diff --git a/chrome/curl_safari17_0 b/chrome/curl_safari17_0 new file mode 100755 index 00000000..00e8dd46 --- /dev/null +++ b/chrome/curl_safari17_0 @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +# Find the directory of this script +dir=${0%/*} + +# The list of ciphers can be obtained by looking at the Client Hello message in +# Wireshark, then converting it using this reference +# https://wiki.mozilla.org/Security/Cipher_Suites +"$dir/curl-impersonate-chrome" \ + --ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA \ + --curves X25519:P-256:P-384:P-521 \ + --signature-hashes ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256,ecdsa_secp384r1_sha384,ecdsa_sha1,rsa_pss_rsae_sha384,rsa_pss_rsae_sha384,rsa_pkcs1_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha512,rsa_pkcs1_sha1 \ + -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \ + -H 'Sec-Fetch-Site: none' \ + -H 'Accept-Encoding: gzip, deflate, br' \ + -H 'Sec-Fetch-Mode: navigate' \ + -H 'User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1' \ + -H 'Accept-Language: en-US,en;q=0.9' \ + -H 'Sec-Fetch-Dest: document' \ + --http2 \ + --http2-settings '2:0;4:4194304;3:100' \ + --http2-pseudo-headers-order 'mspa' \ + --http2-window-update 10485760 \ + --compressed \ + --tlsv1.0 --no-tls-session-ticket \ + --cert-compression zlib \ + "$@" diff --git a/chrome/patches/curl-impersonate.patch b/chrome/patches/curl-impersonate.patch index dfe102b2..2bc8422d 100644 --- a/chrome/patches/curl-impersonate.patch +++ b/chrome/patches/curl-impersonate.patch @@ -1221,10 +1221,10 @@ index 562c05c99..b99c085d5 100644 * Store nghttp2 version info in this buffer. diff --git a/lib/impersonate.c b/lib/impersonate.c new file mode 100644 -index 000000000..04e58f7ca +index 000000000..00a2ba9c3 --- /dev/null +++ b/lib/impersonate.c -@@ -0,0 +1,689 @@ +@@ -0,0 +1,745 @@ +#include "curl_setup.h" + +#include @@ -1910,6 +1910,62 @@ index 000000000..04e58f7ca + .http2_pseudo_headers_order = "mspa" + }, + { ++ .target = "safari17_0", ++ .httpversion = CURL_HTTP_VERSION_2_0, ++ .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT, ++ .ciphers = ++ "TLS_AES_128_GCM_SHA256," ++ "TLS_AES_256_GCM_SHA384," ++ "TLS_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," ++ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," ++ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," ++ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," ++ "TLS_RSA_WITH_AES_256_GCM_SHA384," ++ "TLS_RSA_WITH_AES_128_GCM_SHA256," ++ "TLS_RSA_WITH_AES_256_CBC_SHA," ++ "TLS_RSA_WITH_AES_128_CBC_SHA," ++ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," ++ "TLS_RSA_WITH_3DES_EDE_CBC_SHA", ++ .curves = "X25519:P-256:P-384:P-521", ++ .sig_hash_algs = ++ "ecdsa_secp256r1_sha256," ++ "rsa_pss_rsae_sha256," ++ "rsa_pkcs1_sha256," ++ "ecdsa_secp384r1_sha384," ++ "ecdsa_sha1," ++ "rsa_pss_rsae_sha384," ++ "rsa_pss_rsae_sha384," ++ "rsa_pkcs1_sha384," ++ "rsa_pss_rsae_sha512," ++ "rsa_pkcs1_sha512," ++ "rsa_pkcs1_sha1", ++ .npn = false, ++ .alpn = true, ++ .alps = false, ++ .tls_session_ticket = false, ++ .cert_compression = "zlib", ++ .http_headers = { ++ "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", ++ "Sec-Fetch-Site: none", ++ "Accept-Encoding: gzip, deflate, br", ++ "Sec-Fetch-Mode: navigate", ++ "user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15", ++ "Accept-Language: en-US,en;q=0.9", ++ "Sec-Fetch-Dest: document" ++ }, ++ .http2_settings = "2:0;4:4194304;3:100", ++ .http2_window_update = 10485760, ++ .http2_pseudo_headers_order = "mspa" ++ }, ++ { + /* Last one must be NULL. */ + .target = NULL + } diff --git a/tests/signatures/safari_15.3_macos11.6.4.yaml b/tests/signatures/safari_15.3_macos11.6.4.yaml index d2502377..e0e0f166 100644 --- a/tests/signatures/safari_15.3_macos11.6.4.yaml +++ b/tests/signatures/safari_15.3_macos11.6.4.yaml @@ -9,8 +9,7 @@ signature: frames: - frame_type: