Add the ech option in impersonate targets

README.md

@@ -39,6 +39,9 @@ The following browsers can be impersonated.
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 107 | 107.0.5304.107 | Windows 10 | `chrome107` | [curl_chrome107](chrome/curl_chrome107) |
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 110 | 110.0.5481.177 | Windows 10 | `chrome110` | [curl_chrome110](chrome/curl_chrome110) |
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 116 | 116.0.5845.180 | Windows 10 | `chrome116` | [curl_chrome116](chrome/curl_chrome116) |
+| ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 117 | 117.0.0.0 | Windows 10 | `chrome117` | [curl_chrome117](chrome/curl_chrome117) |
+| ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 118 | 118.0.0.0 | Windows 10 | `chrome118` | [curl_chrome118](chrome/curl_chrome118) |
+| ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 119 | 119.0.0.0 | Windows 10 | `chrome119` | [curl_chrome119](chrome/curl_chrome119) |
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 99 | 99.0.4844.73 | Android 12 | `chrome99_android` | [curl_chrome99_android](chrome/curl_chrome99_android) |
 | ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/main/src/edge/edge_24x24.png "Edge") | 99 | 99.0.1150.30 | Windows 10 | `edge99` | [curl_edge99](chrome/curl_edge99) |
 | ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/main/src/edge/edge_24x24.png "Edge") | 101 | 101.0.1210.47 | Windows 10 | `edge101` | [curl_edge101](chrome/curl_edge101) |
@@ -58,7 +61,7 @@ This list is also available in the [browsers.json](browsers.json) file.
 
 For each supported browser there is a wrapper script that launches `curl-impersonate` with all the needed headers and flags. For example:
 ```
-curl_chrome116 https://www.wikipedia.org
+curl_chrome119 https://www.wikipedia.org
 ```
 You can add command line flags and they will be passed on to curl. However, some flags change curl's TLS signature which may cause it to be detected.
 

chrome/patches/curl-impersonate.patch

@@ -405,7 +405,7 @@ index 777baa58a..2d542dfd6 100644
  /**
   * Return the n-th header entry or NULL if it does not exist.
 diff --git a/lib/easy.c b/lib/easy.c
-index d36cc03d1..961503fdc 100644
+index d36cc03d1..4ef99083e 100644
 --- a/lib/easy.c
 +++ b/lib/easy.c
 @@ -73,6 +73,8 @@
@@ -417,7 +417,7 @@ index d36cc03d1..961503fdc 100644
 
  #include "easy_lock.h"
 
-@@ -330,6 +332,140 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
+@@ -330,6 +332,146 @@ CURLsslset curl_global_sslset(curl_sslbackend id, const char *name,
    return rc;
  }
 
@@ -547,6 +547,12 @@ index d36cc03d1..961503fdc 100644
 +      return ret;
 +  }
 +
++  if(opts->ech) {
++    ret = curl_easy_setopt(data, CURLOPT_ECH, opts->ech);
++    if(ret)
++      return ret;
++  }
++
 +  /* Always enable all supported compressions. */
 +  ret = curl_easy_setopt(data, CURLOPT_ACCEPT_ENCODING, "");
 +  if(ret)
@@ -558,7 +564,7 @@ index d36cc03d1..961503fdc 100644
  /*
   * curl_easy_init() is the external interface to alloc, setup and init an
   * easy handle that is returned. If anything goes wrong, NULL is returned.
-@@ -338,6 +474,8 @@ struct Curl_easy *curl_easy_init(void)
+@@ -338,6 +480,8 @@ struct Curl_easy *curl_easy_init(void)
  {
    CURLcode result;
    struct Curl_easy *data;
@@ -567,7 +573,7 @@ index d36cc03d1..961503fdc 100644
 
    /* Make sure we inited the global SSL stuff */
    global_init_lock();
-@@ -360,6 +498,29 @@ struct Curl_easy *curl_easy_init(void)
+@@ -360,6 +504,29 @@ struct Curl_easy *curl_easy_init(void)
      return NULL;
    }
 
@@ -597,7 +603,7 @@ index d36cc03d1..961503fdc 100644
    return data;
  }
 
-@@ -930,6 +1091,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
+@@ -930,6 +1097,13 @@ struct Curl_easy *curl_easy_duphandle(struct Curl_easy *data)
      outcurl->state.referer_alloc = TRUE;
    }
 
@@ -611,7 +617,7 @@ index d36cc03d1..961503fdc 100644
    /* Reinitialize an SSL engine for the new handle
     * note: the engine name has already been copied by dupset */
    if(outcurl->set.str[STRING_SSL_ENGINE]) {
-@@ -1019,6 +1187,9 @@ fail:
+@@ -1019,6 +1193,9 @@ fail:
   */
  void curl_easy_reset(struct Curl_easy *data)
  {
@@ -621,7 +627,7 @@ index d36cc03d1..961503fdc 100644
    Curl_free_request_state(data);
 
