010000777a7a0000ff010001000000000e000c0000096c6f63616c686f73740017000000230000000d00140012040308040401050308050501080606010201000500050100000000001200000010000e000c02683208687474702f312e3175500000000b00020100000a000a0008aaaa001d001700182a2a000100`,
 			expected: rawHelloInfo{
-				cipherSuites:       []uint16{6682, 49195, 49199, 49196, 49200, 52393, 52392, 52244, 52243, 49171, 49172, 156, 157, 47, 53, 10},
-				extensions:         []uint16{31354, 65281, 0, 23, 35, 13, 5, 18, 16, 30032, 11, 10, 10794},
-				compressionMethods: []byte{0},
-				curves:             []tls.CurveID{43690, 29, 23, 24},
-				points:             []uint8{0},
+				Version:            0x303,
+				CipherSuites:       []uint16{6682, 49195, 49199, 49196, 49200, 52393, 52392, 52244, 52243, 49171, 49172, 156, 157, 47, 53, 10},
+				Extensions:         []uint16{31354, 65281, 0, 23, 35, 13, 5, 18, 16, 30032, 11, 10, 10794},
+				CompressionMethods: []byte{0},
+				Curves:             []tls.CurveID{43690, 29, 23, 24},
+				Points:             []uint8{0},
 			},
 		},
 		{
 			// Firefox 51
 			inputHex: `010000bd030375f9022fc3a6562467f3540d68013b2d0b961979de6129e944efe0b35531323500001ec02bc02fcca9cca8c02cc030c00ac009c013c01400330039002f0035000a010000760000000e000c0000096c6f63616c686f737400170000ff01000100000a000a0008001d001700180019000b00020100002300000010000e000c02683208687474702f312e31000500050100000000ff030000000d0020001e040305030603020308040805080604010501060102010402050206020202`,
 			expected: rawHelloInfo{
-				cipherSuites:       []uint16{49195, 49199, 52393, 52392, 49196, 49200, 49162, 49161, 49171, 49172, 51, 57, 47, 53, 10},
-				extensions:         []uint16{0, 23, 65281, 10, 11, 35, 16, 5, 65283, 13},
-				compressionMethods: []byte{0},
-				curves:             []tls.CurveID{29, 23, 24, 25},
-				points:             []uint8{0},
+				Version:            0x303,
+				CipherSuites:       []uint16{49195, 49199, 52393, 52392, 49196, 49200, 49162, 49161, 49171, 49172, 51, 57, 47, 53, 10},
+				Extensions:         []uint16{0, 23, 65281, 10, 11, 35, 16, 5, 65283, 13},
+				CompressionMethods: []byte{0},
+				Curves:             []tls.CurveID{29, 23, 24, 25},
+				Points:             []uint8{0},
 			},
 		},
 		{
 			// openssl s_client (OpenSSL 0.9.8zh 14 Jan 2016)
 			inputHex: `0100012b03035d385236b8ca7b7946fa0336f164e76bf821ed90e8de26d97cc677671b6f36380000acc030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f009600410007c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff0201000055000b000403000102000a001c001a00170019001c001b0018001a0016000e000d000b000c0009000a00230000000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101`,
 			expected: rawHelloInfo{
-				cipherSuites:       []uint16{49200, 49196, 49192, 49188, 49172, 49162, 165, 163, 161, 159, 107, 106, 105, 104, 57, 56, 55, 54, 136, 135, 134, 133, 49202, 49198, 49194, 49190, 49167, 49157, 157, 61, 53, 132, 49199, 49195, 49191, 49187, 49171, 49161, 164, 162, 160, 158, 103, 64, 63, 62, 51, 50, 49, 48, 154, 153, 152, 151, 69, 68, 67, 66, 49201, 49197, 49193, 49189, 49166, 49156, 156, 60, 47, 150, 65, 7, 49169, 49159, 49164, 49154, 5, 4, 49170, 49160, 22, 19, 16, 13, 49165, 49155, 10, 255},
-				extensions:         []uint16{11, 10, 35, 13, 15},
-				compressionMethods: []byte{1, 0},
-				curves:             []tls.CurveID{23, 25, 28, 27, 24, 26, 22, 14, 13, 11, 12, 9, 10},
-				points:             []uint8{0, 1, 2},
+				Version:            0x303,
+				CipherSuites:       []uint16{49200, 49196, 49192, 49188, 49172, 49162, 165, 163, 161, 159, 107, 106, 105, 104, 57, 56, 55, 54, 136, 135, 134, 133, 49202, 49198, 49194, 49190, 49167, 49157, 157, 61, 53, 132, 49199, 49195, 49191, 49187, 49171, 49161, 164, 162, 160, 158, 103, 64, 63, 62, 51, 50, 49, 48, 154, 153, 152, 151, 69, 68, 67, 66, 49201, 49197, 49193, 49189, 49166, 49156, 156, 60, 47, 150, 65, 7, 49169, 49159, 49164, 49154, 5, 4, 49170, 49160, 22, 19, 16, 13, 49165, 49155, 10, 255},
+				Extensions:         []uint16{11, 10, 35, 13, 15},
+				CompressionMethods: []byte{1, 0},
+				Curves:             []tls.CurveID{23, 25, 28, 27, 24, 26, 22, 14, 13, 11, 12, 9, 10},
+				Points:             []uint8{0, 1, 2},
 			},
 		},
 	} {
@ -338,8 +342,8 @@ func TestHeuristicFunctionsAndHandler(t *testing.T) {
 				(isEdge && (isChrome || isFirefox || isSafari || isTor)) ||
 				(isTor && (isChrome || isFirefox || isSafari || isEdge)) {
 				t.Errorf("[%s] Test %d: Multiple fingerprinting functions matched: "+
-					"Chrome=%v Firefox=%v Safari=%v Edge=%v Tor=%v\n\tparsed hello dec: %+v\n\tparsed hello hex: %#x\n",
-					client, i, isChrome, isFirefox, isSafari, isEdge, isTor, parsed, parsed)
+					"Chrome=%v Firefox=%v Safari=%v Edge=%v Tor=%v\n\tparsed hello dec: %+v\n",
+					client, i, isChrome, isFirefox, isSafari, isEdge, isTor, parsed)
 			}

 			// test the handler and detection results
@ -367,8 +371,8 @@ func TestHeuristicFunctionsAndHandler(t *testing.T) {
 			if got != want {
 				t.Errorf("[%s] Test %d: Expected MITM=%v but got %v (type assertion OK (checked)=%v)",
 					client, i, want, got, checked)
-				t.Errorf("[%s] Test %d: Looks like Chrome=%v Firefox=%v Safari=%v Edge=%v Tor=%v\n\tparsed hello dec: %+v\n\tparsed hello hex: %#x\n",
-					client, i, isChrome, isFirefox, isSafari, isEdge, isTor, parsed, parsed)
+				t.Errorf("[%s] Test %d: Looks like Chrome=%v Firefox=%v Safari=%v Edge=%v Tor=%v\n\tparsed hello dec: %+v\n",
+					client, i, isChrome, isFirefox, isSafari, isEdge, isTor, parsed)
 			}
 		}
 	}