search

sleeyax / burp-awesome-tls

Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
GNU General Public License v3.0
1.27k stars 78 forks source link

Support for akamai_fingerprint? #71

Open DarisOnly opened 7 months ago

DarisOnly commented 7 months ago

Hi, I just wanted to ask will there be support for spoofing the akamai fingerprint, since in every test that I've done it never changes which might helped Cloudflare to detect me as bot.

Using the extension: image

Normal Chrome Browser: image

sleeyax commented 7 months ago

What version of the extension are you using and what site did you use to test this?

DarisOnly commented 7 months ago

Thanks for replying, I've used https://tls.peet.ws/api/all to monitor, I've used the latest version 1.2.2 with Temurin JDK 21

sleeyax commented 7 months ago

This translates to improvements to the HTTP 2 SETTINGS frame, which is indeed not fully implemented in Awesome TLS at the time of writing.

The akamai fingerprint is constructed as follows:

https://github.com/wwhtrbbtt/TrackMe/blob/97d2bd50bb6167989620583d1a0a3fde0f364832/fingerprint_h2.go#L89-L98