HEADERS headers: - - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 - (KHTML, like Gecko) Version/15.3 Safari/605.1.15' + - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.3 Safari/605.1.15' - 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' - 'accept-language: en-us' - 'accept-encoding: gzip, deflate, br' diff --git a/tests/signatures/safari_17.0_macOS.yaml b/tests/signatures/safari_17.0_macOS.yaml new file mode 100644 index 00000000..eeb229d2 --- /dev/null +++ b/tests/signatures/safari_17.0_macOS.yaml @@ -0,0 +1,145 @@ +browser: + name: safari + os: macOS + version: 17.0 +signature: + http2: + frames: + - frame_type: SETTINGS + settings: + - key: 2 + value: 0 + - key: 4 + value: 4194304 + - key: 3 + value: 100 + stream_id: 0 + - frame_type: WINDOW_UPDATE + stream_id: 0 + window_size_increment: 10485760 + - frame_type: SETTINGS + settings: [] + stream_id: 0 + - frame_type: HEADERS + headers: + - 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' + - 'sec-fetch-site: none' + - 'accept-encoding: gzip, deflate, br' + - 'sec-fetch-mode: navigate' + - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Safari/605.1.15' + - 'accept-language: en-US,en;q=0.9' + - 'sec-fetch-dest: document' + pseudo_headers: + - :method + - :scheme + - :path + - :authority + stream_id: 1 + tls_client_hello: + ciphersuites: + - GREASE + - 4865 + - 4866 + - 4867 + - 49196 + - 49195 + - 52393 + - 49200 + - 49199 + - 52392 + - 49162 + - 49161 + - 49172 + - 49171 + - 157 + - 156 + - 53 + - 47 + - 49160 + - 49170 + - 10 + comp_methods: + - 0 + extensions: + - length: 0 + type: GREASE + - type: server_name + - length: 0 + type: extended_master_secret + - length: 1 + type: renegotiation_info + - length: 12 + supported_groups: + - GREASE + - 29 + - 23 + - 24 + - 25 + type: supported_groups + - ec_point_formats: + - 0 + length: 2 + type: ec_point_formats + - alpn_list: + - h2 + - http/1.1 + length: 14 + type: application_layer_protocol_negotiation + - length: 5 + status_request_type: 1 + type: status_request + - length: 24 + sig_hash_algs: + - 1027 + - 2052 + - 1025 + - 1283 + - 515 + - 2053 + - 2053 + - 1281 + - 2054 + - 1537 + - 513 + type: signature_algorithms + - length: 0 + type: signed_certificate_timestamp + - key_shares: + - group: GREASE + length: 1 + - group: 29 + length: 32 + length: 43 + type: keyshare + - length: 2 + psk_ke_mode: 1 + type: psk_key_exchange_modes + - length: 11 + supported_versions: + - GREASE + - TLS_VERSION_1_3 + - TLS_VERSION_1_2 + - TLS_VERSION_1_1 + - TLS_VERSION_1_0 + type: supported_versions + - algorithms: + - 1 + length: 3 + type: compress_certificate + - data: !!binary | + AA== + length: 1 + type: GREASE + - type: padding + handshake_version: TLS_VERSION_1_2 + record_version: TLS_VERSION_1_0 + session_id_length: 32 +third_party: + akamai_hash: 959a7e813b79b909a1a0b00a38e8bba3 + akamai_text: 2:0;4:4194304;3:100|10485760|0|m,s,p,a + ja3_hash: 773906b0efdefa24a7f2b8eb6985bf37 + ja3_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-23-65281-10-11-16-5-13-18-51-45-43-27-21,29-23-24-25,0 + ja3n_hash: 44f7ed5185d22c92b96da72dbe68d307 + ja3n_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-5-10-11-13-16-18-21-23-27-43-45-51-65281,29-23-24-25,0 + user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 + (KHTML, like Gecko) Version/17.0 Safari/605.1.15 diff --git a/tests/targets.yaml b/tests/targets.yaml index 2498d36f..695bb231 100644 --- a/tests/targets.yaml +++ b/tests/targets.yaml @@ -55,6 +55,10 @@ - null - null - safari_15.5_macos12.4 +- - curl_safari17_0 + - null + - null + - safari_17.0_macOS - - curl_safari17_2_ios - null - null @@ -147,6 +151,10 @@ - CURL_IMPERSONATE: safari15_5 - libcurl-impersonate-chrome - safari_15.5_macos12.4 +- - minicurl + - CURL_IMPERSONATE: safari17_0 + - libcurl-impersonate-chrome + - safari_17.2_macOS - - minicurl - CURL_IMPERSONATE: safari17_2_ios - libcurl-impersonate-chrome