search

sleeyax / burp-awesome-tls

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
GNU General Public License v3.0
988 stars 66 forks source link

Support for akamai_fingerprint? #71

Open DarisOnly opened 1 month ago

DarisOnly commented 1 month ago

Hi, I just wanted to ask will there be support for spoofing the akamai fingerprint, since in every test that I've done it never changes which might helped Cloudflare to detect me as bot.

Using the extension: image

Normal Chrome Browser: image

sleeyax commented 1 month ago

What version of the extension are you using and what site did you use to test this?

DarisOnly commented 1 month ago

Thanks for replying, I've used https://tls.peet.ws/api/all to monitor, I've used the latest version 1.2.2 with Temurin JDK 21

sleeyax commented 1 month ago

This translates to improvements to the HTTP 2 SETTINGS frame, which is indeed not fully implemented in Awesome TLS at the time of writing.

The akamai fingerprint is constructed as follows:

https://github.com/wwhtrbbtt/TrackMe/blob/97d2bd50bb6167989620583d1a0a3fde0f364832/fingerprint_h2.go#L89-L98