Блог

Главная - Вопросы по программированию - Powershell Invoke-в веб-запросе отсутствуют некоторые расширения, найденные в браузерах

Powershell Invoke-в веб-запросе отсутствуют некоторые расширения, найденные в браузерах

#powershell #tls1.2

Вопрос:

Используя fiddler, я вижу различные расширения ssl между Chrome, Firefox и PoSh.

Как заставить invoke-webrequest имитировать chrome/firefox?

Пош скучает по этим и другим…

     ALPN        h2, http/1.1
    status_request  OCSP - Implicit Responder

Шикарный 5.1

 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$ua = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0'
$wr = iwr https://www.w3schools.com -SessionVariable w3 -UserAgent $ua -Headers @{'Accept-Encoding'='gzip, deflate, br'}

Результаты Powershell

 CONNECT www.w3schools.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Host: www.w3schools.com

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
    ...removed for brevity...
Extensions: 
    server_name www.w3schools.com
    supported_groups    secp384r1 [0x18], secp256r1 [0x17]
    ec_point_formats    uncompressed [0x0]
    signature_algs  rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha1, ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_sha1, dsa_sha1, rsa_pkcs1_sha512, ecdsa_secp521r1_sha512
    SessionTicket   empty
    extended_master_secret  empty
    renegotiation_info  00

    ...removed for brevity...

браузер Firefox

 CONNECT www.w3schools.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Connection: keep-alive
Connection: keep-alive
Host: www.w3schools.com:443

A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
    ...removed for brevity...
Extensions: 
    server_name www.w3schools.com
    extended_master_secret  empty
    renegotiation_info  00
    supported_groups    x25519 [0x1d], secp256r1 [0x17], secp384r1 [0x18], secp521r1 [0x19], ffdhe2048 [0x0100], ffdhe3072 [0x0101]
    ec_point_formats    uncompressed [0x0]
    SessionTicket   empty
    ALPN        h2, http/1.1
    status_request  OCSP - Implicit Responder
    key_share   00 69 00 1D 00 20 3B 99 6A 58 5B C8 02 7C 2C 39 84 D4 05 07 DF FE 97 1C A5 13 73 3A EE B3 43 C7 23 9E 43 E9 B2 04 00 17 00 41 04 5D EC F9 6D FB C0 57 BD 56 1D 76 BF B1 76 23 DC E1 61 17 57 91 CC 6C 43 B3 2C 12 64 0C CE 04 E1 68 DB 00 A0 F7 12 77 7D 7E 1B 5B 74 69 3A 38 CD B6 ED 1B 69 0C C9 8C 0D CC F3 E3 34 E7 EB A6 E2
    supported_versions  Tls1.3, Tls1.2
    signature_algs  ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1
    psk_key_exchange_modes  01 01
    0x001c      40 01
    padding     145 null bytes
    ...removed for brevity...

Chrome выглядит примерно так же, как Firefox.

Комментарии:

1. аналогичная проблема… forums.aws.amazon.com/thread.jspa?messageID=915075

Метки: ,