←back to thread

Curl-impersonate: Special build of curl that can impersonate the major browsers

(github.com)
545 points mmh0000 | 3 comments | 03 Apr 25 15:24 UTC | HN request time: 0s | source
Show context
VladVladikoff ◴[03 Apr 25 17:46 UTC] No.43573068[source]
Wait a sec… if the TLS handshakes look different, would it be possible to have an nginx level filter for traffic that claims to be a web browser (eg chrome user agent), yet really is a python/php script? Because this would account for the vast majority of malicious bot traffic, and I would love to just block it.
replies(4): >>43573098 #>>43573360 #>>43574581 #>>43574731 #
gruez ◴[03 Apr 25 17:49 UTC] No.43573098[source]
That's basically what security vendors like cloudflare does, except with even more fingerprinting, like a javascript challenge that checks the js interpreter/DOM.
replies(1): >>43573395 #
walrus01 ◴[03 Apr 25 18:16 UTC] No.43573395[source]
JS to check user agent things like screen window dimensions as well, which legit browsers will have and bots will also present but with a more uniform and predictable set of x and y dimensions per set of source IPs. Lots of possibilities for js endpoint fingerprinting.
replies(1): >>43584789 #
1. Fripplebubby ◴[04 Apr 25 16:35 UTC] No.43584789{3}[source]
I also present a uniform and predictable set of x and y dimensions per source IPs as a human user who maximizes my browser window
replies(1): >>43585062 #
2. gruez ◴[04 Apr 25 16:57 UTC] No.43585062[source]
Maximizing reduces the variations, but there's still quite a bit of variation because of different display resolution + scaling settings + OS configuration (eg. short or tall taskbars).
replies(1): >>43585374 #
3. walrus01 ◴[04 Apr 25 17:23 UTC] No.43585374[source]
Or settings like auto-hide MacOS dock vs not auto hide, affecting the vertical size of the browser window.