Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/an0ndev/requests-ja3

Modifying Python's requests module to spoof a ja3 fingerprint
https://github.com/an0ndev/requests-ja3

Last synced: about 2 months ago
JSON representation

Modifying Python's requests module to spoof a ja3 fingerprint

Host: GitHub
URL: https://github.com/an0ndev/requests-ja3
Owner: an0ndev
Created: 2021-08-10T18:16:07.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2022-05-20T17:18:37.000Z (over 2 years ago)
Last Synced: 2024-06-10T03:34:32.214Z (4 months ago)
Language: Python
Size: 105 KB
Stars: 55
Watchers: 12
Forks: 12
Open Issues: 2
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # requests-ja3

Modifying Python's `requests` module to spoof a ja3 fingerprint

(Since the repo seems to be getting some external attention, I want to clarify that this is experimental and not currently in a working state. Thank you!)

### TO-DO LIST

- [x] `decoder`: parse string version of ja3

- [x] `patcher`: find and replace usages of ssl module in an imported `requests` module

- [x] `monitor`: dump ja3 off network using scapy

  - some inconsistency here? some fields don't seem to match ja3 reported by ja3er

  - not sure how to further debug this, client hello packet data from wireshark matches scapy

- [x] `server`: dump ja3 server-side with customized openssl

  - the cause for the ^ inconsistency with ja3er is because the last two fields (extension info) aren't used by tls 1.3

  - this server dumps the field values despite the extensions going unused

- [ ] `imitate`: fake ssl module with customizable ja3

    - [x] ~~dummy C extension with setup.py and portable compiler setup~~

    - [x] ~~dummy pybind11 + cppimport extension~~ **(moved to ctypes)**

    - [ ] ~~ability to verify fakessl against real ssl module~~ can't inspect pybind11 method signatures yet

    - [x] dummy SSLSocket class

    - [x] customized openssl compile options

    - [x] linkage against C extension

    - [x] usage of compiled openssl in SSLSocket class

    - [x] `ssl.wrap_socket` at minimum

    - [ ] other `ssl` functions used by requests/urllib3

- [ ] tests using ja3s from common browsers

  - [x] brave browser (works!)

  - [ ] firefox (segfaults)

- [ ] `patcher`: patch fakessl into a requests module

  - [ ] patch the module

  - [ ] automatically test the patched module against a local server

**progress (5/13/22):**

- all fields are customized

- I implemented the compressed certificate extension in my fork of OpenSSL, so that works

- Most other extensions are enabled automatically

- server (for dumping ja3) works, with solutions for ja3er's flaws

- can imitate brave browser's fingerprint successfully!!!

- need to sort segfault when imitating firefox, and finish code for patching a requests module

### REFERENCES

JA3 specification: [https://github.com/salesforce/ja3/blob/master/README.md](https://github.com/salesforce/ja3/blob/master/README.md)