E2E tests of Chrome, Firefox, Safari, etc.

[wi1dcard]

Notes

• Runs on GitHub Actions
• Maybe using puppeteer or selenium?
• Related to #8

[hellodword]

Agree, and I've been trying to do similar thing these days, and that's why I'm learning to use fingerproxy🤣

Here is some information I collected: https://github.com/hellodword/tls-fingerprinting/blob/master/README.md#browsers

• select the most popular browsers on the most popular platforms
• CDP/webdriver maybe not working for some of them, so simply use fingerproxy or other tools to collect the fingerprints, collect from the server-side, not wait for the responses from the browser-side
• even the mobile operating systems will be considered

[hellodword]

A PoC (without CDP/webdriver intentionally) here: https://github.com/hellodword/tls-fingerprinting/actions/runs/8802552943

Or using https://github.com/browser-actions

But I prefer using https://github.com/dockur/windows and https://github.com/sickcodes/Docker-OSX , because I want to make sure it'll be working on any Linux machine, not only the github actions.

[wi1dcard]

Wow, that's amazing!! Actually, I did some research of common fingerprints too. But only runs on GitHub Actions, and collected just a few programming languages + HTTP client libraries. Here is the code: https://github.com/wi1dcard/fingerprint-db, and an example result: https://github.com/wi1dcard/fingerprint-db/actions/runs/7986638066

I didn't write any doc or usage for that project, it is really just a simple PoC 😂 debugging GH actions was actually way more complicated than I thought. If you are interested in it, we can build something together.

[hellodword]

Yeah I noticed that, you're on the service-side, I'm on the client-side.

I mean I prefer finding the most popular fingerprints and create libraries for mimicry purposes:

• https://github.com/refraction-networking/utls
• https://github.com/hellodword/http2-custom-fingerprint

build something together

But the most popular fingerprints are useful for both, so yes I believe we can find a way to work together.

debugging GH actions was actually way more complicated than I thought

Agree, especially the non-Linux platforms (which are the most popular), so I prefer the Windows/OSX/Android in container way, actually I'm learning about it:

[wi1dcard]

I mean I prefer finding the most popular fingerprints and create libraries for mimicry purposes

Hahaha, you know what, I collected these fingerprints for mitigating bot abuse of free query APIs which are made for our web frontend. That's the initial propose of creating fingerproxy 😂 However, it's okay to use it from the other side, I don't mind that at all.

especially the non-Linux platforms (which are the most popular)

Yeah, it might take some time to make all these cross-platform tests work. I'm familiar with macOS and Linux but not Windows.

[hellodword]

Finally got it working 🤔 https://github.com/hellodword/tls-fingerprinting/actions/runs/8813015747

I'm familiar with macOS

I think you can do some research with https://github.com/sickcodes/Docker-OSX

[hellodword]

The firefox/chrome on win10/win11 are both done, via https://github.com/dockur/windows

https://github.com/hellodword/tls-fingerprinting/tree/assets

I'll try to find a way to install and run specific version of edge in the next

[hellodword]

Edge done, a little bit dirty but working https://github.com/hellodword/tls-fingerprinting/actions/runs/8845912592

[wi1dcard]

Edge done, a little bit dirty but working https://github.com/hellodword/tls-fingerprinting/actions/runs/8845912592

Yeah actually I took a look of the code today, it is quite complex 😂 using windows in docker + github action is really a challenge. Awesome work!

[hellodword]

it is quite complex

Sorry for being a mess at prototype stage, I did some refactoring and documenting, and clarified the components:

https://github.com/hellodword/anti-fingerprinting/blob/master/README.md

using windows in docker + github action is really a challenge

Indeed, but much better than the windows-latest actions runner. And the dockur/windows provides a full-featured and real windows, not windows server or nanoserver, I think it's important for fingerprinting.

[hellodword]

I noticed the ja3 and ja4 are not stable with real-world browsers:

The way I'm using fingerproxy: https://github.com/hellodword/anti-fingerprinting/blob/b215d086d5e5ccd2cc9526b3684ef0dd44155f6d/cmd/collector/main.go#L177-L224

And you can find the results' diffs here: https://github.com/hellodword/anti-fingerprinting/commits/assets/

For example, this is the same version of Edge on windows 10: https://github.com/hellodword/anti-fingerprinting/commit/90507a565004b48ee70ce1ea90c786b1796c59b7

I heard that chromium brings a mechanism called TLS extension permutation, it it the reason?

Any idea?

[wi1dcard]

Yes I think it is the reason. However I only know that will affect JA3, not JA4. I'm not sure.