utls-light
curl-impersonate
| utls-light | curl-impersonate | |
|---|---|---|
| 1 | 31 | |
| 24 | 3,356 | |
| - | - | |
| 2.9 | 7.1 | |
| 3 months ago | 3 months ago | |
| Go | Python | |
| BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
utls-light
-
Planning Go 1.20 Cryptography Work
This kind of flexibility is a non-goal of crypto/tls. We have a TLS stack with one of the best security track records because we implement an opinionated subset of the specification, amongst other things. Moreover, fingerprint evasion is a cat-and-mouse game we can't sustain in the six months Go release cycle.
That doesn't mean I don't care! I was just talking with a friend about this the other day, and I suggested it should be possible to make a small, easily maintained patch that focuses on chasing the fingerprint of one well-known browser. He implemented https://github.com/hellais/utls-light in that spirit, which looks like a viable solution to me.
Anyway, I think matching TLS fingerprints to HTTP User-Agent strings is a valid abuse prevention technique. Rejecting any non-browser fingerprint is bad, and websites should get pushback for that, but I am skeptical that's something they can reliably do without breaking any time Chrome flips a field study. TLS is not _that_ rusted shut.
curl-impersonate
-
Recent 'MFA Bombing' Attacks Targeting Apple Users
> us[e] Akamai to block scraping
Would https://github.com/lwthiker/curl-impersonate help? Haven’t tried with Akamai, but did help with another widely used CDN that shall remain unnamed (but has successfully infused me with burning hate for their products after a couple of years’ worth of using an always-on VPN to bypass Internet censorship and/or a slightly unusual browser).
- Curl-impersonate: Mimic real browsers' TLS handshake with curl
-
Get RSS feed for your Ko-Fi account
But before that, I had to create a development environment where I could do the coding. I used Docker and created a docker-compose.yml file on my local system to build a container. At first, I did that on an Arm based computer and the first problem appeared. Although RSS-Bridge was working fine, I couldn't get any data, and the reason was that Ko-Fi.com uses Cloudflare CDN. This is something that a lot of people had issues with in the past. RSS-Bridge solves that problem by using a special build of curl that can impersonate the four major browsers: Chrome, Edge, Safari & Firefox. But unfortunately, that library doesn't work well on Arm-based systems, so I had to move to my trusty Intel-based Linux computer.
-
curl-impersonate VS curl-impersonate-php - a user suggested alternative
2 projects | 2 Aug 2023
-
Found a way to bypass Cloudflare 403 forbidden in cURL, fetch
Curl-Impersonate: https://github.com/lwthiker/curl-impersonate A special build of curl that can impersonate Chrome & Firefox
- Weird API behavior: Only Postman and browser consistently work but making same request with requests library gets a Captcha instead.
-
Web fingerprinting is worse than I thought
I haven’t seen a custom build of Wget, but for Curl there is curl-impersonate[1].
[1] https://github.com/lwthiker/curl-impersonate
- Using selenium with proxy still hit bot detection
- Devirtualizing Nike.com's Bot Protection (Part 1)
-
Bypassing University Internet Restrictions for Legal Purposes (to access my homeservers/raspberry Pis/VPS)
If you're just trying to pull a file, the curl-impersonate could be a low-effort option.
What are some alternatives?
curl_cffi - Python binding for curl-impersonate via cffi. A http client that can impersonate browser tls/ja3/http2 fingerprints.
challenge-bypass-extension - DEPRECATED - Client for Privacy Pass protocol providing unlinkable cryptographic tokens
puppeteer - Node.js API for Chrome
SendWhatsppTextByJavaScript - Here is small JS Script for sending a message in a loop.
static-curl - fully static builds of curl, runs anywhere
browsercookie
instagram-private-api - NodeJS Instagram private API SDK. Written in TypeScript.
node-libcurl-impersonate - libcurl (curl-impersonate) bindings for Node.js
gobuster - Directory/File, DNS and VHost busting tool written in Go
fingerprintjs - Browser fingerprinting library. Accuracy of this version is 40-60%, accuracy of the commercial Fingerprint Identification is 99.5%. V4 of this library is BSL licensed.
reqwest-impersonate - Impersonating the Chrome browser made easy
GraphQLmap - GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)