hoelee/curl-impersonate-win
1
0
Fork 0
mirror of https://github.com/depler/curl-impersonate-win.git synced 2025-04-27 07:26:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

code

Browse Source
This commit is contained in:
depler 2023-02-27 11:43:38 +03:00
parent 77d68066a7
commit eb4d2fc165
6 changed files with 393 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
build.bat
View File

@ -34,8 +34,8 @@ set OPENSSL_LIBPATH=%ROOT%boringssl\lib
set OPENSSL_LIBS=-lssl -lcrypto
cd %ROOT%curl
mingw32-make mingw32-clean
mingw32-make mingw32 -j
mingw32-make mingw32-clean -f Makefile.dist
mingw32-make mingw32 -f Makefile.dist -j
mkdir bin
move /y lib\*.dll bin

4
copy_and_patch.bat
View File

@ -1,7 +1,7 @@
xcopy .\boringssl_original\* .\boringssl\ /r /d /i /s /y /exclude:.\patch\excludecopy.txt
xcopy .\curl_original\* .\curl\ /r /d /i /s /y /exclude:.\patch\excludecopy.txt
start patch_boringssl.bat
start patch_curl.bat
call patch_boringssl.bat
call patch_curl.bat
pause

470
patch/curl-impersonate.patch
View File

@ -82,10 +82,10 @@ index aaf2b8a43..ccfa52985 100644
echo "curl was built with static libraries disabled" >&2
exit 1
diff --git a/include/curl/curl.h b/include/curl/curl.h
index b00648e79..8f8f19799 100644
index b00648e79..a8edd2e2d 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -2143,6 +2143,38 @@ typedef enum {
@@ -2143,6 +2143,50 @@ typedef enum {
/* set the SSH host key callback custom pointer */
CURLOPT(CURLOPT_SSH_HOSTKEYDATA, CURLOPTTYPE_CBPOINT, 317),
@ -120,15 +120,27 @@ index b00648e79..8f8f19799 100644
+ * appearance in the HTTP/2 HEADERS frame.
+ */
+ CURLOPT(CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER, CURLOPTTYPE_STRINGPOINT, 323),
+
+ /*
+ * curl-impersonate:
+ * Disable HTTP2 server push in the HTTP2 SETTINGS.
+ */
+ CURLOPT(CURLOPT_HTTP2_NO_SERVER_PUSH, CURLOPTTYPE_LONG, 324),
+
+ /*
+ * curl-impersonate: Whether to enable Boringssl permute extensions
+ * See https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_set_permute_extensions.
+ */
+ CURLOPT(CURLOPT_SSL_PERMUTE_EXTENSIONS, CURLOPTTYPE_LONG, 325),
+
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
diff --git a/include/curl/easy.h b/include/curl/easy.h
index 9c7e63ada..d93353c69 100644
index 9c7e63ada..a3c54c4af 100644
--- a/include/curl/easy.h
+++ b/include/curl/easy.h
@@ -43,6 +43,15 @@ CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...);
@@ -43,6 +43,16 @@ CURL_EXTERN CURLcode curl_easy_setopt(CURL *curl, CURLoption option, ...);
CURL_EXTERN CURLcode curl_easy_perform(CURL *curl);
CURL_EXTERN void curl_easy_cleanup(CURL *curl);
@ -139,7 +151,8 @@ index 9c7e63ada..d93353c69 100644
+ * created as a separate API function and not just as another option to
+ * curl_easy_setopt().
+ */
+CURL_EXTERN CURLcode curl_easy_impersonate(CURL *curl, const char *target);
+CURL_EXTERN CURLcode curl_easy_impersonate(CURL *curl, const char *target,
+ int default_headers);
+
/*
* NAME curl_easy_getinfo()
@ -237,7 +250,7 @@ index 9bd8e324b..bfd5e90e2 100644
inet_pton.c \
krb5.c \
diff --git a/lib/easy.c b/lib/easy.c
index 704a59df6..c3ee9ac97 100644
index 704a59df6..f486362c0 100644
--- a/lib/easy.c
+++ b/lib/easy.c
@@ -81,6 +81,8 @@
@ -249,7 +262,7 @@ index 704a59df6..c3ee9ac97 100644
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
@@ -332,6 +334,119 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
@@ -332,6 +334,134 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
return rc;
}
@ -258,7 +271,8 @@ index 704a59df6..c3ee9ac97 100644
+ * Call curl_easy_setopt() with all the needed options as defined in the
+ * 'impersonations' array.
