Add support for Chrome 131 (#87)

* Add Chrome 131 * Add tests and fix build script * Update windows boring commit hash * Revert 8.11.0 docs * Fix boringssl .a path in CI * Fix Chrome 131 UA * Update readme * Fix Chrome 131 tests keyshare algorithm --------- Co-authored-by: Yifei Kong <[email protected]>
lexiforest · Nov 29, 2024 · 1c40195 · 1c40195
1 parent 325a4ab
commit 1c40195
Show file tree

Hide file tree

Showing 9 changed files with 428 additions and 78 deletions.
diff --git a/.github/workflows/build-and-test-make.yml b/.github/workflows/build-and-test-make.yml
@@ -178,7 +178,7 @@ jobs:
           cp ${{ runner.temp }}/zstd/lib/lib*.a ${{ runner.temp }}/install/lib
           cp nghttp2*/installed/lib/lib*.a ${{ runner.temp }}/install/lib
           cp brotli*/out/installed/lib/lib*.a ${{ runner.temp }}/install/lib
-          cp boringssl/build/lib/lib*.a ${{ runner.temp }}/install/lib
+          cp boringssl*/lib/lib*.a ${{ runner.temp }}/install/lib
 
           cd ${{ runner.temp }}/install/lib
           ls -lah .

diff --git a/Makefile.in b/Makefile.in
@@ -11,17 +11,17 @@ SUBJOBS := 4
 
 BROTLI_VERSION := 1.1.0
  # In case this is changed, update build-and-test-make.yml as well
- # In case this is changed, update build-and-test-make.yml as well
-BORING_SSL_COMMIT := d24a38200fef19150eef00cad35b138936c08767
+BORING_SSL_COMMIT := cd95210465496ac2337b313cf49f607762abe286
 NGHTTP2_VERSION := nghttp2-1.63.0
 NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2
 CURL_VERSION := curl-8_7_1
 
 # https://github.com/google/brotli/commit/641bec0e30bea648b3da1cd90fc6b44deb429f71
 brotli_install_dir := $(abspath brotli-$(BROTLI_VERSION)/out/installed)
 brotli_static_libs := $(brotli_install_dir)/lib/libbrotlicommon.a $(brotli_install_dir)/lib/libbrotlidec.a
-boringssl_install_dir := $(abspath boringssl/build)
-boringssl_static_libs := $(boringssl_install_dir)/lib/libssl.a $(boringssl_install_dir)/lib/libcrypto.a
+boringssl_dir := $(abspath boringssl-$(BORING_SSL_COMMIT))
+boringssl_install_dir := $(boringssl_dir)/build
+boringssl_static_libs := $(boringssl_dir)/lib/libssl.a $(boringssl_dir)/lib/libcrypto.a
 nghttp2_install_dir := $(abspath $(NGHTTP2_VERSION)/installed)
 nghttp2_static_libs := $(nghttp2_install_dir)/lib/libnghttp2.a
 
@@ -110,7 +110,7 @@ chrome-clean: ## Clean build artifacts of the Chrome version. Use after re-runni
 
 clean: ## Remove all build artifacts, including dependencies
 	rm -Rf brotli-$(BROTLI_VERSION).tar.gz brotli-$(BROTLI_VERSION)
-	rm -Rf boringssl.zip boringssl
+	rm -Rf boringssl-$(BORING_SSL_COMMIT).zip boringssl-$(BORING_SSL_COMMIT)
 	rm -Rf $(NGHTTP2_VERSION).tar.bz2 $(NGHTTP2_VERSION)
 	rm -Rf $(CURL_VERSION).tar.gz $(CURL_VERSION)
 
@@ -151,19 +151,19 @@ $(brotli_static_libs): brotli-$(BROTLI_VERSION).tar.gz
 	@cmake@ --build . --config Release --target install --parallel $(SUBJOBS)
 
 
-boringssl.zip:
+boringssl-$(BORING_SSL_COMMIT).zip:
 	curl -L https://github.com/google/boringssl/archive/$(BORING_SSL_COMMIT).zip \
-		-o boringssl.zip
+		-o boringssl-$(BORING_SSL_COMMIT).zip
 
 # Patch boringssl and use a dummy '.patched' file to mark it patched
-boringssl/.patched: $(srcdir)/chrome/patches/boringssl.patch
-	unzip -q -o boringssl.zip
-	mv boringssl-$(BORING_SSL_COMMIT) boringssl
-	cd boringssl/
+boringssl-$(BORING_SSL_COMMIT)/.patched: $(srcdir)/chrome/patches/boringssl.patch
+	unzip -q -o boringssl-$(BORING_SSL_COMMIT).zip
+	# mv boringssl boringssl-$(BORING_SSL_COMMIT)
+	cd boringssl-$(BORING_SSL_COMMIT)/
 	for p in $^; do patch -p1 < $$p; done
 	touch .patched
 
-$(boringssl_static_libs): boringssl.zip boringssl/.patched
+$(boringssl_static_libs): boringssl-$(BORING_SSL_COMMIT).zip boringssl-$(BORING_SSL_COMMIT)/.patched
 	mkdir -p $(boringssl_install_dir)
 	cd $(boringssl_install_dir)
 
