Impersonate chrome 109 #142
Conversation
chrome/curl_chrome109
Outdated
| # https://wiki.mozilla.org/Security/Cipher_Suites | ||
| "$dir/curl-impersonate-chrome" \ | ||
| --ciphers TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA \ | ||
| -H 'sec-ch-ua: "Google Chrome";v="107", "Chromium";v="107", "Not=A?Brand";v="24"' \ |
There was a problem hiding this comment.
Should be: "Not=A?Brand";v="99", Google Chrome";v="109", "Chromium";v="109" to match chrome/patches/curl-impersonate.patch.
chrome/curl_chrome109
Outdated
| -H 'sec-ch-ua-mobile: ?0' \ | ||
| -H 'sec-ch-ua-platform: "Windows"' \ | ||
| -H 'Upgrade-Insecure-Requests: 1' \ | ||
| -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36' \ |
There was a problem hiding this comment.
Should be: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 to match chrome/patches/curl-impersonate.patch.
| @@ -1212,6 +1229,48 @@ index 000000000..2c8a4d3f9 | |||
| + .http2_no_server_push = true | |||
| + }, | |||
| + { | |||
| + .target = "chrome107", | |||
There was a problem hiding this comment.
Should be: "chrome109".
This entry is also indented more than other entries.
|
Thanks @jjsaunier and @gg, this is a great addition. I will have a look in the upcoming days. |
|
@jjsaunier Alright, it would also be helpful if you could submit the changes to curl itself to this forked curl repository: https://github.com/lwthiker/curl (You can branch off the |
|
should be good |
|
Thank you. Since Chrome 110 is already out, I couldn't verify the Chrome 109 signature. I took the liberty to modify your PR to Chrome 110 instead. I did some cosmetic changes to the curl patch, and added tests that support the TLS permutation. It's all in #148 |
Adding Chrome109 fingerprint - it's the same as 107; it introduces the TLS extensions permutation (https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_set_permute_extensions) and is available through
--tls-permute-extensionsandCURLOPT_SSL_PERMUTE_EXTENSIONSto enable it.I think 108 works the same way, but I can't assert since I jumped this major - so it could be backported to 108 in another PR
Regarding the test, not sure how to handle it; it requires performing at least two consecutive calls, the test suite is already slow and currently not architectured that way (compared against the previous signature) - it could be a great addition since TLS ticket resumption (first vs reuse) affect the client hello.