mirror of
https://github.com/depler/curl-impersonate-win.git
synced 2025-08-03 11:50:09 +00:00
Add files via upload
This commit is contained in:
depler
154
patch/boringssl-old-ciphers.patch
Normal file
154
patch/boringssl-old-ciphers.patch
Normal file
@@ -0,0 +1,154 @@
|
||||
diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/internal.h boringssl/ssl/internal.h
|
||||
--- boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/internal.h 2021-11-22 19:06:04.000000000 +0200
|
||||
+++ boringssl/ssl/internal.h 2022-02-27 12:20:25.308284303 +0200
|
||||
@@ -566,4 +566,10 @@
|
||||
#define SSL_SHA1 0x00000001u
|
||||
+// curl-impersonate:
|
||||
+// SSL_SHA256 and SSL_SHA384 were removed in
|
||||
+// https://boringssl-review.googlesource.com/c/boringssl/+/27944/
|
||||
+// but restored to impersonate browsers with older ciphers.
|
||||
+#define SSL_SHA256 0x00000002u
|
||||
+#define SSL_SHA384 0x00000004u
|
||||
// SSL_AEAD is set for all AEADs.
|
||||
-#define SSL_AEAD 0x00000002u
|
||||
+#define SSL_AEAD 0x00000008u
|
||||
|
||||
diff -u1 -Nar --exclude build --exclude tags boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/ssl_cipher.cc boringssl/ssl/ssl_cipher.cc
|
||||
--- boringssl-3a667d10e94186fd503966f5638e134fe9fb4080/ssl/ssl_cipher.cc 2021-11-22 19:06:04.000000000 +0200
|
||||
+++ boringssl/ssl/ssl_cipher.cc 2022-02-27 13:54:05.378053046 +0200
|
||||
@@ -210,2 +210,33 @@
|
||||
|
||||
+ // curl-impersonate: Ciphers 3C, 3D were removed in
|
||||
+ // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
|
||||
+ // but restored here to impersonate browsers with older ciphers. They are
|
||||
+ // not expected to actually work; but just to be included in the TLS
|
||||
+ // Client Hello.
|
||||
+
|
||||
+ // TLS v1.2 ciphersuites
|
||||
+
|
||||
+ // Cipher 3C
|
||||
+ {
|
||||
+ TLS1_TXT_RSA_WITH_AES_128_SHA256,
|
||||
+ "TLS_RSA_WITH_AES_128_CBC_SHA256",
|
||||
+ TLS1_CK_RSA_WITH_AES_128_SHA256,
|
||||
+ SSL_kRSA,
|
||||
+ SSL_aRSA,
|
||||
+ SSL_AES128,
|
||||
+ SSL_SHA256,
|
||||
+ SSL_HANDSHAKE_MAC_SHA256,
|
||||
+ },
|
||||
+ // Cipher 3D
|
||||
+ {
|
||||
+ TLS1_TXT_RSA_WITH_AES_256_SHA256,
|
||||
+ "TLS_RSA_WITH_AES_256_CBC_SHA256",
|
||||
+ TLS1_CK_RSA_WITH_AES_256_SHA256,
|
||||
+ SSL_kRSA,
|
||||
+ SSL_aRSA,
|
||||
+ SSL_AES256,
|
||||
+ SSL_SHA256,
|
||||
+ SSL_HANDSHAKE_MAC_SHA256,
|
||||
+ },
|
||||
+
|
||||
// PSK cipher suites.
|
||||
@@ -300,2 +331,19 @@
|
||||
|
||||
+ // curl-impersonate: Cipher C008 was missing from BoringSSL,
|
||||
+ // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
|
||||
+ // where it is called ECDHE-ECDSA-DES-CBC3-SHA.
|
||||
+ // It's not supposed to really work but just appear in the TLS client hello.
|
||||
+
|
||||
+ // Cipher C008
|
||||
+ {
|
||||
+ "ECDHE-ECDSA-DES-CBC3-SHA",
|
||||
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
|
||||
+ 0x0300C008,
|
||||
+ SSL_kECDHE,
|
||||
+ SSL_aECDSA,
|
||||
+ SSL_3DES,
|
||||
+ SSL_SHA1,
|
||||
+ SSL_HANDSHAKE_MAC_DEFAULT,
|
||||
+ },
|
||||
+
|
||||
// Cipher C009
|
||||
@@ -324,2 +372,17 @@
|
||||
|
||||
+ // curl-impersonate: Cipher C012 was missing from BoringSSL,
|
||||
+ // probably because it is weak. Add it back from OpenSSL (ssl/s3_lib.c)
|
||||
+ // where it is called ECDHE-RSA-DES-CBC3-SHA
|
||||
+ // It's not supposed to really work but just appear in the TLS client hello.
