Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add header order configurabillity #46

Open
wants to merge 39 commits into
base: main
Choose a base branch
from
Open

Add header order configurabillity #46

wants to merge 39 commits into from

Conversation

BRUHItsABunny
Copy link

This PR adds the ability to order the headers in a specific way to emulate other HTTP clients, eg browsers.

While header order is not strictly covered in the HTTP spec, it's widely known that each HTTP client tends to send headers in a slightly different order. This allows you to fingerprint and filter traffic by the order of the header present in a HTTP request.

Some more sources on the situation at hand:
https://www.os3.nl/_media/2014-2015/courses/rp2/p91_report.pdf
https://my.f5.com/manage/s/article/K13527565
https://sansec.io/research/http-header-order-is-important

This may be out of scope for OONI's oohttp project, if that's the case I will most likely end up maintaining this in a separate
fork.

@bassosimone
Copy link
Contributor

bassosimone commented Sep 19, 2023
edited
Loading

This is not necessarily out of scope for us, as it's something we wanted to do per ooni/probe#2160. I may be slow to review these changes though, since my Sprint Planning is quite packed 😅.

@bassosimone bassosimone mentioned this pull request Sep 19, 2023
Open
@BRUHItsABunny
Copy link
Author

Nice, it would be great to see this in oohttp at some point then.
Take your time, for my use case i can just stick to my go.mod replace for now.

BRUHItsABunny and others added 21 commits September 22, 2023 12:30
@BRUHItsABunny
fix: http 1.1 and capitalization inconsistency
411d589
@BRUHItsABunny
feat: all headers should be order
b754cb3
@BRUHItsABunny
feat: add http2 framing settings, priority header params and priority…
1d02990 
… frames support
@BRUHItsABunny
feat: add http2 framing settings, priority header params and priority…
11c5219 
… frames support
@BRUHItsABunny
fix: compression error caused by header table size
dce64bb
@BRUHItsABunny
cleanup
0d5c9f6
@BRUHItsABunny
Merge remote-tracking branch 'ooni/main'
3c547a9
@BRUHItsABunny
Merge remote-tracking branch 'ooni/main'
55808fb 
# Conflicts:
#	h2_bundle.go
@BRUHItsABunny
Merge remote-tracking branch 'ooni/main'
c44602d 
# Conflicts:
#	h2_bundle.go
@BRUHItsABunny
Merge remote-tracking branch 'ooni/main'
8f8c5d0
@BRUHItsABunny
feat: add ability to use browser encodings
9852578
@BRUHItsABunny
feat: add ability to use browser encodings
4b34daf
@BRUHItsABunny
fix: default encoding to gzip
a3cdb82
@BRUHItsABunny
feat: add post handshake callback for certificate pinning
f2e7ae5
@BRUHItsABunny
feat: add post handshake callback for certificate pinning
acfb16b
@BRUHItsABunny
feat: add post handshake callback for certificate pinning
a9672b1
@ii64
feat: compressor streamable and lazy-init, hot path
469fd7d
@ii64
chore: use encoding name type
9fa006d
@ii64
chore: h2 bundle decompressor reader space
bb81738
@ii64
chore: rename factories to registry
cb35a8c
@ii64
Merge pull request #2 from BRUHItsABunny/feat/compressor-streamable
78c2cbf 
feat: compressor streamable and lazy-init, hot path
ii64 and others added 12 commits December 6, 2024 23:02
@ii64
fix: write request extra header to wire
e3308c1
@ii64
Merge pull request #3 from BRUHItsABunny/fix/extra-header-write-wire
07e5014 
fix: write request extra header to wire
@ii64
fix: accept-encoding fallback gzip
726f96d
@ii64
Merge pull request #4 from BRUHItsABunny/fix/compression-default
2d1d7bc 
fix: accept-encoding fallback gzip
@ii64
fix: extra header orderable
3d4b7cb
@ii64
Merge pull request #5 from BRUHItsABunny/fix/extra-header-orderable
c49ef06 
fix: extra header orderable
@ii64
fix: h2 bundle decompress encoding order
48b2637
@ii64
Merge pull request #6 from BRUHItsABunny/fix/h2-decompress
8b48780 
fix: h2 bundle decompress encoding order
@BRUHItsABunny
Merge remote-tracking branch 'ooni/main' into feat/merge-upstream
7469984 
# Conflicts:
#	go.mod
#	go.sum
#	request.go
@BRUHItsABunny
Merge pull request #7 from BRUHItsABunny/feat/merge-upstream
c43b283 
Feat/merge upstream
@BRUHItsABunny
fix: revert to the old way of checking for user agent presence
1cccadf
@BRUHItsABunny
Merge pull request #8 from BRUHItsABunny/fix/user-agent-issues-http1
996109d 
fix: revert to the old way of checking for user agent presence
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@BRUHItsABunny @bassosimone @sleeyax @ii64