@@ -194,12 +194,12 @@ $(boringssl_static_libs): boringssl.zip boringssl/.patched
 			-GNinja \
 			..
 	@ninja@ -j$(SUBJOBS)
+
 	# Fix the directory structure so that curl can compile against it.
-	# See https://everything.curl.dev/source/build/tls/boringssl
-	mkdir -p lib
-	ln -sf ../crypto/libcrypto.a lib/libcrypto.a
-	ln -sf ../ssl/libssl.a lib/libssl.a
-	cp -Rf ../include .
+	# See: https://everything.curl.dev/build/boringssl.html
+	mkdir -p $(boringssl_dir)/lib
+	cp ssl/libssl.a $(boringssl_dir)/lib
+	cp crypto/libcrypto.a $(boringssl_dir)/lib
 
 
 $(NGHTTP2_VERSION).tar.bz2:
@@ -251,7 +251,7 @@ $(CURL_VERSION)/.chrome: $(chrome_libs)	$(CURL_VERSION).tar.gz $(CURL_VERSION)/.
 	  config_flags="--prefix=@prefix@"; \
 	  config_flags="$$config_flags --with-nghttp2=$(nghttp2_install_dir)"; \
 	  config_flags="$$config_flags --with-brotli=$(brotli_install_dir)"; \
-	  config_flags="$$config_flags --with-openssl=$(boringssl_install_dir)"; \
+	  config_flags="$$config_flags --with-openssl=$(boringssl_dir)"; \
 	  config_flags="$$config_flags --enable-websockets"; \
 	  config_flags="$$config_flags --enable-ech"; \
 	  config_flags="$$config_flags --enable-ipv6"; \
@@ -278,12 +278,12 @@ $(CURL_VERSION)/.chrome: $(chrome_libs)	$(CURL_VERSION).tar.gz $(CURL_VERSION)/.
 	  if test -n "$(with_ca_path)"; then \
 		config_flags="$$config_flags --with-ca-path=$(with_ca_path)"; \
 	  fi; \
-	  add_libs="-pthread"; \
+	  add_libs="-pthread -lc++"; \
 	}
 
 	echo "Configuring curl with: $$config_flags"
 
-	./configure $$config_flags LIBS="$$add_libs"
+	CXXFLAGS="-stdlib=libc++" LDFLAGS="-lc++" ./configure $$config_flags LIBS="$$add_libs"
 
 	# Remove possible leftovers from a previous compilation
 	$(MAKE) clean MAKEFLAGS=

diff --git a/README.md b/README.md
@@ -56,6 +56,7 @@ The following browsers can be impersonated.
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 120 | 120.0.6099.109 | macOS Sonoma | `chrome120` | [curl_chrome120](chrome/curl_chrome120) |
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 123 | 123.0.6312.124 | macOS Sonoma | `chrome123` | [curl_chrome123](chrome/curl_chrome123) |
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 124 | 124.0.6367.60 | macOS Sonoma | `chrome124` | [curl_chrome124](chrome/curl_chrome124) |
+| ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 131 | 131.0.6778.86 | macOS Sonoma | `chrome131` | [curl_chrome131](chrome/curl_chrome131) |
 | ![Chrome](https://raw.githubusercontent.com/alrra/browser-logos/main/src/chrome/chrome_24x24.png "Chrome") | 99 | 99.0.4844.73 | Android 12 | `chrome99_android` | [curl_chrome99_android](chrome/curl_chrome99_android) |
 | ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/main/src/edge/edge_24x24.png "Edge") | 99 | 99.0.1150.30 | Windows 10 | `edge99` | [curl_edge99](chrome/curl_edge99) |
 | ![Edge](https://raw.githubusercontent.com/alrra/browser-logos/main/src/edge/edge_24x24.png "Edge") | 101 | 101.0.1210.47 | Windows 10 | `edge101` | [curl_edge101](chrome/curl_edge101) |

diff --git a/chrome/curl_chrome131 b/chrome/curl_chrome131
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+# Updates in this version:
+# 1. Added MLKEM to replace the X25519Kyber768
+
+# Find the directory of this script
+dir=${0%/*}
+
+# The list of ciphers can be obtained by looking at the Client Hello message in
+# Wireshark, then converting it using this reference
+# https://wiki.mozilla.org/Security/Cipher_Suites
+"$dir/curl-impersonate-chrome" \
+    --ciphers TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-RSA-CHACHA20-POLY1305,ECDHE-RSA-AES128-SHA,ECDHE-RSA-AES256-SHA,AES128-GCM-SHA256,AES256-GCM-SHA384,AES128-SHA,AES256-SHA \
+    --curves X25519MLKEM768:X25519:P-256:P-384 \
+    -H 'sec-ch-ua: "Google Chrome";v="131", "Chromium";v="131", "Not_A Brand";v="24"' \
+    -H 'sec-ch-ua-mobile: ?0' \
+    -H 'sec-ch-ua-platform: "macOS"' \
+    -H 'Upgrade-Insecure-Requests: 1' \
+    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36' \
+    -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7' \
+    -H 'Sec-Fetch-Site: none' \
+    -H 'Sec-Fetch-Mode: navigate' \
+    -H 'Sec-Fetch-User: ?1' \
+    -H 'Sec-Fetch-Dest: document' \
+    -H 'Accept-Encoding: gzip, deflate, br, zstd' \
+    -H 'Accept-Language: en-US,en;q=0.9' \
+    -H 'Priority: u=0, i' \
+    --http2 \
+    --http2-settings '1:65536;2:0;4:6291456;6:262144' \
+    --http2-window-update 15663105 \
+    --http2-stream-weight 256 \
+    --http2-stream-exclusive 1 \
+    --compressed \
+    --ech GREASE \
+    --tlsv1.2 --alps --tls-permute-extensions \
+    --cert-compression brotli \
+    --tls-grease \
+    "$@"