+ * */
+CURLcode curl_easy_impersonate(struct Curl_easy *data, const char *target)
+CURLcode curl_easy_impersonate(struct Curl_easy *data, const char *target,
+ int default_headers)
+{
+ int i;
+ int ret;
@ -325,6 +339,12 @@ index 704a59df6..c3ee9ac97 100644
+ if(ret)
+ return ret;
+
+ if(opts->tls_permute_extensions) {
+ ret = curl_easy_setopt(data, CURLOPT_SSL_PERMUTE_EXTENSIONS, 1);
+ if(ret)
+ return ret;
+ }
+
+ if(opts->cert_compression) {
+ ret = curl_easy_setopt(data,
+ CURLOPT_SSL_CERT_COMPRESSION,
@ -333,21 +353,23 @@ index 704a59df6..c3ee9ac97 100644
+ return ret;
+ }
+
+ /* Build a linked list out of the static array of headers. */
+ for(i = 0; i < IMPERSONATE_MAX_HEADERS; i++) {
+ if(opts->http_headers[i]) {
+ headers = curl_slist_append(headers, opts->http_headers[i]);
+ if(!headers) {
+ return CURLE_OUT_OF_MEMORY;
+ if(default_headers) {
+ /* Build a linked list out of the static array of headers. */
+ for(i = 0; i < IMPERSONATE_MAX_HEADERS; i++) {
+ if(opts->http_headers[i]) {
+ headers = curl_slist_append(headers, opts->http_headers[i]);
+ if(!headers) {
+ return CURLE_OUT_OF_MEMORY;
+ }
+ }
+ }
+ }
+
+ if(headers) {
+ ret = curl_easy_setopt(data, CURLOPT_HTTPBASEHEADER, headers);
+ curl_slist_free_all(headers);
+ if(ret)
+ return ret;
+ if(headers) {
+ ret = curl_easy_setopt(data, CURLOPT_HTTPBASEHEADER, headers);
+ curl_slist_free_all(headers);
+ if(ret)
+ return ret;
+ }
+ }
+
+ if(opts->http2_pseudo_headers_order) {
@ -358,6 +380,12 @@ index 704a59df6..c3ee9ac97 100644
+ return ret;
+ }
+
+ if(opts->http2_no_server_push) {
+ ret = curl_easy_setopt(data, CURLOPT_HTTP2_NO_SERVER_PUSH, 1L);
+ if(ret)
+ return ret;
+ }
+
+ /* Always enable all supported compressions. */
+ ret = curl_easy_setopt(data, CURLOPT_ACCEPT_ENCODING, "");
+ if(ret)
@ -369,15 +397,16 @@ index 704a59df6..c3ee9ac97 100644
/*
* curl_easy_init() is the external interface to alloc, setup and init an
* easy handle that is returned. If anything goes wrong, NULL is returned.
@@ -340,6 +455,7 @@ struct Curl_easy *curl_easy_init(void)
@@ -340,6 +470,8 @@ struct Curl_easy *curl_easy_init(void)
{
CURLcode result;
struct Curl_easy *data;
+ char *target;
+ char *env_target;
+ char *env_headers;
/* Make sure we inited the global SSL stuff */
global_init_lock();
@@ -362,6 +478,22 @@ struct Curl_easy *curl_easy_init(void)
@@ -362,6 +494,29 @@ struct Curl_easy *curl_easy_init(void)
return NULL;
}
@ -387,10 +416,17 @@ index 704a59df6..c3ee9ac97 100644
+ * This is a bit hacky but allows seamless integration of libcurl-impersonate
+ * without code modifications to the app.
+ */
+ target = curl_getenv("CURL_IMPERSONATE");
+ if(target) {
+ result = curl_easy_impersonate(data, target);
+ free(target);
+ env_target = curl_getenv("CURL_IMPERSONATE");
+ if(env_target) {
+ env_headers = curl_getenv("CURL_IMPERSONATE_HEADERS");
+ if(env_headers) {
+ result = curl_easy_impersonate(data, env_target,
+ !Curl_strcasecompare(env_headers, "no"));
+ free(env_headers);
+ } else {
+ result = curl_easy_impersonate(data, env_target, true);
+ }
+ free(env_target);
+ if(result) {
+ Curl_close(&data);
+ return NULL;
@ -400,7 +436,7 @@ index 704a59df6..c3ee9ac97 100644
return data;
}
@@ -936,6 +1068,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
@@ -936,6 +1091,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
outcurl->state.referer_alloc = TRUE;
}
@ -414,45 +450,58 @@ index 704a59df6..c3ee9ac97 100644
/* Reinitialize an SSL engine for the new handle
* note: the engine name has already been copied by dupset */
if(outcurl->set.str[STRING_SSL_ENGINE]) {
@@ -1025,6 +1164,8 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
@@ -1025,6 +1187,9 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
*/
void curl_easy_reset(struct Curl_easy *data)
{
+ char *target;
+ char *env_target;
+ char *env_headers;
+
Curl_free_request_state(data);
/* zero out UserDefined data: */
@@ -1049,6 +1190,12 @@ void curl_easy_reset(struct Curl_easy *data)
@@ -1049,6 +1214,23 @@ void curl_easy_reset(struct Curl_easy *data)
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
Curl_http_auth_cleanup_digest(data);
#endif
+
+ target = curl_getenv("CURL_IMPERSONATE");
+ if(target) {
+ curl_easy_impersonate(data, target);
+ free(target);
+ /*
+ * curl-impersonate: Hook into curl_easy_reset() to set the required options
+ * from an environment variable, just like in curl_easy_init().
