Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem configuring node-fetch with proxy and TLS config(ciphers) #1016

Closed
avshabavsha opened this issue Nov 26, 2020 · 2 comments
Closed

Problem configuring node-fetch with proxy and TLS config(ciphers) #1016

avshabavsha opened this issue Nov 26, 2020 · 2 comments
Labels
question

Comments

@avshabavsha
Copy link

avshabavsha commented Nov 26, 2020
edited
Loading

Hello,

I'm trying to set node-fetch with both a proxy and including TLS configurations to pass a limited ciphers list so the client won't negotiate with the default (long) list of ciphers.

I've set the proxy using 'proxy-agent' library, but it seemed the ciphers values and other TLS infromation was missing when trying using it (verified using Wireshark).

The only way I was able to achieve the expected result was by modifying the node-fetch code, however I was wondering if anyone can provide an alternate/existing solution.

Example Code

const proxy = require('proxy-agent');

const myproxy = proxy(
    {
        protocol: "http:",
        port: "1024",
        hostname: "proxy.corporate.com",
        ciphers: 'TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES256-GCM-SHA384',
        minVersion: "TLSv1.2",
    }
);

const response = await fetch('https://api.mysite.com/login, {
	method: 'post',
	body:    JSON.stringify({username: 'user1', password: 'pass1'}),
	headers: { 'Content-Type': 'application/json' },
	agent: myproxy
});

Specs:

  • node-fetch version: 2.6.1

  • proxy-agent version: 4.0.0

  • node version: v12.18.3

Changes Done
In order to 'force' passing the ciphers to the low level code I've done the following change in the node-fetch library:

  • filename: lib\index.js
  • function: getNodeRequestOptions

Code prior to change:

	return Object.assign({}, parsedURL, {
		method: request.method,
		headers: exportNodeCompatibleHeaders(headers),
		agent
	}

Code after change (for simplicity didn't add condition to check TLS params existence):

	return Object.assign({}, parsedURL, {
		method: request.method,
		headers: exportNodeCompatibleHeaders(headers),
		agent
	},
	{
		ciphers: request.agent.proxy.ciphers,
		minVersion: request.agent.proxy.minVersion,
	}
	);

I basically take the values I've passed as part of the proxy agent object and pass them to be part of the newly created request options.

Thanks!
@tekwiz
Copy link
Member

tekwiz commented Nov 29, 2020

@avshabavsha You'll need to adjust the tls.DEFAULT_CIPHERS and tls.DEFAULT_MIN_VERSION constants globally in your program. If you have control of the arguments passed to node, you can add --tls-cipher-list=TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES256-GCM-SHA384 --tls-min-v1.2. If not, you can use the following bit of code:

const tls = require('tls');
tls.DEFAULT_CIPHERS = 'TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES256-GCM-SHA384';
tls.DEFAULT_MIN_VERSION = 'TLSv1.2';

@avshabavsha
Copy link
Author

Looks working. Thanks @tekwiz !

@c33s c33s mentioned this issue Jul 2, 2021
Open
aiko-chan-ai added a commit to aiko-chan-ai/discord.js-selfbot-v13 that referenced this issue Apr 7, 2023
@aiko-chan-ai
fix: Unknown Message (acceptInvite)
fe840ce 
https://httptoolkit.com/blog/tls-fingerprinting-node-js/
node-fetch/node-fetch#1016
https://stackoverflow.com/questions/72716390/change-tls-fingerprint-nodejs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tekwiz @avshabavsha