hoelee/curl-impersonate
1
0
Fork 0
mirror of https://github.com/lwthiker/curl-impersonate.git synced 2025-08-09 05:09:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Finalize TLS Client Hello to impersonate Chrome

Browse Source
This commit is contained in:
lwthiker
2022-02-19 00:48:26 +02:00
parent b7d9388bf3
commit 647c4f428c
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile.chrome
View File

@@ -61,9 +61,10 @@ RUN cd ${CURL_VERSION} && \
for p in $(ls curl-*.patch); do patch -p1 < $p; done && \ for p in $(ls curl-*.patch); do patch -p1 < $p; done && \
autoreconf -fi autoreconf -fi
# Compile curl with BoringSSL # Compile curl with BoringSSL & nghttp2.
# Enable keylogfile for debugging of TLS traffic.
RUN cd ${CURL_VERSION} && \ RUN cd ${CURL_VERSION} && \
./configure --with-openssl=/build/boringssl/build --enable-static --disable-shared --with-nghttp2=/usr/local LIBS="-pthread" CFLAGS="-I/build/boringssl/build" && \ ./configure --with-openssl=/build/boringssl/build --enable-static --disable-shared --with-nghttp2=/usr/local LIBS="-pthread" CFLAGS="-I/build/boringssl/build" USE_CURL_SSLKEYLOGFILE=true && \
make make
# 'xxd' is needed for the wrapper script # 'xxd' is needed for the wrapper script

25
curl-openssl.patch
View File

@@ -1,5 +1,5 @@
--- curl-7.81.0-original/lib/vtls/openssl.c 2022-01-03 18:36:46.000000000 +0200 --- curl-7.81.0-original/lib/vtls/openssl.c 2022-01-03 18:36:46.000000000 +0200
+++ curl-7.81.0/lib/vtls/openssl.c 2022-02-18 18:07:04.220805893 +0200 +++ curl-7.81.0/lib/vtls/openssl.c 2022-02-18 20:02:23.559231773 +0200
@@ -78,2 +78,4 @@ @@ -78,2 +78,4 @@
+#include <brotli/decode.h> +#include <brotli/decode.h>
@@ -49,7 +49,7 @@
SSL_CTX_set_next_proto_select_cb(backend->ctx, select_next_proto_cb, data); SSL_CTX_set_next_proto_select_cb(backend->ctx, select_next_proto_cb, data);
+ */ + */
#endif #endif
@@ -2939,2 +2972,19 @@ @@ -2939,2 +2972,15 @@
+ /* curl-impersonate: + /* curl-impersonate:
+ * Configure BoringSSL to behave like Chrome. + * Configure BoringSSL to behave like Chrome.
@@ -64,21 +64,30 @@
+ * Add Brotli decompression. See Chromium net/ssl/cert_compression.cc */ + * Add Brotli decompression. See Chromium net/ssl/cert_compression.cc */
+ SSL_CTX_add_cert_compression_alg(backend->ctx, + SSL_CTX_add_cert_compression_alg(backend->ctx,
+ TLSEXT_cert_compression_brotli, NULL, DecompressBrotliCert); + TLSEXT_cert_compression_brotli, NULL, DecompressBrotliCert);
+
+ /* Enable TLS extensions 5 - status_request and 18 - signed_certificate_timestamp. */
+ SSL_CTX_enable_ocsp_stapling(backend->ctx);
+ SSL_CTX_enable_signed_cert_timestamps(backend->ctx);
@@ -3238,2 +3288,24 @@ @@ -3238,2 +3284,37 @@
+#ifdef USE_HTTP2 +#ifdef USE_HTTP2
+ /* curl-impersonate: This adds the ALPS extension (17513). + /* curl-impersonate: This adds the ALPS extension (17513).
+ * Chromium calls this function as well in SSLClientSocketImpl::Init(). + * Chromium calls this function as well in SSLClientSocketImpl::Init().
+ * The 4th parameter is called "settings", and I don't know what it + * The 4th parameter is called "settings", and I don't know what it
+ * should contain. For now, use an empty string. */ + * should contain. For now, use an empty string. */
+ SSL_add_application_settings(backend->handle, "h2", 2, "", 0); + SSL_add_application_settings(backend->handle, "h2", 2, NULL, 0);
+#endif +#endif
+ +
+ SSL_set_options(backend->handle,
+ SSL_OP_LEGACY_SERVER_CONNECT);
+ SSL_set_mode(backend->handle,
+ SSL_MODE_CBC_RECORD_SPLITTING | SSL_MODE_ENABLE_FALSE_START);
+
+ /* curl-impersonate: Enable TLS extensions 5 - status_request and
+ * 18 - signed_certificate_timestamp. */
+ SSL_enable_signed_cert_timestamps(backend->handle);
+ SSL_enable_ocsp_stapling(backend->handle);
+
+ /* curl-impersonate: Some SSL settings copied over from Chrome. */
+ SSL_set_shed_handshake_config(backend->handle, 1);
+
+ /* curl-impersonate: Set the signature algorithms. + /* curl-impersonate: Set the signature algorithms.
+ * (TLS extension 13). + * (TLS extension 13).
+ * See net/socket/ssl_client_socket_impl.cc in Chromium's source. */ + * See net/socket/ssl_client_socket_impl.cc in Chromium's source. */