+ */
+ env_target = curl_getenv("CURL_IMPERSONATE");
+ if(env_target) {
+ env_headers = curl_getenv("CURL_IMPERSONATE_HEADERS");
+ if(env_headers) {
+ curl_easy_impersonate(data, env_target,
+ !Curl_strcasecompare(env_headers, "no"));
+ free(env_headers);
+ } else {
+ curl_easy_impersonate(data, env_target, true);
+ }
+ free(env_target);
+ }
}
/*
diff --git a/lib/easyoptions.c b/lib/easyoptions.c
index c99f135ff..f3ebffa3e 100644
index c99f135ff..6b63fe4ae 100644
--- a/lib/easyoptions.c
+++ b/lib/easyoptions.c
@@ -130,8 +130,11 @@ struct curl_easyoption Curl_easyopts[] = {
@@ -130,8 +130,12 @@ struct curl_easyoption Curl_easyopts[] = {
{"HSTS_CTRL", CURLOPT_HSTS_CTRL, CURLOT_LONG, 0},
{"HTTP09_ALLOWED", CURLOPT_HTTP09_ALLOWED, CURLOT_LONG, 0},
{"HTTP200ALIASES", CURLOPT_HTTP200ALIASES, CURLOT_SLIST, 0},
+ {"HTTP2_PSEUDO_HEADERS_ORDER", CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER,
+ CURLOT_STRING, 0},
+ {"HTTP2_NO_SERVER_PUSH", CURLOPT_HTTP2_NO_SERVER_PUSH, CURLOT_LONG, 0},
{"HTTPAUTH", CURLOPT_HTTPAUTH, CURLOT_VALUES, 0},
{"HTTPGET", CURLOPT_HTTPGET, CURLOT_LONG, 0},
+ {"HTTPBASEHEADER", CURLOPT_HTTPBASEHEADER, CURLOT_SLIST, 0},
{"HTTPHEADER", CURLOPT_HTTPHEADER, CURLOT_SLIST, 0},
{"HTTPPOST", CURLOPT_HTTPPOST, CURLOT_OBJECT, 0},
{"HTTPPROXYTUNNEL", CURLOPT_HTTPPROXYTUNNEL, CURLOT_LONG, 0},
@@ -297,15 +300,19 @@ struct curl_easyoption Curl_easyopts[] = {
@@ -297,18 +301,23 @@ struct curl_easyoption Curl_easyopts[] = {
{"SSLKEYTYPE", CURLOPT_SSLKEYTYPE, CURLOT_STRING, 0},
{"SSLKEY_BLOB", CURLOPT_SSLKEY_BLOB, CURLOT_BLOB, 0},
{"SSLVERSION", CURLOPT_SSLVERSION, CURLOT_VALUES, 0},
@ -472,12 +521,16 @@ index c99f135ff..f3ebffa3e 100644
{"SSL_VERIFYHOST", CURLOPT_SSL_VERIFYHOST, CURLOT_LONG, 0},
{"SSL_VERIFYPEER", CURLOPT_SSL_VERIFYPEER, CURLOT_LONG, 0},
{"SSL_VERIFYSTATUS", CURLOPT_SSL_VERIFYSTATUS, CURLOT_LONG, 0},
@@ -364,6 +371,6 @@ struct curl_easyoption Curl_easyopts[] = {
+ {"SSL_PERMUTE_EXTENSIONS", CURLOPT_SSL_PERMUTE_EXTENSIONS, CURLOT_LONG, 0},
{"STDERR", CURLOPT_STDERR, CURLOT_OBJECT, 0},
{"STREAM_DEPENDS", CURLOPT_STREAM_DEPENDS, CURLOT_OBJECT, 0},
{"STREAM_DEPENDS_E", CURLOPT_STREAM_DEPENDS_E, CURLOT_OBJECT, 0},
@@ -364,6 +373,6 @@ struct curl_easyoption Curl_easyopts[] = {
*/
int Curl_easyopts_check(void)
{
- return ((CURLOPT_LASTENTRY%10000) != (317 + 1));
+ return ((CURLOPT_LASTENTRY%10000) != (323 + 1));
+ return ((CURLOPT_LASTENTRY%10000) != (325 + 1));
}
#endif
diff --git a/lib/h2h3.c b/lib/h2h3.c
@ -654,7 +707,7 @@ index 9453cf55b..01f8918ea 100644
}
nva[i] = authority;
diff --git a/lib/http.c b/lib/http.c
index 258722a60..b8990121d 100644
index 258722a60..9a06e281a 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -85,6 +85,7 @@
@ -709,7 +762,7 @@ index 258722a60..b8990121d 100644
#endif
/* loop through one or two lists */
@@ -2069,6 +2079,92 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
@@ -2069,6 +2079,108 @@ void Curl_http_method(struct Curl_easy *data, struct connectdata *conn,
*reqp = httpreq;
}
@ -729,6 +782,7 @@ index 258722a60..b8990121d 100644
+ struct curl_slist *head;
+ struct curl_slist *dup = NULL;
+ struct curl_slist *new_list = NULL;
+ char *uagent;
+
+ if (!data->state.base_headers)
+ return CURLE_OK;
@ -765,6 +819,21 @@ index 258722a60..b8990121d 100644
+ }
+ }
+
+ /* If the user agent was set with CURLOPT_USERAGENT, but not with
+ * CURLOPT_HTTPHEADER, take it from there instead. */
+ if(!found &&
+ strncasecompare(head->data, "User-Agent", prefix_len) &&
+ data->set.str[STRING_USERAGENT] &&
+ *data->set.str[STRING_USERAGENT]) {
+ uagent = aprintf("User-Agent: %s", data->set.str[STRING_USERAGENT]);
+ if(!uagent) {
+ ret = CURLE_OUT_OF_MEMORY;
+ goto fail;
+ }
+ new_list = Curl_slist_append_nodup(new_list, uagent);
+ found = TRUE;
+ }
+
+ if (!found) {
+ new_list = curl_slist_append(new_list, head->data);
+ }
@ -802,7 +871,7 @@ index 258722a60..b8990121d 100644
CURLcode Curl_http_useragent(struct Curl_easy *data)
{
/* The User-Agent string might have been allocated in url.c already, because
@@ -3088,6 +3184,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
@@ -3088,6 +3200,11 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done)
http = data->req.p.http;
DEBUGASSERT(http);
@ -815,7 +884,7 @@ index 258722a60..b8990121d 100644
if(result)
return result;
diff --git a/lib/http.h b/lib/http.h
index 9eff6b1ff..912fa3c23 100644
index 9eff6b1ff..d6ecbd6c0 100644
--- a/lib/http.h
