diff --git a/.github/workflows/build-and-test-make.yml b/.github/workflows/build-and-test-make.yml index 51bced16..5ef87dfd 100644 --- a/.github/workflows/build-and-test-make.yml +++ b/.github/workflows/build-and-test-make.yml @@ -51,10 +51,10 @@ jobs: host: aarch64-linux-musl capture_interface: eth0 zigflags: -target aarch64-linux-musl -fPIC -mno-outline-atomics - - arch: i386 - host: i386-linux-musl - capture_interface: eth0 - zigflags: -target i386-linux-musl -fPIC -mno-outline-atomics + # - arch: i386 + # host: i386-linux-musl + # capture_interface: eth0 + # zigflags: -target i386-linux-musl -fPIC -mno-outline-atomics - arch: arm host: arm-linux-gnueabihf capture_interface: eth0 diff --git a/Makefile.in b/Makefile.in index 41d73245..17d4f973 100644 --- a/Makefile.in +++ b/Makefile.in @@ -13,8 +13,8 @@ BROTLI_VERSION := 1.1.0 # In case this is changed, update build-and-test-make.yml as well # In case this is changed, update build-and-test-make.yml as well BORING_SSL_COMMIT := d24a38200fef19150eef00cad35b138936c08767 -NGHTTP2_VERSION := nghttp2-1.61.0 -NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.61.0/nghttp2-1.61.0.tar.bz2 +NGHTTP2_VERSION := nghttp2-1.63.0 +NGHTTP2_URL := https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 CURL_VERSION := curl-8_7_1 # https://github.com/google/brotli/commit/641bec0e30bea648b3da1cd90fc6b44deb429f71 diff --git a/chrome/curl_safari18_0 b/chrome/curl_safari18_0 new file mode 100755 index 00000000..f9dfacff --- /dev/null +++ b/chrome/curl_safari18_0 @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +# Find the directory of this script +dir=${0%/*} + +# The list of ciphers can be obtained by looking at the Client Hello message in +# Wireshark, then converting it using this reference +# https://wiki.mozilla.org/Security/Cipher_Suites +"$dir/curl-impersonate-chrome" \ + --ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA \ + --curves X25519:P-256:P-384:P-521 \ + --signature-hashes ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256,ecdsa_secp384r1_sha384,rsa_pss_rsae_sha384,rsa_pss_rsae_sha384,rsa_pkcs1_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha512,rsa_pkcs1_sha1 \ + -H "sec-fetch-dest: document" \ + -H "user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15" \ + -H "accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \ + -H "sec-fetch-site: none" \ + -H "sec-fetch-mode: navigate" \ + -H "accept-language: en-US,en;q=0.9" \ + -H "priority: u=0, i" \ + -H "accept-encoding: gzip, deflate, br" \ + --http2 \ + --http2-settings '2:0;3:100;4:2097152;8:1;9:1' \ + --http2-pseudo-headers-order 'msap' \ + --http2-window-update 10420225 \ + --http2-stream-weight 256 \ + --http2-stream-exclusive 0 \ + --compressed \ + --tlsv1.0 --no-tls-session-ticket \ + --cert-compression zlib \ + --tls-grease \ + "$@" diff --git a/chrome/curl_safari18_0_ios b/chrome/curl_safari18_0_ios new file mode 100755 index 00000000..6af28287 --- /dev/null +++ b/chrome/curl_safari18_0_ios @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +# Find the directory of this script +dir=${0%/*} + +# The list of ciphers can be obtained by looking at the Client Hello message in +# Wireshark, then converting it using this reference +# https://wiki.mozilla.org/Security/Cipher_Suites +"$dir/curl-impersonate-chrome" \ + --ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:TLS_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_128_GCM_SHA256:TLS_RSA_WITH_AES_256_CBC_SHA:TLS_RSA_WITH_AES_128_CBC_SHA:TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:TLS_RSA_WITH_3DES_EDE_CBC_SHA \ + --curves X25519:P-256:P-384:P-521 \ + --signature-hashes ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256,rsa_pkcs1_sha256,ecdsa_secp384r1_sha384,rsa_pss_rsae_sha384,rsa_pss_rsae_sha384,rsa_pkcs1_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha512,rsa_pkcs1_sha1 \ + -H "sec-fetch-dest: document" \ + -H "user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" \ + -H "accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" \ + -H "sec-fetch-site: none" \ + -H "sec-fetch-mode: navigate" \ + -H "accept-language: en-US,en;q=0.9" \ + -H "priority: u=0, i" \ + -H "accept-encoding: gzip, deflate, br" \ + --http2 \ + --http2-settings '2:0;3:100;4:2097152;8:1;9:1' \ + --http2-pseudo-headers-order 'msap' \ + --http2-window-update 10420225 \ + --http2-stream-weight 256 \ + --http2-stream-exclusive 0 \ + --compressed \ + --tlsv1.0 --no-tls-session-ticket \ + --cert-compression zlib \ + --tls-grease \ + "$@" diff --git a/chrome/patches/curl-impersonate.patch b/chrome/patches/curl-impersonate.patch index 1a103b5a..77dc199e 100644 --- a/chrome/patches/curl-impersonate.patch +++ b/chrome/patches/curl-impersonate.patch @@ -1181,7 +1181,7 @@ index 92c04e69c..84ece2a16 100644 } diff --git a/lib/http2.c b/lib/http2.c -index 99d7f3b0e..da160907e 100644 +index 99d7f3b0e..88419cfca 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -51,6 +51,7 @@ @@ -1201,7 +1201,7 @@ index 99d7f3b0e..da160907e 100644 /* on receiving from TLS, we prep for holding a full stream window */ #define H2_NW_RECV_CHUNKS (H2_STREAM_WINDOW_SIZE / H2_CHUNK_SIZE) /* on send into TLS, we just want to accumulate small frames */ -@@ -87,26 +88,87 @@ +@@ -87,26 +88,99 @@ * will block their received QUOTA in the connection window. And if we * run out of space, the server is blocked from sending us any data. * See #10988 for an issue with this. */ @@ -1237,13 +1237,10 @@ index 99d7f3b0e..da160907e 100644 - iv[1].settings_id = NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE; - iv[1].value = H2_STREAM_WINDOW_SIZE; + // printf("USING settings %s\n", http2_settings); - -- iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH; -- iv[2].value = data->multi->push_cb != NULL; ++ + char *tmp = strdup(http2_settings); + char *setting = strtok(tmp, delimiter); - -- return 3; ++ + // loop through the string to extract all other tokens + while(setting != NULL) { + // deal with each setting @@ -1279,18 +1276,33 @@ index 99d7f3b0e..da160907e 100644 + iv[i].value = atoi(setting + 2); + i++; + break; ++ // https://tools.ietf.org/html/rfc8441 ++ case '8': ++ iv[i].settings_id = NGHTTP2_SETTINGS_ENABLE_CONNECT_PROTOCOL; ++ iv[i].value = atoi(setting + 2); ++ i++; ++ break; ++ // https://tools.ietf.org/html/rfc9218 ++ case '9': ++ iv[i].settings_id = NGHTTP2_SETTINGS_NO_RFC7540_PRIORITIES; ++ iv[i].value = atoi(setting + 2); ++ i++; ++ break; + } + setting = strtok(NULL, delimiter); + } + free(tmp); -+ + +- iv[2].settings_id = NGHTTP2_SETTINGS_ENABLE_PUSH; +- iv[2].value = data->multi->push_cb != NULL; + // curl-impersonate: + // Up until Chrome 98, there was a randomly chosen setting number in the + // HTTP2 SETTINGS frame. This might be something similar to TLS GREASE. + // However, it seems to have been removed since. + // Curl_rand(data, (unsigned char *)&iv[4].settings_id, sizeof(iv[4].settings_id)); + // Curl_rand(data, (unsigned char *)&iv[4].value, sizeof(iv[4].value)); -+ + +- return 3; + return i; } @@ -1298,7 +1310,7 @@ index 99d7f3b0e..da160907e 100644 static ssize_t populate_binsettings(uint8_t *binsettings, struct Curl_easy *data) { -@@ -165,6 +227,75 @@ static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) +@@ -165,6 +239,75 @@ static void cf_h2_ctx_free(struct cf_h2_ctx *ctx) } } @@ -1374,7 +1386,7 @@ index 99d7f3b0e..da160907e 100644 static CURLcode h2_progress_egress(struct Curl_cfilter *cf, struct Curl_easy *data); -@@ -491,8 +622,22 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, +@@ -491,8 +634,22 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, } } @@ -1399,7 +1411,7 @@ index 99d7f3b0e..da160907e 