    /* zero out UserDefined data: */
-@@ -1043,6 +1214,23 @@ void curl_easy_reset(struct Curl_easy *data)
+@@ -1043,6 +1220,23 @@ void curl_easy_reset(struct Curl_easy *data)
  #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_CRYPTO_AUTH)
    Curl_http_auth_cleanup_digest(data);
  #endif
@@ -1157,10 +1163,10 @@ index 562c05c99..b99c085d5 100644
   * Store nghttp2 version info in this buffer.
 diff --git a/lib/impersonate.c b/lib/impersonate.c
 new file mode 100644
-index 000000000..51759bd18
+index 000000000..f0e108b0d
 --- /dev/null
 +++ b/lib/impersonate.c
-@@ -0,0 +1,567 @@
+@@ -0,0 +1,656 @@
 +#include "curl_setup.h"
 +
 +#include <curl/curl.h>
@@ -1494,7 +1500,96 @@ index 000000000..51759bd18
 +              "Accept-Language: en-US,en;q=0.9"
 +      },
 +      .http2_no_server_push = true,
-+      .http2_skip_max_concurrent_streams = true
++      .http2_skip_max_concurrent_streams = true,
++      .ech = "GREASE"
++  },
++  {
++      .target = "chrome118",
++      .httpversion = CURL_HTTP_VERSION_2_0,
++      .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
++      .ciphers =
++      "TLS_AES_128_GCM_SHA256,"
++      "TLS_AES_256_GCM_SHA384,"
++      "TLS_CHACHA20_POLY1305_SHA256,"
++      "ECDHE-ECDSA-AES128-GCM-SHA256,"
++      "ECDHE-RSA-AES128-GCM-SHA256,"
++      "ECDHE-ECDSA-AES256-GCM-SHA384,"
++      "ECDHE-RSA-AES256-GCM-SHA384,"
++      "ECDHE-ECDSA-CHACHA20-POLY1305,"
++      "ECDHE-RSA-CHACHA20-POLY1305,"
++      "ECDHE-RSA-AES128-SHA,"
++      "ECDHE-RSA-AES256-SHA,"
++      "AES128-GCM-SHA256,"
++      "AES256-GCM-SHA384,"
++      "AES128-SHA,"
++      "AES256-SHA",
++      .npn = false,
++      .alpn = true,
++      .alps = true,
++      .tls_permute_extensions = true,
++      .tls_session_ticket = true,
++      .cert_compression = "brotli",
++      .http_headers = {
++              "sec-ch-ua: \"Chromium\";v=\"118\", \"Google Chrome\";v=\"118\", \"Not=A?Brand\";v=\"99\"",
++              "sec-ch-ua-mobile: ?0",
++              "sec-ch-ua-platform: \"Windows\"",
++              "Upgrade-Insecure-Requests: 1",
++              "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36",
++              "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
++              "Sec-Fetch-Site: none",
++              "Sec-Fetch-Mode: navigate",
++              "Sec-Fetch-User: ?1",
++              "Sec-Fetch-Dest: document",
++              "Accept-Encoding: gzip, deflate, br",
++              "Accept-Language: en-US,en;q=0.9"
++      },
++      .http2_no_server_push = true,
++      .http2_skip_max_concurrent_streams = true,
++      .ech = "GREASE"
++  },
++  {
++      .target = "chrome119",
++      .httpversion = CURL_HTTP_VERSION_2_0,
++      .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
++      .ciphers =
++      "TLS_AES_128_GCM_SHA256,"
++      "TLS_AES_256_GCM_SHA384,"
++      "TLS_CHACHA20_POLY1305_SHA256,"
++      "ECDHE-ECDSA-AES128-GCM-SHA256,"
++      "ECDHE-RSA-AES128-GCM-SHA256,"
++      "ECDHE-ECDSA-AES256-GCM-SHA384,"
++      "ECDHE-RSA-AES256-GCM-SHA384,"
++      "ECDHE-ECDSA-CHACHA20-POLY1305,"
++      "ECDHE-RSA-CHACHA20-POLY1305,"
++      "ECDHE-RSA-AES128-SHA,"
++      "ECDHE-RSA-AES256-SHA,"
++      "AES128-GCM-SHA256,"
++      "AES256-GCM-SHA384,"
++      "AES128-SHA,"
++      "AES256-SHA",
++      .npn = false,
++      .alpn = true,
++      .alps = true,
++      .tls_permute_extensions = true,
++      .tls_session_ticket = true,
++      .cert_compression = "brotli",
++      .http_headers = {
++              "sec-ch-ua: \"Google Chrome\";v=\"119\", \"Chromium\";v=\"119\", \"Not?A_Brand\";v=\"24\"",
++              "sec-ch-ua-mobile: ?0",
++              "sec-ch-ua-platform: \"Windows\"",
++              "Upgrade-Insecure-Requests: 1",
++              "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36",
++              "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
++              "Sec-Fetch-Site: none",
++              "Sec-Fetch-Mode: navigate",
++              "Sec-Fetch-User: ?1",
++              "Sec-Fetch-Dest: document",
++              "Accept-Encoding: gzip, deflate, br",
++              "Accept-Language: en-US,en;q=0.9"
++      },
++      .http2_no_server_push = true,
++      .http2_skip_max_concurrent_streams = true,
++      .ech = "GREASE"
 +  },
 +  {
 +    .target = "chrome99_android",
@@ -1730,10 +1825,10 @@ index 000000000..51759bd18
 +};
 diff --git a/lib/impersonate.h b/lib/impersonate.h
 new file mode 100644
-index 000000000..0b63f60c2
+index 000000000..f5f3dd6d9
 --- /dev/null
 +++ b/lib/impersonate.h
-@@ -0,0 +1,46 @@
+@@ -0,0 +1,47 @@
 +#ifndef HEADER_CURL_IMPERSONATE_H
 +#define HEADER_CURL_IMPERSONATE_H
 +
@@ -1769,6 +1864,7 @@ index 000000000..0b63f60c2
 +  bool http2_no_server_push;
 +  bool tls_permute_extensions;
 +  bool http2_skip_max_concurrent_streams;
++  const char *ech;
 +  /* Other TLS options will come here in the future once they are
 +   * configurable through curl_easy_setopt() */
 +};