+++ b/lib/http.h
@@ -327,7 +327,8 @@ struct http_conn {
@ -824,12 +893,12 @@ index 9eff6b1ff..912fa3c23 100644
/* list of settings that will be sent */
- nghttp2_settings_entry local_settings[3];
+ /* curl-impersonate: Align HTTP/2 settings to Chrome's */
+ nghttp2_settings_entry local_settings[4];
+ nghttp2_settings_entry local_settings[8];
size_t local_settings_num;
#else
int unused; /* prevent a compiler warning */
diff --git a/lib/http2.c b/lib/http2.c
index f6364d0e0..740d19535 100644
index f6364d0e0..e0b6d4a2d 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -46,6 +46,7 @@
@ -881,31 +950,45 @@ index f6364d0e0..740d19535 100644
}
static int http2_getsock(struct Curl_easy *data,
@@ -1212,16 +1221,30 @@ static void populate_settings(struct Curl_easy *data,
@@ -1210,18 +1219,40 @@ static int error_callback(nghttp2_session *session,
static void populate_settings(struct Curl_easy *data,
struct http_conn *httpc)
{
+ int i = 0;
nghttp2_settings_entry *iv = httpc->local_settings;
- iv[0].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
- iv[0].value = Curl_multi_max_concurrent_streams(data->multi);
+ /* curl-impersonate: Align HTTP/2 settings to Chrome's */
+ iv[0].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
+ iv[0].value = 0x10000;
+
+ iv[1].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
+ iv[1].value = Curl_multi_max_concurrent_streams(data->multi);
+
+ iv[2].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
+ iv[2].value = 0x600000;
-
- iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
- iv[1].value = HTTP2_HUGE_WINDOW_SIZE;
+ iv[3].settings_id = NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE;
+ iv[3].value = 0x40000;
-
- iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
- iv[2].value = data->multi->push_cb != NULL;
+ // iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
+ // iv[2].value = data->multi->push_cb != NULL;
-
- httpc->local_settings_num = 3;
+ /* curl-impersonate: Align HTTP/2 settings to Chrome's */
+ iv[i].settings_id = NGHTTP2_SETTINGS_HEADER_TABLE_SIZE;
+ iv[i].value = 0x10000;
+ i++;
+
+ if(data->set.http2_no_server_push) {
+ iv[i].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH;
+ iv[i].value = 0;
+ i++;
+ }
+
+ iv[i].settings_id = NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS;
+ iv[i].value = Curl_multi_max_concurrent_streams(data->multi);
+ i++;
+
+ iv[i].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE;
+ iv[i].value = 0x600000;
+ i++;
+
+ iv[i].settings_id = NGHTTP2_SETTINGS_MAX_HEADER_LIST_SIZE;
+ iv[i].value = 0x40000;
+ i++;
+
+ // curl-impersonate:
+ // Up until Chrome 98, there was a randomly chosen setting number in the
@ -913,9 +996,8 @@ index f6364d0e0..740d19535 100644
+ // However, it seems to have been removed since.
+ // Curl_rand(data, (unsigned char *)&iv[4].settings_id, sizeof(iv[4].settings_id));
+ // Curl_rand(data, (unsigned char *)&iv[4].value, sizeof(iv[4].value));
- httpc->local_settings_num = 3;
+ httpc->local_settings_num = 4;
+
+ httpc->local_settings_num = i;
}
void Curl_http2_done(struct Curl_easy *data, bool premature)
@ -935,10 +1017,10 @@ index f0390596c..cf9b7a9d5 100644
* Store nghttp2 version info in this buffer.
diff --git a/lib/impersonate.c b/lib/impersonate.c
new file mode 100644
index 000000000..bba3f5788
index 000000000..025bd58ef
--- /dev/null
+++ b/lib/impersonate.c
@@ -0,0 +1,357 @@
@@ -0,0 +1,480 @@
+#include "curl_setup.h"
+
+#include "impersonate.h"
@ -1065,6 +1147,129 @@ index 000000000..bba3f5788
+ }
+ },
+ {
+ .target = "chrome104",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
+ .ciphers =
+ "TLS_AES_128_GCM_SHA256,"
+ "TLS_AES_256_GCM_SHA384,"
+ "TLS_CHACHA20_POLY1305_SHA256,"
+ "ECDHE-ECDSA-AES128-GCM-SHA256,"
+ "ECDHE-RSA-AES128-GCM-SHA256,"
+ "ECDHE-ECDSA-AES256-GCM-SHA384,"
+ "ECDHE-RSA-AES256-GCM-SHA384,"
+ "ECDHE-ECDSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-AES128-SHA,"
+ "ECDHE-RSA-AES256-SHA,"
+ "AES128-GCM-SHA256,"
+ "AES256-GCM-SHA384,"
+ "AES128-SHA,"
+ "AES256-SHA",
+ .npn = false,
+ .alpn = true,
+ .alps = true,
+ .tls_session_ticket = true,
+ .cert_compression = "brotli",
+ .http_headers = {
+ "sec-ch-ua: \"Chromium\";v=\"104\", \" Not A;Brand\";v=\"99\", \"Google Chrome\";v=\"104\"",
+ "sec-ch-ua-mobile: ?0",
+ "sec-ch-ua-platform: \"Windows\"",
+ "Upgrade-Insecure-Requests: 1",
+ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36",
