-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impersonate chrome 109 #142
Conversation
chrome/curl_chrome109
Outdated
# https://wiki.mozilla.org/Security/Cipher_Suites | ||
"$dir/curl-impersonate-chrome" \ | ||
--ciphers TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA \ | ||
-H 'sec-ch-ua: "Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be: "Not=A?Brand";v="99", Google Chrome";v="109", "Chromium";v="109"
to match chrome/patches/curl-impersonate.patch.
chrome/curl_chrome109
Outdated
-H 'sec-ch-ua-mobile: ?0' \ | ||
-H 'sec-ch-ua-platform: "Windows"' \ | ||
-H 'Upgrade-Insecure-Requests: 1' \ | ||
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36' \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
to match chrome/patches/curl-impersonate.patch.
@@ -1212,6 +1229,48 @@ index 000000000..2c8a4d3f9 | |||
+ .http2_no_server_push = true | |||
+ }, | |||
+ { | |||
+ .target = "chrome107", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be: "chrome109"
.
This entry is also indented more than other entries.
Thanks @jjsaunier and @gg, this is a great addition. I will have a look in the upcoming days. |
@jjsaunier Alright, it would also be helpful if you could submit the changes to curl itself to this forked curl repository: https://github.com/lwthiker/curl (You can branch off the |
should be good |
Thank you. Since Chrome 110 is already out, I couldn't verify the Chrome 109 signature. I took the liberty to modify your PR to Chrome 110 instead. I did some cosmetic changes to the curl patch, and added tests that support the TLS permutation. It's all in #148 |
Adding Chrome109 fingerprint - it's the same as 107; it introduces the TLS extensions permutation (https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_set_permute_extensions) and is available through
--tls-permute-extensions
andCURLOPT_SSL_PERMUTE_EXTENSIONS
to enable it.I think 108 works the same way, but I can't assert since I jumped this major - so it could be backported to 108 in another PR
Regarding the test, not sure how to handle it; it requires performing at least two consecutive calls, the test suite is already slow and currently not architectured that way (compared against the previous signature) - it could be a great addition since TLS ticket resumption (first vs reuse) affect the client hello.