←back to thread

Curl-impersonate: Special build of curl that can impersonate the major browsers

(github.com)
545 points mmh0000 | 1 comments | 03 Apr 25 15:24 UTC | HN request time: 0.203s | source
Show context
davidsojevic ◴[03 Apr 25 23:26 UTC] No.43576680[source]
There's a fork of this that has some great improvements over to the top of the original and it is also actively maintained: https://github.com/lexiforest/curl-impersonate

There's also Python bindings for the fork for anyone who uses Python: https://github.com/lexiforest/curl_cffi

replies(3): >>43578994 #>>43580445 #>>43583614 #
nyanpasu64 ◴[04 Apr 25 06:37 UTC] No.43578994[source]
I suppose it does make sense that a "make curl look like a browser" program would get sponsored by "bypass bot detection" services...
replies(1): >>43581862 #
ImHereToVote ◴[04 Apr 25 13:14 UTC] No.43581862[source]
Easy. Just make a small fragment shader to produce a token in your client. No bot is going to waste GPU resources to compile your shader.
replies(4): >>43582452 #>>43583572 #>>43584954 #>>43601084 #
zffr ◴[04 Apr 25 15:10 UTC] No.43583572[source]
Can't a bot just collect a few real tokens and then send those instead of trying to run the shader?
replies(1): >>43583702 #
ImHereToVote ◴[04 Apr 25 15:20 UTC] No.43583702[source]
How do you automate that? Just generate a new token for each day.
replies(1): >>43589582 #
kevindamm ◴[05 Apr 25 01:27 UTC] No.43589582[source]
replay attacks are some of the easiest to automate
replies(1): >>43591462 #
1. ImHereToVote ◴[05 Apr 25 06:52 UTC] No.43591462[source]
But each client gets their own token to solve.