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+ "Sec-Fetch-Site: none",
+ "Sec-Fetch-Mode: navigate",
+ "Sec-Fetch-User: ?1",
+ "Sec-Fetch-Dest: document",
+ "Accept-Encoding: gzip, deflate, br",
+ "Accept-Language: en-US,en;q=0.9"
+ }
+ },
+ {
+ .target = "chrome107",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
+ .ciphers =
+ "TLS_AES_128_GCM_SHA256,"
+ "TLS_AES_256_GCM_SHA384,"
+ "TLS_CHACHA20_POLY1305_SHA256,"
+ "ECDHE-ECDSA-AES128-GCM-SHA256,"
+ "ECDHE-RSA-AES128-GCM-SHA256,"
+ "ECDHE-ECDSA-AES256-GCM-SHA384,"
+ "ECDHE-RSA-AES256-GCM-SHA384,"
+ "ECDHE-ECDSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-AES128-SHA,"
+ "ECDHE-RSA-AES256-SHA,"
+ "AES128-GCM-SHA256,"
+ "AES256-GCM-SHA384,"
+ "AES128-SHA,"
+ "AES256-SHA",
+ .npn = false,
+ .alpn = true,
+ .alps = true,
+ .tls_session_ticket = true,
+ .cert_compression = "brotli",
+ .http_headers = {
+ "sec-ch-ua: \"Google Chrome\";v=\"107\", \"Chromium\";v=\"107\", \"Not=A?Brand\";v=\"24\"",
+ "sec-ch-ua-mobile: ?0",
+ "sec-ch-ua-platform: \"Windows\"",
+ "Upgrade-Insecure-Requests: 1",
+ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36",
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
+ "Sec-Fetch-Site: none",
+ "Sec-Fetch-Mode: navigate",
+ "Sec-Fetch-User: ?1",
+ "Sec-Fetch-Dest: document",
+ "Accept-Encoding: gzip, deflate, br",
+ "Accept-Language: en-US,en;q=0.9"
+ },
+ .http2_no_server_push = true
+ },
+ {
+ .target = "chrome110",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
+ .ciphers =
+ "TLS_AES_128_GCM_SHA256,"
+ "TLS_AES_256_GCM_SHA384,"
+ "TLS_CHACHA20_POLY1305_SHA256,"
+ "ECDHE-ECDSA-AES128-GCM-SHA256,"
+ "ECDHE-RSA-AES128-GCM-SHA256,"
+ "ECDHE-ECDSA-AES256-GCM-SHA384,"
+ "ECDHE-RSA-AES256-GCM-SHA384,"
+ "ECDHE-ECDSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-CHACHA20-POLY1305,"
+ "ECDHE-RSA-AES128-SHA,"
+ "ECDHE-RSA-AES256-SHA,"
+ "AES128-GCM-SHA256,"
+ "AES256-GCM-SHA384,"
+ "AES128-SHA,"
+ "AES256-SHA",
+ .npn = false,
+ .alpn = true,
+ .alps = true,
+ .tls_permute_extensions = true,
+ .tls_session_ticket = true,
+ .cert_compression = "brotli",
+ .http_headers = {
+ "sec-ch-ua: \"Chromium\";v=\"110\", \"Not A(Brand\";v=\"24\", \"Google Chrome\";v=\"110\"",
+ "sec-ch-ua-mobile: ?0",
+ "sec-ch-ua-platform: \"Windows\"",
+ "Upgrade-Insecure-Requests: 1",
+ "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36",
+ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
+ "Sec-Fetch-Site: none",
+ "Sec-Fetch-Mode: navigate",
+ "Sec-Fetch-User: ?1",
+ "Sec-Fetch-Dest: document",
+ "Accept-Encoding: gzip, deflate, br",
+ "Accept-Language: en-US,en;q=0.9"
+ },
+ .http2_no_server_push = true
+ },
+ {
+ .target = "chrome99_android",
+ .httpversion = CURL_HTTP_VERSION_2_0,
+ .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
@ -1298,10 +1503,10 @@ index 000000000..bba3f5788
+};
diff --git a/lib/impersonate.h b/lib/impersonate.h
new file mode 100644
index 000000000..9546a7833
index 000000000..c62991c5a
--- /dev/null
+++ b/lib/impersonate.h
@@ -0,0 +1,43 @@
@@ -0,0 +1,45 @@
+#ifndef HEADER_CURL_IMPERSONATE_H
+#define HEADER_CURL_IMPERSONATE_H
+
@ -1334,6 +1539,8 @@ index 000000000..9546a7833
+ const char *cert_compression;
+ const char *http_headers[IMPERSONATE_MAX_HEADERS];
+ const char *http2_pseudo_headers_order;
+ bool http2_no_server_push;
+ bool tls_permute_extensions;
+ /* Other TLS options will come here in the future once they are
+ * configurable through curl_easy_setopt() */
+};
@ -1360,7 +1567,7 @@ index e0280447c..dc1fdab68 100644
#ifdef USE_WINSOCK
diff --git a/lib/setopt.c b/lib/setopt.c
index 6b16e1c7c..75dddebd8 100644
index 6b16e1c7c..189b54025 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -50,6 +50,7 @@
@ -1423,7 +1630,7 @@ index 6b16e1c7c..75dddebd8 100644
#endif
case CURLOPT_IPRESOLVE:
arg = va_arg(param, long);
@@ -2861,6 +2900,16 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
@@ -2861,6 +2900,22 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_SSL_ENABLE_ALPN:
data->set.ssl_enable_alpn = (0 != va_arg(param, long)) ? TRUE : FALSE;
break;
@ -1433,9 +1640,15 @@ index 6b16e1c7c..75dddebd8 100644
+ case CURLOPT_SSL_ENABLE_TICKET:
+ data->set.ssl_enable_ticket = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_SSL_PERMUTE_EXTENSIONS:
+ data->set.ssl_permute_extensions = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
+ case CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER:
