←back to thread

Curl-impersonate: Special build of curl that can impersonate the major browsers

(github.com)
545 points mmh0000 | 1 comments | 03 Apr 25 15:24 UTC | HN request time: 0.28s | source
Show context
ryao ◴[03 Apr 25 18:57 UTC] No.43573858[source]
Did they also set IP_TTL to set the TTL value to match the platform being impersonated?

If not, then fingerprinting could still be done to some extent at the IP layer. If the TTL value in the IP layer is below 64, it is obvious this is either not running on modern Windows or is running on a modern Windows machine that has had its default TTL changed, since by default the TTL of packets on modern Windows starts at 128 while most other platforms start it at 64. Since the other platforms do not have issues communicating over the internet, so IP packets from modern Windows will always be seen by the remote end with TTLs at or above 64 (likely just above).

That said, it would be difficult to fingerprint at the IP layer, although it is not impossible.

replies(3): >>43573901 #>>43574995 #>>43576160 #
fc417fc802 ◴[03 Apr 25 22:20 UTC] No.43576160[source]
What is the reasoning behind TTL counting down instead of up, anyway? Wouldn't we generally expect those routing the traffic to determine if and how to do so?
replies(3): >>43576272 #>>43578577 #>>43583188 #
sadjad ◴[03 Apr 25 22:33 UTC] No.43576272[source]
The primary purpose of TTL is to prevent packets from looping endlessly during routing. If a packet gets stuck in a loop, its TTL will eventually reach zero, and then it will be dropped.
replies(1): >>43576457 #
fc417fc802 ◴[03 Apr 25 22:55 UTC] No.43576457[source]
That doesn't answer my question. If it counted up then it would be up to each hop to set its own policy. Things wouldn't loop endlessly in that scenario either.
replies(3): >>43576561 #>>43576648 #>>43578588 #
1. ryao ◴[04 Apr 25 05:16 UTC] No.43578588[source]
Then random internet routers could break internet traffic by setting it really low and the user could not do a thing about it. They technically still can by discarding all traffic whose value is less than some value, but they don’t. The idea that they should set their own policy could fundamentally break network traffic flows if it ever became practiced.