What all TLS Parameters in Client Hello can be Modified?

Hi,

I am testing TLS Finger Printing for that I need to change following parameters in Client Hello for the Server to Perform some MD5 Calculation:
Protocol version,
Accepted Ciphers,
List of Extensions,
Elliptic Curves, and
Elliptic Curve Formats
Currently based on my Search we can modify Protocol Version and Accepted Ciphers which is good but I want to know can we also change other Parameters like List of Extensions, Elliptic Curves, Elliptic Curve Formats in Client and sent to Server.

Unfortunately you can’t change these via normal k6 scripts at the moment. The only way you could change them is if you used xk6 Go extensions to modify the tls.Config that k6 constructs internally and saves in every VU State. More details:

Thanks @ned for the response. I will give it a try and see how it goes.

Hi @ned ,

I am able to build k6 binary using following xk6 command:

  1. cd basedir/xk6
  2. ls
  3. ls output:
    root@client2:~/srikr/Tools/xk6# ls
    builder.go cmd go.mod LICENSE platforms.go vendor
    builder_test.go environment.go go.sum Makefile README.md
  4. Ran the following command:
    xk6 build v0.35.0 --with github.com/grafana/xk6-browser@v0.1.1
  5. In the basedir/xk6 it created k6 binary after downloading the source code from graphana · GitHub into tmp directory and compiling it
    The k6 binary is created but I am not able to see any tls.Config file to modify and rebuild. Can you please let me know the steps to download the code permanantly and modify tls.Config as the way I wanted and rebuild k6 Binary rather the downloading the code to /tmp location and rebuild always.
    Also which of the following TLS Stack k6 uses:
    a) crypt/tls
    b) GnuTLS
    c) OpenSSL
    d) JSSE (Java Secure sockets extension)
    e) or TLS Stacks used by Web Browsers

xk6-browser is an already existing extension that allows k6 to control browsers, that is not what you need. You need to write a new extension to solve your specific TLS issue, please refer to the link I sent above about that: Create an extension

Also which of the following TLS Stack k6 uses:

k6 (and its xk6 extensions) are written in the Go programming language and use the crypto/tls package that is built into the Go standard library.

Thanks @ned … I am not very good at Java Script and go language. To start of with I just tried following:

  1. copied the compare extension given in example and created a file name compare.go and placed in directory src which I created inside basedir/xk6

  2. ran following build command as mentioned in the link:
    xk6 build --with xk6-compare=.

  3. It built the binary

  4. when I created a testscript and ran it throwed following error:
    root@client2:~/srikr/Tools/xk6# ./k6 run test/test.js

     /\      |\u203e\u203e| /\u203e\u203e/   /\u203e\u203e/   
    

    /\ / \ | |/ / / /
    / / \ | ( / \u203e\u203e\
    / \ | |\ \ | (\u203e) |
    / __________ \ |__| _\ ____/ .io

ERRO[0001] unknown module: k6/x/compare
at go.k6.io/k6/js.(*InitContext).Require-fm (native)
at file:///root/srikr/Tools/xk6/test/test.js:1:0(18) hint=“script exception”
5) then I copied the compare.go file in the same xk6 directory and did the build it resulted in following error:
xk6-compare.go:2:8: found packages xk6 (builder.go) and compare (compare.go) in /root/srikr/Tools/xk6
2022/04/28 14:43:33 [INFO] Cleaning up temporary folder: /tmp/buildenv_2022-04-28-1443.82248662
2022/04/28 14:43:33 [FATAL] exit status 1
Based on above problem I have following questions:
a) Where should I keep the extension file(compare.go) and start the build
b) Can you give a simple example script which can do the following you mentioned in above responses
- modify the tls.Config that k6 constructs internally and saves in every VU State

I am sorry, but you need to know Go before you can write an xk6 extension or a k6 patch. I can’t help you enough with a few forum posts…

The specific error you encountered seems to be because you probably have different Go package names in files in the same folder.

Thanks @ned for the pointers, As a initial step I hardcorded tls configs and was able to write following xk6 working code(extension and test script):

package xk6

import (
        "go.k6.io/k6/js/modules"
        "crypto/tls"
        "fmt"
)

type TlsConfigChange struct{
}

func init() {
    modules.Register("k6/x/tlsconfigchange", new(TlsConfigChange))
}
func (*TlsConfigChange) ConfigureTlsSettings(servername string) *tls.Config {
    config := &tls.Config{
                 ServerName: servername,
                 CipherSuites: []uint16{
                     tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
                     tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
                     tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
                     tls.TLS_RSA_WITH_AES_256_CBC_SHA,
                 },
                 MinVersion: tls.VersionTLS12,
                 MaxVersion: tls.VersionTLS13,
                 SessionTicketsDisabled: false,
                 CurvePreferences: []tls.CurveID{tls.X25519, tls.CurveP521, tls.CurveP384, tls.CurveP256},
                 DynamicRecordSizingDisabled: true,
                 Renegotiation: 2,
    }
    fmt.Println("Tls Config = ", config)
    return config
}
import tlsconfigchange from 'k6/x/tlsconfigchange';

export default function () {
  console.log("Test Configs = ", tlsconfigchange.configureTlsSettings("test.abc.com"));
}

Now based on my code I got the config to program TLS of VU but I am not sure, how
this config can be applied to VU directly from JS file.
Do i need to write some code shown below or cant we not directly set the config to k6 and start the k6.

conn, err := tls.Dial("tcp", "127.0.0.1:443", config)
    if err != nil {
        log.Println(err)
        return
    }
    defer conn.Close()

Any Inputs @ned

Thanks
Srikanth

See https://k6.io/docs/extensions/guides/create-an-extension/#advanced-javascript-extension for how you can get a pointer to the VU lib.State object in your extension. Then you can replace the TLSConfig property in that struct with whatever you want.

I am sorry, but I can’t help you anymore than that. You need some Go knowledge to understand how xk6 extensions work and how to modify the things you want.