Add Safari 17.0 on macOS

lexiforest · Dec 31, 2023 · 091628e · 091628e
1 parent 310770a
commit 091628e
Show file tree

Hide file tree

Showing 5 changed files with 239 additions and 4 deletions.
diff --git a/chrome/curl_safari17_0 b/chrome/curl_safari17_0
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# Find the directory of this script
+dir=${0%/*}
+
+# The list of ciphers can be obtained by looking at the Client Hello message in
+# Wireshark, then converting it using this reference
+# https://wiki.mozilla.org/Security/Cipher_Suites
+"$dir/curl-impersonate-chrome" \
+    --ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA \
+    --curves X25519:P-256:P-384:P-521 \
+    --signature-hashes ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256,ecdsa_secp384r1_sha384,ecdsa_sha1,rsa_pss_rsae_sha384,rsa_pss_rsae_sha384,rsa_pkcs1_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha512,rsa_pkcs1_sha1 \
+    -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
+    -H 'Sec-Fetch-Site: none' \
+    -H 'Accept-Encoding: gzip, deflate, br' \
+    -H 'Sec-Fetch-Mode: navigate' \
+    -H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1' \
+    -H 'Accept-Language: en-US,en;q=0.9' \
+    -H 'Sec-Fetch-Dest: document' \
+    --http2 \
+    --http2-settings '2:0;4:4194304;3:100' \
+    --http2-pseudo-headers-order 'mspa' \
+    --http2-window-update 10485760 \
+    --compressed \
+    --tlsv1.0 --no-tls-session-ticket \
+    --cert-compression zlib \
+    "$@"
diff --git a/chrome/patches/curl-impersonate.patch b/chrome/patches/curl-impersonate.patch
@@ -1221,10 +1221,10 @@ index 562c05c99..b99c085d5 100644
   * Store nghttp2 version info in this buffer.
 diff --git a/lib/impersonate.c b/lib/impersonate.c
 new file mode 100644
-index 000000000..04e58f7ca
+index 000000000..00a2ba9c3
 --- /dev/null
 +++ b/lib/impersonate.c
-@@ -0,0 +1,689 @@
+@@ -0,0 +1,745 @@
 +#include "curl_setup.h"
 +
 +#include <curl/curl.h>
@@ -1910,6 +1910,62 @@ index 000000000..04e58f7ca
 +    .http2_pseudo_headers_order = "mspa"
 +  },
 +  {
++    .target = "safari17_0",
++    .httpversion = CURL_HTTP_VERSION_2_0,
++    .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT,
++    .ciphers =
++      "TLS_AES_128_GCM_SHA256,"
++      "TLS_AES_256_GCM_SHA384,"
++      "TLS_CHACHA20_POLY1305_SHA256,"
++      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,"
++      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,"
++      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,"
++      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,"
++      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,"
++      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,"
++      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,"
++      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
++      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,"
++      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,"
++      "TLS_RSA_WITH_AES_256_GCM_SHA384,"
++      "TLS_RSA_WITH_AES_128_GCM_SHA256,"
++      "TLS_RSA_WITH_AES_256_CBC_SHA,"
++      "TLS_RSA_WITH_AES_128_CBC_SHA,"
++      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,"
++      "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,"
++      "TLS_RSA_WITH_3DES_EDE_CBC_SHA",
++    .curves = "X25519:P-256:P-384:P-521",
++    .sig_hash_algs =
++      "ecdsa_secp256r1_sha256,"
++      "rsa_pss_rsae_sha256,"
++      "rsa_pkcs1_sha256,"
++      "ecdsa_secp384r1_sha384,"
++      "ecdsa_sha1,"
++      "rsa_pss_rsae_sha384,"
++      "rsa_pss_rsae_sha384,"
++      "rsa_pkcs1_sha384,"
++      "rsa_pss_rsae_sha512,"
++      "rsa_pkcs1_sha512,"
++      "rsa_pkcs1_sha1",
++    .npn = false,
++    .alpn = true,
++    .alps = false,
++    .tls_session_ticket = false,
++    .cert_compression = "zlib",
++    .http_headers = {
++        "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
++        "Sec-Fetch-Site: none",
++        "Accept-Encoding: gzip, deflate, br",
++        "Sec-Fetch-Mode: navigate",
++        "user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15",
++        "Accept-Language: en-US,en;q=0.9",
++        "Sec-Fetch-Dest: document"
++    },
++    .http2_settings = "2:0;4:4194304;3:100",
++    .http2_window_update = 10485760,
++    .http2_pseudo_headers_order = "mspa"
++  },
++  {
 +    /* Last one must be NULL. */
 +    .target = NULL
 +  }

diff --git a/tests/signatures/safari_15.3_macos11.6.4.yaml b/tests/signatures/safari_15.3_macos11.6.4.yaml
@@ -9,8 +9,7 @@ signature:
     frames:
     - frame_type: HEADERS
       headers:
-      - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15
-        (KHTML, like Gecko) Version/15.3 Safari/605.1.15'
+      - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15'
       - 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
       - 'accept-language: en-us'
       - 'accept-encoding: gzip, deflate, br'

