Add support for impersonating Chrome 99 on Android 12 (Pixel 6 was
chosen as an arbitrary Android phone to impersonate). The TLS signature
for Chrome on Android is identical to Chrome on Windows. The difference
is in a few HTTP headers ('sec-ch-ua-mobile', 'sec-ch-ua-platform' and
'user-agent').
Add support for impersonating Firefox 98 released a few days ago. It has
the same TLS signature as Firefox 95 so the adaptation includes changing
the user-agent only. Upgrade the NSS version used to 3.75, even though
it's not strictly necessary.
Add 'apk add nss' for the final alpine image of the Firefox version of
curl-impersonate. This is needed for curl to find the list of root
certificates.
Add Dockerfiles for building curl-impersonate on Alpine Linux.
The Dockerfile template file was modified to support Alpine Linux,
mainly by changing the dependency installation from 'apt' to 'apk'.
The resulting alpine images are small (~11mb) and will be uploaded to
Docker hub.
Since the firefox and chrome builds are similar except for the TLS
library used, it makes sense to unify their Dockerfiles. This commit
introduces a template Dockerfile from which both the build Dockerfiles
are generated using the simple 'mustache' template system.
The GitHub Action workflow uses a cache to speed up the Docker builds.
However, it seems that it only partially works, saving only the Docker
layers for the Firefox build. This is an attempt to solve it by using
two separate cache paths, one for each build.
Add impersonation support for Chrome 99 and Edge 99 which were just released.
Their TLS signature is identical to the previous versions (98).
The only difference is in the user agents.
curl patch from
ca13947f00
Add layer caching to speed up the CI builds. In addition, optimize the
Dockerfiles by moving all the dependency installations (which are
unlikely to change much) to the initial layers.
The tests container copies files from the build containers. In order for
this to work in the GitHub actions workflow, the build images need to be
uploaded to a local Docker registry first.
Add tests to verify that the HTTP headers and HTTP/2 pseudo-headers
generated by curl-impersonate match the expected ones from the browser.
The test uses a local nghttpd HTTP/2 server instance with a self-signed
certificate.
Safari can now be imperonsated with libcurl using
curl_easy_impersonate() with the "safari15_3" target or by setting the
env var CURL_IMPERSONATE to "safari15_3".
curl patch from
0340cd8b3e
Add a new wrapper script that impersonates Safari 15.3 on MacOS 11.6.4
("Big Sur"). The wrapper script uses command line arguments
previously added to "curl-impersonate" for that purpose:
* --curves
* --signature-hashes
* --no-tls-session-ticket
* --http2-pseudo-headers-order
Add the ability to control the order of the HTTP/2 pseudo-headers. Each
browser uses a different order for the ":method", ":authority",
":scheme" and ":path" pseudo-headers. It is therefore desirable to be
able to control it. The CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER libcurl
option and '--http2-pseudo-headers-order' command line option now allow
doing that.
Patch from
dd4b76241e
A previous commit has enabled the TLS session ticket extension (by
removing SSL_OP_NO_TICKET) because Chrome uses it. This commit makes it
configurable via the CURLOPT_SSL_ENABLE_TICKET libcurl option or the
'--tls-session-ticker' command line flag. The goal is to impersonate
Safari which, as of version 15.3, does not use TLS session tickets.
This commit adds:
* Support for configuring the TLS certificate compression algorithms the
client is willing to receive via the CURLOPT_SSL_CERT_COMPRESSION option or
the '--cert-compression' command line flag.
* Support for decompressing zlib-compressed certificates in addition to
brotli.
Previously brotli decompression only was available and it was hardcoded
into the binary.
This commit makes some of the TLS options that are used for
impersonation configurable via libcurl options and command line flags to
curl-impersonate. The goal is to give more flexibility in configuring
the TLS extensions instead of hardcoding everything into the binary.
This will enable using the same binary for impersonating different
browsers (e.g. Safari).
The following options are now present:
* CURLOPT_SSL_EC_CURVES and the '--curves' flag are now usable. These
were present in the upstream curl but only for OpenSSL builds. This
commit also enables them for BoringSSL. They configure TLS extension
'supported_groups' (no. 10).
* CURLOPT_SSL_ENABLE_NPN and the '--no-npn' flags are usable. These were
present in the upstream curl but were disabled in a previous commit by
commenting out the relevant code (as Chrome disables NPN). They now work
and the wrapper scripts use the '--no-npn' flag.
* CURLOPT_SSL_ENABLE_ALPS and the '--alps' flag were added. These
control the ALPS TLS extension that Chrome uses.
* CURLOPT_SSL_SIG_HASH_ALGS and the '--signature-hashes' option were
added. These control the clien't list of supported signature & hash
algorithms, i.e. TLS extension 'signature_algorithms' (no. 13).
48415a4b00 added impersonation
capabilities to libcurl in the Chrome build. This adds the same
capabilities to the Firefox build as well.
curl-impersonate.patch generated from
b30b245b72
