Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add automated tests to verify curl's TLS signature #9

Merged
merged 1 commit into from
Feb 23, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ The layout is similar for both. For example, the Firefox directory contains:
* [curl-configure.patch](firefox/patches/curl-configure.patch) - Patch to make curl compile with a static libnghttp2.
* [curl-static-libnss.patch](firefox/patches/curl-static-libnss.patch) - Patch to make curl compile with a static libnss.

Other files of interest:
* [tests/signatures.yaml](tests/signatures.yaml) - YAML database of known browser signatures that can be impersonated.

## What's next?
This was done in a very hacky way, but I hope it could be turned into a real project. Imagine that you could run:
```
Expand Down
21 changes: 21 additions & 0 deletions tests/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
FROM python:3.10.1-slim-buster

WORKDIR /tests

RUN apt-get update && \
apt-get install -y tcpdump libbrotli1 libnss3

COPY requirements.txt requirements.txt

RUN pip install --upgrade pip && \
pip install -r requirements.txt

RUN mkdir /tests/firefox /tests/chrome

# Copy the built binaries from both containers
COPY --from=curl-impersonate-ff /build/out/* /tests/firefox/
COPY --from=curl-impersonate-chrome /build/out/* /tests/chrome/

COPY . .

ENTRYPOINT ["pytest"]
24 changes: 24 additions & 0 deletions tests/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
The tests verify that `curl-impersonate` has the same network signature as that of the supported browsers. They do not test curl's functionality itself.

## Running the tests

The tests assume that you've built both `curl-impersonate-chrome` and `curl-impersonate-ff` docker images before (see [Installation](https://github.com/lwthiker/curl-impersonate#installation)).

To run the tests, build with:
```
docker build -t curl-impersonate-tests tests/
```
then run with:
```
docker run --rm curl-impersonate-tests
```
This simply runs `pytest` in the container. You can pass additional flags to `pytest` such as `--log-cli-level DEBUG`.

## How the tests work
For each supported browser, a packet capture is started while `curl-impersonate` is run with the relevant wrapper script. The Client Hello message is extracted from the capture, and compared against the known signature of the browser.

## What's missing
The following tests are still missing:
* Test that `curl-impersonate` sends the HTTP headers in the same order as the browser.
* Test that `curl-impersonate` sends the HTTP/2 pseudo-headers in the same order as the browser.
* Test that `curl-impersonate` sends the same HTTP/2 SETTINGS as the browser.
3 changes: 3 additions & 0 deletions tests/requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
pyyaml
pytest
dpkt
Loading