|
||||
+ {
|
||||
+ "ECDHE-RSA-DES-CBC3-SHA",
|
||||
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
|
||||
+ 0x0300C012,
|
||||
+ SSL_kECDHE,
|
||||
+ SSL_aRSA,
|
||||
+ SSL_3DES,
|
||||
+ SSL_SHA1,
|
||||
+ SSL_HANDSHAKE_MAC_DEFAULT,
|
||||
+ },
|
||||
+
|
||||
// Cipher C013
|
||||
@@ -348,2 +411,55 @@
|
||||
|
||||
+ // curl-impersonate: Ciphers C023, C024, C027, C028 were removed in
|
||||
+ // https://boringssl-review.googlesource.com/c/boringssl/+/27944/
|
||||
+ // but restored here to impersonate browsers with older ciphers. They are
|
||||
+ // not expected to actually work; but just to be included in the TLS
|
||||
+ // Client Hello.
|
||||
+
|
||||
+ // HMAC based TLS v1.2 ciphersuites from RFC5289
|
||||
+
|
||||
+ // Cipher C023
|
||||
+ {
|
||||
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
|
||||
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
|
||||
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
|
||||
+ SSL_kECDHE,
|
||||
+ SSL_aECDSA,
|
||||
+ SSL_AES128,
|
||||
+ SSL_SHA256,
|
||||
+ SSL_HANDSHAKE_MAC_SHA256,
|
||||
+ },
|
||||
+ // Cipher C024
|
||||
+ {
|
||||
+ TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
|
||||
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
|
||||
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
|
||||
+ SSL_kECDHE,
|
||||
+ SSL_aECDSA,
|
||||
+ SSL_AES256,
|
||||
+ SSL_SHA384,
|
||||
+ SSL_HANDSHAKE_MAC_SHA384,
|
||||
+ },
|
||||
+ // Cipher C027
|
||||
+ {
|
||||
+ TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
|
||||
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
|
||||
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
|
||||
+ SSL_kECDHE,
|
||||
+ SSL_aRSA,
|
||||
+ SSL_AES128,
|
||||
+ SSL_SHA256,
|
||||
+ SSL_HANDSHAKE_MAC_SHA256,
|
||||
+ },
|
||||
+ // Cipher C028
|
||||
+ {
|
||||
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
|
||||
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
|
||||
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
|
||||
+ SSL_kECDHE,
|
||||
+ SSL_aRSA,
|
||||
+ SSL_AES256,
|
||||
+ SSL_SHA384,
|
||||
+ SSL_HANDSHAKE_MAC_SHA384,
|
||||
+ },
|
||||
+
|
||||
// GCM based TLS v1.2 ciphersuites from RFC 5289
|
||||
@@ -539,2 +655,7 @@
|
||||
{"SHA", ~0u, ~0u, ~0u, SSL_SHA1, 0},
|
||||
+ // curl-impersonate:
|
||||
+ // Removed in https://boringssl-review.googlesource.com/c/boringssl/+/27944/
|
||||
+ // but restored to impersonate browsers with older ciphers.
|
||||
+ {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
|
||||
+ {"SHA384", ~0u, ~0u, ~0u, SSL_SHA384, 0},
|
||||
|
||||
2209
patch/curl-impersonate.patch
Normal file
2209
patch/curl-impersonate.patch
Normal file
File diff suppressed because it is too large
Load Diff
7
patch/curl_chrome101.bat
Normal file
7
patch/curl_chrome101.bat
Normal file
@@ -0,0 +1,7 @@
|
||||
@echo off
|
||||
|
||||
rem The list of ciphers can be obtained by looking at the Client Hello message in
|
||||
rem Wireshark, then converting it using this reference
|
||||
rem https://wiki.mozilla.org/Security/Cipher_Suites
|
||||
|
||||
%~dp0curl.exe --ciphers "TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA" -H "sec-ch-ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"101\", \"Google Chrome\";v=\"101\"" -H "sec-ch-ua-mobile: ?0" -H "sec-ch-ua-platform: \"Windows\"" -H "Upgrade-Insecure-Requests: 1" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36" -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" -H "Sec-Fetch-Site: none" -H "Sec-Fetch-Mode: navigate" -H "Sec-Fetch-User: ?1" -H "Sec-Fetch-Dest: document" -H "Accept-Encoding: gzip, deflate, br" -H "Accept-Language: en-US,en;q=0.9" --http2 --false-start --compressed --tlsv1.2 --no-npn --alps --cert-compression brotli %*
|
||||
Reference in New Issue
Block a user