+ result = Curl_setstropt(&data->set.str[STRING_HTTP2_PSEUDO_HEADERS_ORDER],
+ va_arg(param, char *));
+ break;
+ case CURLOPT_HTTP2_NO_SERVER_PUSH:
+ data->set.http2_no_server_push = (0 != va_arg(param, long)) ? TRUE : FALSE;
+ break;
#ifdef USE_UNIX_SOCKETS
case CURLOPT_UNIX_SOCKET_PATH:
@ -1462,7 +1675,7 @@ index 1720b24b1..dcae3c143 100644
Curl_headersep(head->data[thislen]) )
return head->data;
diff --git a/lib/url.c b/lib/url.c
index 1114c6c12..b16628e96 100644
index 1114c6c12..75b724357 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -465,6 +465,11 @@ CURLcode Curl_close(struct Curl_easy **datap)
@ -1495,7 +1708,7 @@ index 1114c6c12..b16628e96 100644
#ifndef CURL_DISABLE_PROXY
data->set.proxy_ssl.primary.CApath = data->set.str[STRING_SSL_CAPATH_PROXY];
@@ -3996,8 +4005,17 @@ static CURLcode create_conn(struct Curl_easy *data,
@@ -3996,8 +4005,21 @@ static CURLcode create_conn(struct Curl_easy *data,
conn->bits.tls_enable_alpn = TRUE;
if(data->set.ssl_enable_npn)
conn->bits.tls_enable_npn = TRUE;
@ -1509,12 +1722,16 @@ index 1114c6c12..b16628e96 100644
+ /* curl-impersonate: Add the TLS session ticket extension. */
+ if(data->set.ssl_enable_ticket)
+ conn->bits.tls_enable_ticket = TRUE;
+
+ /* curl-impersonate: Add the TLS extension permutation. */
+ if(data->set.ssl_permute_extensions)
+ conn->bits.tls_permute_extensions = TRUE;
+
if(waitpipe)
/* There is a connection that *might* become usable for multiplexing
"soon", and we wait for that */
diff --git a/lib/urldata.h b/lib/urldata.h
index bcb4d460c..b98d5977d 100644
index bcb4d460c..01e015706 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -254,6 +254,8 @@ struct ssl_primary_config {
@ -1526,16 +1743,17 @@ index bcb4d460c..b98d5977d 100644
unsigned char ssl_options; /* the CURLOPT_SSL_OPTIONS bitmask */
BIT(verifypeer); /* set TRUE if this is desired */
BIT(verifyhost); /* set TRUE if CN/SAN must match hostname */
@@ -509,6 +511,8 @@ struct ConnectBits {
@@ -509,6 +511,9 @@ struct ConnectBits {
BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(tls_enable_npn); /* TLS NPN extension? */
BIT(tls_enable_alpn); /* TLS ALPN extension? */
+ BIT(tls_enable_alps); /* TLS ALPS extension? */
+ BIT(tls_enable_ticket); /* TLS session ticket extension? */
+ BIT(tls_permute_extensions); /* TLS extension permutations */
BIT(connect_only);
#ifndef CURL_DISABLE_DOH
BIT(doh);
@@ -1453,6 +1457,19 @@ struct UrlState {
@@ -1453,6 +1458,19 @@ struct UrlState {
CURLcode hresult; /* used to pass return codes back from hyper callbacks */
#endif
@ -1555,7 +1773,7 @@ index bcb4d460c..b98d5977d 100644
/* Dynamically allocated strings, MUST be freed before this struct is
killed. */
struct dynamically_allocated_data {
@@ -1608,6 +1625,9 @@ enum dupstring {
@@ -1608,6 +1626,9 @@ enum dupstring {
STRING_DNS_LOCAL_IP4,
STRING_DNS_LOCAL_IP6,
STRING_SSL_EC_CURVES,
@ -1565,17 +1783,28 @@ index bcb4d460c..b98d5977d 100644
/* -- end of null-terminated strings -- */
@@ -1893,6 +1913,8 @@ struct UserDefined {
@@ -1893,6 +1914,9 @@ struct UserDefined {
BIT(tcp_fastopen); /* use TCP Fast Open */
BIT(ssl_enable_npn); /* TLS NPN extension? */
BIT(ssl_enable_alpn);/* TLS ALPN extension? */
+ BIT(ssl_enable_alps);/* TLS ALPS extension? */
+ BIT(ssl_enable_ticket); /* TLS session ticket extension */
+ BIT(ssl_permute_extensions); /* TLS Permute extensions */
BIT(path_as_is); /* allow dotdots? */
BIT(pipewait); /* wait for multiplex status before starting a new
connection */
@@ -1911,6 +1935,9 @@ struct UserDefined {
BIT(doh_verifystatus); /* DoH certificate status verification */
#endif
BIT(http09_allowed); /* allow HTTP/0.9 responses */
+#ifdef USE_HTTP2
+ BIT(http2_no_server_push); /* Disable HTTP2 server push */
+#endif
};
struct Names {
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 78aacd022..a29ca8055 100644
index 78aacd022..9f66af846 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -78,6 +78,13 @@
@ -1910,7 +2139,7 @@ index 78aacd022..a29ca8055 100644
#ifdef USE_OPENSSL_SRP
if((ssl_authtype == CURL_TLSAUTH_SRP) &&
Curl_allow_auth_to_host(data)) {
@@ -2933,6 +3228,20 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
@@ -2933,6 +3228,28 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
}
#endif
@ -1923,6 +2152,14 @@ index 78aacd022..a29ca8055 100644
+ /* Enable TLS GREASE. */
+ SSL_CTX_set_grease_enabled(backend->ctx, 1);
+
+ /*
+ * curl-impersonate: Enable TLS extension permutation, enabled by default
+ * since Chrome 110.
