Modifying Python's requests module to spoof a ja3 fingerprint
(Since the repo seems to be getting some external attention, I want to clarify that this is experimental and not currently in a working state. Thank you!)
-
decoder: parse string version of ja3 -
patcher: find and replace usages of ssl module in an importedrequestsmodule -
monitor: dump ja3 off network using scapy- some inconsistency here? some fields don't seem to match ja3 reported by ja3er
- not sure how to further debug this, client hello packet data from wireshark matches scapy
-
server: dump ja3 server-side with customized openssl- the cause for the ^ inconsistency with ja3er is because the last two fields (extension info) aren't used by tls 1.3
- this server dumps the field values despite the extensions going unused
-
imitate: fake ssl module with customizable ja3-
dummy C extension with setup.py and portable compiler setup -
dummy pybind11 + cppimport extension(moved to ctypes) -
ability to verify fakessl against real ssl modulecan't inspect pybind11 method signatures yet - dummy SSLSocket class
- customized openssl compile options
- linkage against C extension
- usage of compiled openssl in SSLSocket class
-
ssl.wrap_socketat minimum - other
sslfunctions used by requests/urllib3
-
- tests using ja3s from common browsers
- brave browser (works!)
- firefox (segfaults)
-
patcher: patch fakessl into a requests module- patch the module
- automatically test the patched module against a local server
progress (5/13/22):
- all fields are customized
- I implemented the compressed certificate extension in my fork of OpenSSL, so that works
- Most other extensions are enabled automatically
- server (for dumping ja3) works, with solutions for ja3er's flaws
- can imitate brave browser's fingerprint successfully!!!
- need to sort segfault when imitating firefox, and finish code for patching a requests module
JA3 specification: https://github.com/salesforce/ja3/blob/master/README.md