Curl-impersonate: Special build of curl that can impersonate the major browsers

(github.com)

545 points mmh0000 | 1 comments | 03 Apr 25 15:24 UTC | HN request time: 0.217s | source

Show context

jchw ◴[03 Apr 25 16:40 UTC] No.43572243[source]▶

I'm rooting for Ladybird to gain traction in the future. Currently, it is using cURL proper for networking. That is probably going to have some challenges (I think cURL is still limited in some ways, e.g. I don't think it can do WebSockets over h2 yet) but on the other hand, having a rising browser engine might eventually remove this avenue for fingerprinting since legitimate traffic will have the same fingerprint as stock cURL.

replies(6): >>43572413 #>>43573011 #>>43574225 #>>43576912 #>>43580376 #>>43583469 #

userbinator ◴[04 Apr 25 00:01 UTC] No.43576912[source]▶

>>43572243 #

but on the other hand, having a rising browser engine might eventually remove this avenue for fingerprinting

If what I've seen from CloudFlare et.al. are any indication, it's the exact opposite --- the amount of fingerprinting and "exploitation" of implementation-defined behaviour has increased significantly in the past few months, likely in an attempt to kill off other browser engines; the incumbents do not like competition at all.

The enemy has been trying to spin it as "AI bots DDoSing" but one wonders how much of that was their own doing...

replies(3): >>43577273 #>>43578375 #>>43578710 #

1. SoftTalker ◴[04 Apr 25 04:39 UTC] No.43578375[source]▶

>>43576912 #

It's entirely deliberate. CloudFlare could certainly distinguish low-volume but legit web browsers from bots, as much as they can distinguish chrome/edge/safari/firefox from bots. That is if they cared to.

↑