入群验证sha384计算不对

[GammaPi]

以下结果是在Xray 25.9.11版本测定

方法1

1. 通过修改rprx main.go把指纹改成“HelloChrome_120_PQ”进行解决。在Xray中，使用Reality且设置TLS指纹为safari时，指纹是多少呀，怎么获取呢 #4077

package main

import (
	"flag"
	"fmt"
	"os"

	"github.com/imroc/req/v3"
	tls "github.com/refraction-networking/utls"
)

func main() {
	// Define a command-line argument to accept the desired fingerprint
	fingerprintArg := flag.String("fingerprint", "chrome", "Specify the fingerprint (e.g., chrome, edge, firefox, safari)")
	flag.Parse()

	// Map of fingerprints to their corresponding utls ClientHelloID
	fingerprintMap := map[string]tls.ClientHelloID{
		"chrome":  tls.HelloChrome_120_PQ,
		"edge":    tls.HelloEdge_106,
		"firefox": tls.HelloFirefox_105,
		"safari":  tls.HelloSafari_16_0,
		"ios":     tls.HelloIOS_14,
	}

	// Match the provided argument to a fingerprint
	fingerprintID, exists := fingerprintMap[*fingerprintArg]
	if !exists {
		fmt.Fprintf(os.Stderr, "Invalid fingerprint: %s\n", *fingerprintArg)
		fmt.Fprintf(os.Stderr, "Available fingerprints: chrome, edge, firefox, safari\n")
		os.Exit(1)
	}

	// Create the HTTP client with the specified fingerprint
	client := req.C().
		SetUserAgent("Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36").
		SetTLSFingerprint(fingerprintID)

	// Make a GET request
	res, err := client.R().Get("https://tls.peet.ws/api/all")
	if err != nil {
		fmt.Printf("Request failed: %v\n", err)
		os.Exit(1)
	}

	// Print the response
	fmt.Println(res)
}

go run main.go -fingerprint chrome 返回结果ja4是“t13d1516h2_8daaf6152771_923f26044972”,进行hash

echo "t13d1516h2_8daaf6152771_923f26044972" | sha384sum 
8514e4a3ebe68633ae3d0d8eedc4364948c1594067642ba355e5dfe2bb9a429071d9fae55366a731945bd42d5f09a7c5  -

后六位大概是09a7c5在答案里找不到。

方法2: 网上找了一个配置wireshark抓包解决

网上找的配置是根据discussion: #4951

<SOME_SERVER_IP> 替换成了我的服务器，但是我的服务器未安装xray，我理解只是抓个握手包问题不大。
xray的fingerprint根据代码

Xray-core/transport/internet/tls/tls.go

Line 252 in 5148c57

"hellochrome_120_pq": &utls.HelloChrome_120_PQ,

设置

{
  "log": {
    "loglevel": "error"
  },
  "dns": {
    "hosts": {
      "dns.google": "8.8.8.8",
      "proxy.example.com": "127.0.0.1"
    },
    "servers": [
      {
        "address": "1.1.1.1",
        "skipFallback": true,
        "domains": [
          "domain:googleapis.cn",
          "domain:gstatic.com"
        ]
      },
      {
        "address": "223.5.5.5",
        "skipFallback": true,
        "domains": [
          "geosite:cn"
        ],
        "expectIPs": [
          "geoip:cn"
        ]
      },
      "1.1.1.1",
      "8.8.8.8",
      "https://dns.google/dns-query"
    ]
  },
  "inbounds": [
    {
      "tag": "socks",
      "port": 11808,
      "listen": "127.0.0.1",
      "protocol": "mixed",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls",
          "quic"
        ],
        "routeOnly": true
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "socks2",
      "port": 11809,
      "listen": "127.0.0.1",
      "protocol": "mixed",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls",
          "quic"
        ],
        "routeOnly": true
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    },
    {
      "tag": "socks3",
      "port": 11810,
      "listen": "0.0.0.0",
      "protocol": "mixed",
      "sniffing": {
        "enabled": true,
        "destOverride": [
          "http",
          "tls",
          "quic"
        ],
        "routeOnly": true
      },
      "settings": {
        "auth": "noauth",
        "udp": true,
        "allowTransparent": false
      }
    }
  ],
  "outbounds": [
    {
      "tag": "proxy",
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "<SOME_SERVER_IP>",
            "port": 443,
            "users": [
              {
                "id": "3a344059-b828-49ef-8916-c700eae5e80d",
                "email": "[email protected]",
                "security": "auto",
                "encryption": "none",
                "flow": "xtls-rprx-vision"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "tls",
        "tlsSettings": {
          "allowInsecure": true,
          "serverName": "baidu.com",
          "fingerprint": "hellochrome_120_pq"
        },
        "tcpSettings": {
          "header": {
            "type": "http",
            "request": {
              "version": "1.1",
              "method": "GET",
              "path": [
                "/"
              ],
              "headers": {
                "Host": [
                  "baidu.com"
                ],
                "User-Agent": [
                  "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:90.0) Gecko/20100101 Firefox/90.0"
                ],
                "Accept-Encoding": [
                  "gzip, deflate"
                ],
                "Connection": [
                  "keep-alive"
                ],
                "Pragma": "no-cache"
              }
            }
          }
        }
      },
      "mux": {
        "enabled": true,
        "concurrency": -1,
        "xudpConcurrency": 16,
        "xudpProxyUDP443": "reject"
      }
    },
    {
      "tag": "direct",
      "protocol": "freedom"
    },
    {
      "tag": "block",
      "protocol": "blackhole"
    }
  ],
  "routing": {
    "domainStrategy": "AsIs",
    "domainMatcher": "mph",
    "rules": [
      {
        "type": "field",
        "inboundTag": [
          "api"
        ],
        "outboundTag": "api"
      },
      {
        "type": "field",
        "outboundTag": "block",
        "domain": [
          "geosite:category-porn"
        ]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": [
          "domain:localhost"
        ]
      },
      {
        "type": "field",
        "outboundTag": "direct",
        "ip": [
          "geoip:private"
        ]
      },
      {
        "type": "field",
        "port": "0-65535",
        "outboundTag": "proxy"
      }
    ]
  }
}

用ip.dst == <SOME_SERVER_IP> 做filter。找到Client Hello握手包，找到TLS的packet，确认SNI是baidu.com，由于我的服务器不是百度的所以这个SNI肯定是xray发出的包。
JA4 value为：t13d1516h2_8daaf6152771_02713d6af862

echo "t13d1516h2_8daaf6152771_02713d6af862" | sha384sum

后六位是510f34，答案里也没有。