100644 if(rc) { failf(data, "nghttp2_session_set_local_window_size() failed: %s(%d)", nghttp2_strerror(rc), rc); -@@ -500,6 +645,16 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, +@@ -500,6 +657,16 @@ static CURLcode cf_h2_ctx_init(struct Curl_cfilter *cf, goto out; } @@ -1416,7 +1428,7 @@ index 99d7f3b0e..da160907e 100644 /* all set, traffic will be send on connect */ result = CURLE_OK; CURL_TRC_CF(data, cf, "[0] created h2 session%s", -@@ -1716,11 +1871,19 @@ out: +@@ -1716,11 +1883,19 @@ out: return rv; } @@ -1437,7 +1449,7 @@ index 99d7f3b0e..da160907e 100644 } static int sweight_in_effect(const struct Curl_easy *data) -@@ -1736,12 +1899,23 @@ static int sweight_in_effect(const struct Curl_easy *data) +@@ -1736,12 +1911,23 @@ static int sweight_in_effect(const struct Curl_easy *data) * struct. */ @@ -1461,7 +1473,7 @@ index 99d7f3b0e..da160907e 100644 nghttp2_priority_spec_init(pri_spec, depstream_id, sweight_wanted(data), data->set.priority.exclusive); -@@ -1761,20 +1935,24 @@ static CURLcode h2_progress_egress(struct Curl_cfilter *cf, +@@ -1761,20 +1947,24 @@ static CURLcode h2_progress_egress(struct Curl_cfilter *cf, struct h2_stream_ctx *stream = H2_STREAM_CTX(data); int rv = 0; @@ -1510,10 +1522,10 @@ index 80e183480..8ee390b7e 100644 * Store nghttp2 version info in this buffer. diff --git a/lib/impersonate.c b/lib/impersonate.c new file mode 100644 -index 000000000..b18b3a7b5 +index 000000000..3054870de --- /dev/null +++ b/lib/impersonate.c -@@ -0,0 +1,1007 @@ +@@ -0,0 +1,1127 @@ +#include "curl_setup.h" + +#include @@ -2357,6 +2369,66 @@ index 000000000..b18b3a7b5 + .tls_grease = true + }, + { ++ .target = "safari18_0_ios", ++ .httpversion = CURL_HTTP_VERSION_2_0, ++ .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT, ++ .ciphers = ++ "TLS_AES_128_GCM_SHA256," ++ "TLS_AES_256_GCM_SHA384," ++ "TLS_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," ++ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," ++ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," ++ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," ++ "TLS_RSA_WITH_AES_256_GCM_SHA384," ++ "TLS_RSA_WITH_AES_128_GCM_SHA256," ++ "TLS_RSA_WITH_AES_256_CBC_SHA," ++ "TLS_RSA_WITH_AES_128_CBC_SHA," ++ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," ++ "TLS_RSA_WITH_3DES_EDE_CBC_SHA", ++ .curves = "X25519:P-256:P-384:P-521", ++ .sig_hash_algs = ++ "ecdsa_secp256r1_sha256," ++ "rsa_pss_rsae_sha256," ++ "rsa_pkcs1_sha256," ++ "ecdsa_secp384r1_sha384," ++ "rsa_pss_rsae_sha384," ++ "rsa_pss_rsae_sha384," ++ "rsa_pkcs1_sha384," ++ "rsa_pss_rsae_sha512," ++ "rsa_pkcs1_sha512," ++ "rsa_pkcs1_sha1", ++ .npn = false, ++ .alpn = true, ++ .alps = false, ++ .tls_session_ticket = false, ++ .cert_compression = "zlib", ++ .http_headers = { ++ "sec-fetch-dest: document", ++ "user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1", ++ "accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", ++ "sec-fetch-site: none", ++ "sec-fetch-mode: navigate", ++ "accept-language: en-US,en;q=0.9", ++ "priority: u=0, i", ++ "accept-encoding: gzip, deflate, br" ++ }, ++ .http2_settings = "2:0;3:100;4:2097152;8:1;9:1", ++ .http2_window_update = 10420225, ++ .http2_pseudo_headers_order = "msap", ++ .http2_stream_weight = 256, ++ .http2_stream_exclusive = 0, ++ .tls_extension_order = NULL, ++ .tls_grease = true ++ }, ++ { + .target = "safari17_0", + .httpversion = CURL_HTTP_VERSION_2_0, + .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT, @@ -2417,6 +2489,66 @@ index 000000000..b18b3a7b5 + .tls_grease = true + }, + { ++ .target = "safari18_0", ++ .httpversion = CURL_HTTP_VERSION_2_0, ++ .