diff --git a/tests/signatures/safari_17.0_macOS.yaml b/tests/signatures/safari_17.0_macOS.yaml
@@ -0,0 +1,145 @@
+browser:
+  name: safari
+  os: macOS
+  version: 17.0
+signature:
+  http2:
+    frames:
+    - frame_type: SETTINGS
+      settings:
+      - key: 2
+        value: 0
+      - key: 4
+        value: 4194304
+      - key: 3
+        value: 100
+      stream_id: 0
+    - frame_type: WINDOW_UPDATE
+      stream_id: 0
+      window_size_increment: 10485760
+    - frame_type: SETTINGS
+      settings: []
+      stream_id: 0
+    - frame_type: HEADERS
+      headers:
+      - 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
+      - 'sec-fetch-site: none'
+      - 'accept-encoding: gzip, deflate, br'
+      - 'sec-fetch-mode: navigate'
+      - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15'
+      - 'accept-language: en-US,en;q=0.9'
+      - 'sec-fetch-dest: document'
+      pseudo_headers:
+      - :method
+      - :scheme
+      - :path
+      - :authority
+      stream_id: 1
+  tls_client_hello:
+    ciphersuites:
+    - GREASE
+    - 4865
+    - 4866
+    - 4867
+    - 49196
+    - 49195
+    - 52393
+    - 49200
+    - 49199
+    - 52392
+    - 49162
+    - 49161
+    - 49172
+    - 49171
+    - 157
+    - 156
+    - 53
+    - 47
+    - 49160
+    - 49170
+    - 10
+    comp_methods:
+    - 0
+    extensions:
+    - length: 0
+      type: GREASE
+    - type: server_name
+    - length: 0
+      type: extended_master_secret
+    - length: 1
+      type: renegotiation_info
+    - length: 12
+      supported_groups:
+      - GREASE
+      - 29
+      - 23
+      - 24
+      - 25
+      type: supported_groups
+    - ec_point_formats:
+      - 0
+      length: 2
+      type: ec_point_formats
+    - alpn_list:
+      - h2
+      - http/1.1
+      length: 14
+      type: application_layer_protocol_negotiation
+    - length: 5
+      status_request_type: 1
+      type: status_request
+    - length: 24
+      sig_hash_algs:
+      - 1027
+      - 2052
+      - 1025
+      - 1283
+      - 515
+      - 2053
+      - 2053
+      - 1281
+      - 2054
+      - 1537
+      - 513
+      type: signature_algorithms
+    - length: 0
+      type: signed_certificate_timestamp
+    - key_shares:
+      - group: GREASE
+        length: 1
+      - group: 29
+        length: 32
+      length: 43
+      type: keyshare
+    - length: 2
+      psk_ke_mode: 1
+      type: psk_key_exchange_modes
+    - length: 11
+      supported_versions:
+      - GREASE
+      - TLS_VERSION_1_3
+      - TLS_VERSION_1_2
+      - TLS_VERSION_1_1
+      - TLS_VERSION_1_0
+      type: supported_versions
+    - algorithms:
+      - 1
+      length: 3
+      type: compress_certificate
+    - data: !!binary |
+        AA==
+      length: 1
+      type: GREASE
+    - type: padding
+    handshake_version: TLS_VERSION_1_2
+    record_version: TLS_VERSION_1_0
+    session_id_length: 32
+third_party:
+  akamai_hash: 959a7e813b79b909a1a0b00a38e8bba3
+  akamai_text: 2:0;4:4194304;3:100|10485760|0|m,s,p,a
+  ja3_hash: 773906b0efdefa24a7f2b8eb6985bf37
+  ja3_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-23-65281-10-11-16-5-13-18-51-45-43-27-21,29-23-24-25,0
+  ja3n_hash: 44f7ed5185d22c92b96da72dbe68d307
+  ja3n_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-5-10-11-13-16-18-21-23-27-43-45-51-65281,29-23-24-25,0
+  user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15
+    (KHTML, like Gecko) Version/17.0 Safari/605.1.15
diff --git a/tests/targets.yaml b/tests/targets.yaml
@@ -55,6 +55,10 @@
   - null
   - null
   - safari_15.5_macos12.4
+- - curl_safari17_0
+  - null
+  - null
+  - safari_17.0_macOS
 - - curl_safari17_2_ios
   - null
   - null
@@ -147,6 +151,10 @@
   - CURL_IMPERSONATE: safari15_5
   - libcurl-impersonate-chrome
   - safari_15.5_macos12.4
+- - minicurl
+  - CURL_IMPERSONATE: safari17_0
+  - libcurl-impersonate-chrome
+  - safari_17.2_macOS
 - - minicurl
   - CURL_IMPERSONATE: safari17_2_ios
   - libcurl-impersonate-chrome