Support TLS ClientHello randomization

projectdiscovery / katana

A next-generation crawling and spidering framework.

MIT License

10.82k stars 571 forks source link

Support TLS ClientHello randomization #136

Closed moonD4rk closed 1 year ago

moonD4rk commented 1 year ago

Please describe your feature request:

   -tlsi, -tls-impersonate  enable experimental client hello (ja3) tls randomization

See below for the implementation

Describe the use case of this feature:

To avoid detection/blocking from Cloudflare and Akamai based on JA3 fingerprint.

parthmalhotra commented 1 year ago

JA3 with combination of browser headers can be implemented (#REF https://github.com/lwthiker/curl-impersonate ) cc @Ice3man543 @Mzack9999

ehsandeep commented 1 year ago

@moonD4rk I've updated the issue according to the latest development. To start with this experimental feature, it will optionally support client hello randomization, and later in the future, we will look to support specific client hello to use.

This is feature is now added in httpx - https://github.com/projectdiscovery/httpx/pull/1199 and the same will be done for other pd projects including katana.

Mzack9999 commented 1 year ago

Note: headless native crawler doesn't need this since chrome already randomize TLS extensions part internally

ehsandeep commented 1 year ago

@Mzack9999 this support in now added in the latest release (-tlsi) option.