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT, ++ .ciphers = ++ "TLS_AES_128_GCM_SHA256," ++ "TLS_AES_256_GCM_SHA384," ++ "TLS_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384," ++ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384," ++ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256," ++ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256," ++ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," ++ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," ++ "TLS_RSA_WITH_AES_256_GCM_SHA384," ++ "TLS_RSA_WITH_AES_128_GCM_SHA256," ++ "TLS_RSA_WITH_AES_256_CBC_SHA," ++ "TLS_RSA_WITH_AES_128_CBC_SHA," ++ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," ++ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," ++ "TLS_RSA_WITH_3DES_EDE_CBC_SHA", ++ .curves = "X25519:P-256:P-384:P-521", ++ .sig_hash_algs = ++ "ecdsa_secp256r1_sha256," ++ "rsa_pss_rsae_sha256," ++ "rsa_pkcs1_sha256," ++ "ecdsa_secp384r1_sha384," ++ "rsa_pss_rsae_sha384," ++ "rsa_pss_rsae_sha384," ++ "rsa_pkcs1_sha384," ++ "rsa_pss_rsae_sha512," ++ "rsa_pkcs1_sha512," ++ "rsa_pkcs1_sha1", ++ .npn = false, ++ .alpn = true, ++ .alps = false, ++ .tls_session_ticket = false, ++ .cert_compression = "zlib", ++ .http_headers = { ++ "sec-fetch-dest: document", ++ "user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15", ++ "accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", ++ "sec-fetch-site: none", ++ "sec-fetch-mode: navigate", ++ "accept-language: en-US,en;q=0.9", ++ "priority: u=0, i", ++ "accept-encoding: gzip, deflate, br" ++ }, ++ .http2_settings = "2:0;3:100;4:2097152;8:1;9:1", ++ .http2_window_update = 10420225, ++ .http2_pseudo_headers_order = "msap", ++ .http2_stream_weight = 256, ++ .http2_stream_exclusive = 0, ++ .tls_extension_order = NULL, ++ .tls_grease = true ++ }, ++ { + .target = "okhttp4", /* not working */ + .httpversion = CURL_HTTP_VERSION_2_0, + .ssl_version = CURL_SSLVERSION_TLSv1_0 | CURL_SSLVERSION_MAX_DEFAULT, diff --git a/docker/alpine.dockerfile b/docker/alpine.dockerfile index c3b17126..08d74713 100644 --- a/docker/alpine.dockerfile +++ b/docker/alpine.dockerfile @@ -55,8 +55,8 @@ RUN mkdir boringssl/build/lib && \ ln -s ../ssl/libssl.a boringssl/build/lib/libssl.a && \ cp -R boringssl/include boringssl/build -ARG NGHTTP2_VERSION=nghttp2-1.61.0 -ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.61.0/nghttp2-1.61.0.tar.bz2 +ARG NGHTTP2_VERSION=nghttp2-1.63.0 +ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 # Download nghttp2 for HTTP/2.0 support. RUN curl -o ${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} diff --git a/docker/debian.dockerfile b/docker/debian.dockerfile index 260ed308..e7f599ef 100644 --- a/docker/debian.dockerfile +++ b/docker/debian.dockerfile @@ -61,8 +61,8 @@ RUN mkdir boringssl/build/lib && \ ln -s ../ssl/libssl.a boringssl/build/lib/libssl.a && \ cp -R boringssl/include boringssl/build -ARG NGHTTP2_VERSION=nghttp2-1.61.0 -ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.61.0/nghttp2-1.61.0.tar.bz2 +ARG NGHTTP2_VERSION=nghttp2-1.63.0 +ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 # Download nghttp2 for HTTP/2.0 support. RUN curl -o ${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} diff --git a/docker/dockerfile.mustache b/docker/dockerfile.mustache index f9ea67c3..2f67dfed 100644 --- a/docker/dockerfile.mustache +++ b/docker/dockerfile.mustache @@ -86,8 +86,8 @@ RUN mkdir boringssl/build/lib && \ ln -s ../ssl/libssl.a boringssl/build/lib/libssl.a && \ cp -R boringssl/include boringssl/build -ARG NGHTTP2_VERSION=nghttp2-1.61.0 -ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.61.0/nghttp2-1.61.0.tar.bz2 +ARG NGHTTP2_VERSION=nghttp2-1.63.0 +ARG NGHTTP2_URL=https://github.com/nghttp2/nghttp2/releases/download/v1.63.0/nghttp2-1.63.0.tar.bz2 # Download nghttp2 for HTTP/2.0 support. RUN curl -o ${NGHTTP2_VERSION}.tar.bz2 -L ${NGHTTP2_URL} diff --git a/tests/signatures/safari_18.0_iOS.yaml b/tests/signatures/safari_18.0_iOS.yaml new file mode 100644 index 