From f9afe9cf63a936bcfa1f09498958166166432ef8 Mon Sep 17 00:00:00 2001 From: lwthiker Date: Thu, 3 Mar 2022 16:16:13 +0200 Subject: [PATCH] Add wrapper script to impersonate Safari 15.3 Add a new wrapper script that impersonates Safari 15.3 on MacOS 11.6.4 ("Big Sur"). The wrapper script uses command line arguments previously added to "curl-impersonate" for that purpose: * --curves * --signature-hashes * --no-tls-session-ticket * --http2-pseudo-headers-order --- chrome/Dockerfile | 2 +- chrome/curl_safari15_3 | 20 +++++++++++ tests/signatures.yaml | 72 +++++++++++++++++++++++++++++++++++++++ tests/test_impersonate.py | 1 + 4 files changed, 94 insertions(+), 1 deletion(-) create mode 100755 chrome/curl_safari15_3 diff --git a/chrome/Dockerfile b/chrome/Dockerfile index 176e180..8f36531 100644 --- a/chrome/Dockerfile +++ b/chrome/Dockerfile @@ -92,5 +92,5 @@ RUN ver=$(readlink -f curl-7.81.0/lib/.libs/libcurl.so | sed 's/.*so\.//') && \ strip "out/libcurl-impersonate.so.$ver" # Wrapper scripts -COPY curl_chrome* curl_edge* out/ +COPY curl_chrome* curl_edge* curl_safari* out/ RUN chmod +x out/curl_* diff --git a/chrome/curl_safari15_3 b/chrome/curl_safari15_3 new file mode 100755 index 0000000..c449ef2 --- /dev/null +++ b/chrome/curl_safari15_3 @@ -0,0 +1,20 @@ +#!/bin/bash + +# Find the directory of this script +dir=`echo "$0" | sed 's%/[^/]*$%%'` + +# The list of ciphers can be obtained by looking at the Client Hello message in +# Wireshark, then converting it using this reference +# https://wiki.mozilla.org/Security/Cipher_Suites +"$dir/curl-impersonate" \ + --ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_RSA_WITH_AES_128_CBC_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA \ + --curves X25519:P-256:P-384:P-521 \ + --signature-hashes ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256,ecdsa_secp384r1_sha384,ecdsa_sha1,rsa_pss_rsae_sha384,rsa_pss_rsae_sha384,rsa_pkcs1_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha512,rsa_pkcs1_sha1 \ + -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15' \ + -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \ + -H 'Accept-Language: en-us' \ + -H 'Accept-Encoding: gzip, deflate, br' \ + --http2 --false-start --compressed \ + --tlsv1.0 --no-npn --no-tls-session-ticket \ + --http2-pseudo-headers-order 'mspa' \ + $@ diff --git a/tests/signatures.yaml b/tests/signatures.yaml index 8e042df..63274b3 100644 --- a/tests/signatures.yaml +++ b/tests/signatures.yaml @@ -300,3 +300,75 @@ signature: length: 2 record_size_limit: 16385 - type: padding +--- +name: safari_15.3_macos11.6.4 +browser: + name: safari + version: 15.3 + os: macos11.6.4 + mode: regular +signature: + tls_client_hello: + record_version: 'TLS_VERSION_1_0' + handshake_version: 'TLS_VERSION_1_2' + session_id_length: 32 + ciphersuites: [ + 'GREASE', + 0x1301, 0x1302, 0x1303, 0xc02c, 0xc02b, 0xcca9, 0xc030, 0xc02f, + 0xcca8, 0xc024, 0xc023, 0xc00a, 0xc009, 0xc028, 0xc027, 0xc014, + 0xc013, 0x009d, 0x009c, 0x003d, 0x003c, 0x0035, 0x002f, 0xc008, + 0xc012, 0x000a + ] + comp_methods: [0x00] + extensions: + - type: GREASE + length: 0 + - type: server_name + - type: extended_master_secret + length: 0 + - type: renegotiation_info + length: 1 + - type: supported_groups + length: 12 + supported_groups: [ + 'GREASE', + 0x001d, 0x0017, 0x0018, 0x0019 + ] + - type: ec_point_formats + length: 2 + ec_point_formats: [0] + - type: application_layer_protocol_negotiation + length: 14 + alpn_list: ['h2', 'http/1.1'] + - type: status_request + length: 5 + status_request_type: 0x01 + - type: signature_algorithms + length: 24 + sig_hash_algs: [ + 0x0403, 0x0804, 0x0401, 0x0503, 0x0203, 0x0805, 0x0805, + 0x0501, 0x0806, 0x0601, 0x0201 + ] + - type: signed_certificate_timestamp + length: 0 + - type: keyshare + length: 43 + key_shares: + - group: 'GREASE' + length: 1 + - group: 29 + length: 32 + - type: psk_key_exchange_modes + length: 2 + psk_ke_mode: 1 + - type: supported_versions + length: 11 + supported_versions: [ + 'GREASE', + 'TLS_VERSION_1_3', 'TLS_VERSION_1_2', + 'TLS_VERSION_1_1', 'TLS_VERSION_1_0' + ] + - type: GREASE + length: 1 + data: !!binary AA== + - type: padding diff --git a/tests/test_impersonate.py b/tests/test_impersonate.py index 9a7036a..0c6d80e 100644 --- a/tests/test_impersonate.py +++ b/tests/test_impersonate.py @@ -126,6 +126,7 @@ class TestImpersonation: # Test wrapper scripts ("chrome/curl_chrome98", None, "chrome_98.0.4758.102_win10"), ("chrome/curl_edge98", None, "edge_98.0.1108.62_win10"), + ("chrome/curl_safari15_3", None, "safari_15.3_macos11.6.4"), ("firefox/curl_ff91esr", None, "firefox_91.6.0esr_win10"), ("firefox/curl_ff95", None, "firefox_95.0.2_win10"),