+ */
+ if(conn->bits.tls_permute_extensions) {
+ SSL_CTX_set_permute_extensions(backend->ctx, 1);
+ }
+
+ if(SSL_CONN_CONFIG(cert_compression) &&
+ add_cert_compression(data,
+ backend->ctx,
@ -1931,7 +2168,7 @@ index 78aacd022..a29ca8055 100644
#if defined(USE_WIN32_CRYPTO)
/* Import certificates from the Windows root certificate store if requested.
@@ -3232,6 +3541,33 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
@@ -3232,6 +3549,33 @@ static CURLcode ossl_connect_step1(struct Curl_easy *data,
SSL_set_connect_state(backend->handle);
@ -2044,10 +2281,10 @@ index 706f0aac3..7124bf13e 100644
# if unit tests are enabled, build a static library to link them with
diff --git a/src/tool_cfgable.h b/src/tool_cfgable.h
index 7e43fe754..823f72414 100644
index 7e43fe754..6b698c3b1 100644
--- a/src/tool_cfgable.h
+++ b/src/tool_cfgable.h
@@ -165,8 +165,11 @@ struct OperationConfig {
@@ -165,8 +165,12 @@ struct OperationConfig {
bool crlf;
char *customrequest;
char *ssl_ec_curves;
@ -2056,10 +2293,19 @@ index 7e43fe754..823f72414 100644
char *krblevel;
char *request_target;
+ char *http2_pseudo_headers_order;
+ bool http2_no_server_push;
long httpversion;
bool http09_allowed;
bool nobuffer;
@@ -275,6 +278,8 @@ struct OperationConfig {
@@ -196,6 +200,7 @@ struct OperationConfig {
struct curl_slist *prequote;
long ssl_version;
long ssl_version_max;
+ bool ssl_permute_extensions;
long proxy_ssl_version;
long ip_version;
long create_file_mode; /* CURLOPT_NEW_FILE_PERMS */
@@ -275,6 +280,8 @@ struct OperationConfig {
char *oauth_bearer; /* OAuth 2.0 bearer token */
bool nonpn; /* enable/disable TLS NPN extension */
bool noalpn; /* enable/disable TLS ALPN extension */
@ -2069,10 +2315,10 @@ index 7e43fe754..823f72414 100644
bool abstract_unix_socket; /* path to an abstract Unix domain socket */
bool falsestart;
diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 27e801a98..047f1c6c8 100644
index 27e801a98..d02540f76 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -282,6 +282,11 @@ static const struct LongShort aliases[]= {
@@ -282,6 +282,13 @@ static const struct LongShort aliases[]= {
{"EC", "etag-save", ARG_FILENAME},
{"ED", "etag-compare", ARG_FILENAME},
{"EE", "curves", ARG_STRING},
@ -2081,10 +2327,12 @@ index 27e801a98..047f1c6c8 100644
+ {"EI", "cert-compression", ARG_STRING},
+ {"EJ", "tls-session-ticket", ARG_BOOL},
+ {"EK", "http2-pseudo-headers-order", ARG_STRING},
+ {"EL", "http2-no-server-push", ARG_BOOL},
+ {"EM", "tls-permute-extensions", ARG_BOOL},
{"f", "fail", ARG_BOOL},
{"fa", "fail-early", ARG_BOOL},
{"fb", "styled-output", ARG_BOOL},
@@ -1859,6 +1864,31 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
@@ -1859,6 +1866,39 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
GetStr(&config->ssl_ec_curves, nextarg);
break;
@ -2113,14 +2361,22 @@ index 27e801a98..047f1c6c8 100644
+ GetStr(&config->http2_pseudo_headers_order, nextarg);
+ break;
+
+ case 'L':
+ /* --http2-no-server-push */
+ config->http2_no_server_push = toggle;
+ break;
+ case 'M':
+ /* --tls-permute-extensions */
+ config->ssl_permute_extensions = toggle;
+ break;
default: /* unknown flag */
return PARAM_OPTION_UNKNOWN;
}
diff --git a/src/tool_listhelp.c b/src/tool_listhelp.c
index 266f9b0bd..721a2c5f0 100644
index 266f9b0bd..a96c12de0 100644
--- a/src/tool_listhelp.c
+++ b/src/tool_listhelp.c
@@ -108,6 +108,18 @@ const struct helptxt helptext[] = {
@@ -108,6 +108,24 @@ const struct helptxt helptext[] = {
{" --curves <algorithm list>",
"(EC) TLS key exchange algorithm(s) to request",
CURLHELP_TLS},
@ -2136,10 +2392,16 @@ index 266f9b0bd..721a2c5f0 100644
+ {" --http2-pseudo-headers-order",
+ "Change the order of the HTTP2 pseudo headers",
+ CURLHELP_HTTP},
+ {" --http2-no-server-push",
+ "Send HTTP2 setting to disable server push",
+ CURLHELP_HTTP},
+ {" --tls-permute-extensions",
