From 3b625c8b0aee69535482c0722076cae1ed593b40 Mon Sep 17 00:00:00 2001
From: stefanodvx <69367859+stefanodvx@users.noreply.github.com>
Date: Fri, 18 Apr 2025 12:46:26 +0200
Subject: [PATCH] util: impersonate chrome TLS fingerprint

---
 util/fingerprint.go | 84 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 util/fingerprint.go

diff --git a/util/fingerprint.go b/util/fingerprint.go
new file mode 100644
index 0000000..5198842
--- /dev/null
+++ b/util/fingerprint.go
@@ -0,0 +1,84 @@
+package util
+
+import (
+	"crypto/tls"
+	"net/http"
+)
+
+func ChromeClientHelloSpec() *tls.ClientHelloInfo {
+	return &tls.ClientHelloInfo{
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+		},
+		SupportedVersions: []uint16{tls.VersionTLS13, tls.VersionTLS12},
+		// chrome prefers X25519, followed by P-256 and P-384
+		SupportedCurves: []tls.CurveID{
+			tls.X25519,
+			tls.CurveP256,
+			tls.CurveP384,
+		},
+		SignatureSchemes: []tls.SignatureScheme{
+			tls.ECDSAWithP256AndSHA256,
+			tls.PSSWithSHA256,
+			tls.PKCS1WithSHA256,
+			tls.ECDSAWithP384AndSHA384,
+			tls.PSSWithSHA384,
+			tls.PKCS1WithSHA384,
+			tls.PSSWithSHA512,
+			tls.PKCS1WithSHA512,
+			tls.PKCS1WithSHA1,
+		},
+	}
+}
+
+func NewChromeClient() *http.Client {
+	tlsConfig := &tls.Config{
+		MinVersion: tls.VersionTLS12,
+		MaxVersion: tls.VersionTLS13,
+		// chrome's cipher preferences
+		CipherSuites: []uint16{
+			tls.TLS_AES_128_GCM_SHA256,
+			tls.TLS_AES_256_GCM_SHA384,
+			tls.TLS_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
+		},
+		CurvePreferences: []tls.CurveID{
+			tls.X25519,
+			tls.CurveP256,
+			tls.CurveP384,
+		},
+		// important: chrome uses TLS session tickets
+		SessionTicketsDisabled: false,
+		// chrome does support renegotiation but doesn't use it by default
+		Renegotiation: tls.RenegotiateNever,
+	}
+
+	transport := &http.Transport{
+		TLSClientConfig: tlsConfig,
+		// chrome enables HTTP/2
+		ForceAttemptHTTP2: true,
+	}
+
+	return &http.Client{
+		Transport: transport,
+	}
+}