+ "Enable BoringSSL TLS extensions permutations on client hello",
+ CURLHELP_TLS},
{"-d, --data <data>",
"HTTP POST data",
CURLHELP_IMPORTANT | CURLHELP_HTTP | CURLHELP_POST | CURLHELP_UPLOAD},
@@ -384,6 +396,9 @@ const struct helptxt helptext[] = {
@@ -384,6 +402,9 @@ const struct helptxt helptext[] = {
{" --no-alpn",
"Disable the ALPN TLS extension",
CURLHELP_TLS | CURLHELP_HTTP},
@ -2150,10 +2412,10 @@ index 266f9b0bd..721a2c5f0 100644
"Disable buffering of the output stream",
CURLHELP_CURL},
diff --git a/src/tool_operate.c b/src/tool_operate.c
index c317b3ba7..e325479a0 100644
index c317b3ba7..481c6cd00 100644
--- a/src/tool_operate.c
+++ b/src/tool_operate.c
@@ -1433,6 +1433,11 @@ static CURLcode single_transfer(struct GlobalConfig *global,
@@ -1433,6 +1433,15 @@ static CURLcode single_transfer(struct GlobalConfig *global,
return result;
}
@ -2161,11 +2423,15 @@ index c317b3ba7..e325479a0 100644
+ my_setopt_str(curl,
+ CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER,
+ config->http2_pseudo_headers_order);
+
+ if(config->http2_no_server_push)
+ my_setopt(curl, CURLOPT_HTTP2_NO_SERVER_PUSH,
+ config->http2_no_server_push ? 1L : 0L);
+
} /* (built_in_protos & CURLPROTO_HTTP) */
my_setopt_str(curl, CURLOPT_FTPPORT, config->ftpport);
@@ -1520,6 +1525,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
@@ -1520,6 +1529,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
if(config->ssl_ec_curves)
my_setopt_str(curl, CURLOPT_SSL_EC_CURVES, config->ssl_ec_curves);
@ -2180,7 +2446,18 @@ index c317b3ba7..e325479a0 100644
if(curlinfo->features & CURL_VERSION_SSL) {
/* Check if config->cert is a PKCS#11 URI and set the
* config->cert_type if necessary */
@@ -2057,6 +2070,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
@@ -1846,6 +1863,10 @@ static CURLcode single_transfer(struct GlobalConfig *global,
my_setopt_str(curl, CURLOPT_PROXY_TLS13_CIPHERS,
config->proxy_cipher13_list);
+ /* curl-impersonate */
+ if(config->ssl_permute_extensions)
+ my_setopt(curl, CURLOPT_SSL_PERMUTE_EXTENSIONS, 1L);
+
/* new in libcurl 7.9.2: */
if(config->disable_epsv)
/* disable it */
@@ -2057,6 +2078,14 @@ static CURLcode single_transfer(struct GlobalConfig *global,
my_setopt(curl, CURLOPT_SSL_ENABLE_ALPN, 0L);
}
@ -2196,14 +2473,15 @@ index c317b3ba7..e325479a0 100644
if(config->unix_socket_path) {
if(config->abstract_unix_socket) {
diff --git a/src/tool_setopt.c b/src/tool_setopt.c
index 5ff86c7f5..e7b093d2d 100644
index 5ff86c7f5..be26f91ea 100644
--- a/src/tool_setopt.c
+++ b/src/tool_setopt.c
@@ -180,6 +180,7 @@ static const struct NameValue setopt_nv_CURLNONZERODEFAULTS[] = {
@@ -180,6 +180,8 @@ static const struct NameValue setopt_nv_CURLNONZERODEFAULTS[] = {
NV1(CURLOPT_SSL_VERIFYHOST, 1),
NV1(CURLOPT_SSL_ENABLE_NPN, 1),
NV1(CURLOPT_SSL_ENABLE_ALPN, 1),
+ NV1(CURLOPT_SSL_ENABLE_TICKET, 1),
+ NV1(CURLOPT_SSL_PERMUTE_EXTENSIONS, 1),
NV1(CURLOPT_TCP_NODELAY, 1),
NV1(CURLOPT_PROXY_SSL_VERIFYPEER, 1),
NV1(CURLOPT_PROXY_SSL_VERIFYHOST, 1),

13
patch/excludecopy.txt
View File

@ -1,4 +1,15 @@
.circleci\
.github\
.lift\
.reuse\
docs\
LICENSES\
projects\
scripts\
winbuild\
zuul.d\
tests\
.git
.gitignore
.gitattribute
.git-blame-ignore-revs
.git-blame-ignore-revs

2
patch_boringssl.bat
View File

@ -6,4 +6,4 @@ cd %~dp0boringssl
%sed% -i 's/-ggdb//g' CMakeLists.txt
%sed% -i 's/-Werror//g' CMakeLists.txt
pause
cd ..

3
patch_curl.bat
View File

@ -2,6 +2,7 @@ set patch=c:\msys64\usr\bin\patch.exe
set sed=c:\msys64\usr\bin\sed.exe
cd %~dp0curl
%patch% -p1 < %~dp0patch\curl-impersonate.patch
%sed% -i 's/-shared/-s -static -shared/g' lib\Makefile.m32
%sed% -i 's/-static/-s -static/g' src\Makefile.m32
@ -12,4 +13,4 @@ cd %~dp0curl
%sed% -i 's/-lidn2/-lidn2 -lunistring -liconv/g' lib\Makefile.m32
%sed% -i 's/-lidn2/-lidn2 -lunistring -liconv/g' src\Makefile.m32
pause
cd ..