00000000..af605179 --- /dev/null +++ b/tests/signatures/safari_18.0_iOS.yaml @@ -0,0 +1,145 @@ +browser: + name: safari + os: iOS + version: 18.0 +signature: + http2: + frames: + - frame_type: SETTINGS + settings: + - key: 2 + value: 0 + - key: 3 + value: 100 + - key: 4 + value: 2097152 + - key: 8 + value: 1 + - key: 9 + value: 1 + stream_id: 0 + - frame_type: WINDOW_UPDATE + stream_id: 0 + window_size_increment: 10420225 + - frame_type: HEADERS + headers: + - "sec-fetch-dest: document" + - "user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" + - "accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" + - "sec-fetch-site: none" + - "sec-fetch-mode: navigate" + - "accept-language: en-US,en;q=0.9" + - "priority: u=0, i" + - "accept-encoding: gzip, deflate, br" + pseudo_headers: + - :method + - :scheme + - :authority + - :path + stream_id: 1 + tls_client_hello: + ciphersuites: + - GREASE + - 4865 + - 4866 + - 4867 + - 49196 + - 49195 + - 52393 + - 49200 + - 49199 + - 52392 + - 49162 + - 49161 + - 49172 + - 49171 + - 157 + - 156 + - 53 + - 47 + - 49160 + - 49170 + - 10 + comp_methods: + - 0 + extensions: + - length: 0 + type: GREASE + - type: server_name + - length: 0 + type: extended_master_secret + - length: 1 + type: renegotiation_info + - length: 12 + supported_groups: + - GREASE + - 29 + - 23 + - 24 + - 25 + type: supported_groups + - ec_point_formats: + - 0 + length: 2 + type: ec_point_formats + - alpn_list: + - h2 + - http/1.1 + length: 14 + type: application_layer_protocol_negotiation + - length: 5 + status_request_type: 1 + type: status_request + - length: 22 + sig_hash_algs: + - 1027 + - 2052 + - 1025 + - 1283 + - 2053 + - 2053 + - 1281 + - 2054 + - 1537 + - 513 + type: signature_algorithms + - length: 0 + type: signed_certificate_timestamp + - key_shares: + - group: GREASE + length: 1 + - group: 29 + length: 32 + length: 43 + type: keyshare + - length: 2 + psk_ke_mode: 1 + type: psk_key_exchange_modes + - length: 11 + supported_versions: + - GREASE + - TLS_VERSION_1_3 + - TLS_VERSION_1_2 + - TLS_VERSION_1_1 + - TLS_VERSION_1_0 + type: supported_versions + - algorithms: + - 1 + length: 3 + type: compress_certificate + - data: !!binary | + AA== + length: 1 + type: GREASE + - type: padding + handshake_version: TLS_VERSION_1_2 + record_version: TLS_VERSION_1_0 + session_id_length: 32 +third_party: + akamai_hash: d4a2dcbfde511b5040ed5a5190a8d78b + akamai_text: 2:0;3:100;4:2097152;8:1;9:1|10420225|0|m,s,a,p + ja3_hash: 773906b0efdefa24a7f2b8eb6985bf37 + ja3_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-23-65281-10-11-16-5-13-18-51-45-43-27-21,29-23-24-25,0 + ja3n_hash: 44f7ed5185d22c92b96da72dbe68d307 + ja3n_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-5-10-11-13-16-18-21-23-27-43-45-51-65281,29-23-24-25,0 + user_agent: Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1 diff --git a/tests/signatures/safari_18.0_macOS.yaml b/tests/signatures/safari_18.0_macOS.yaml new file mode 100644 index 00000000..34c224d5 --- /dev/null +++ b/tests/signatures/safari_18.0_macOS.yaml @@ -0,0 +1,148 @@ +browser: + name: safari + os: macOS + version: 18.0 +signature: + http2: + frames: + - frame_type: SETTINGS + settings: + - key: 2 + value: 0 + - key: 3 + value: 100 + - key: 4 + value: 2097152 + - key: 8 + value: 1 + - key: 9 + value: 1 + stream_id: 0 + - frame_type: WINDOW_UPDATE + stream_id: 0 + window_size_increment: 10420225 + - frame_type: SETTINGS + settings: [] + stream_id: 0 + - frame_type: HEADERS + headers: + - "sec-fetch-dest: document" + - "user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15" + - "accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" + - "sec-fetch-site: none" + - "sec-fetch-mode: navigate" + - "accept-language: en-US,en;q=0.9" + - "priority: u=0, i" + - "accept-encoding: gzip, deflate, br" + pseudo_headers: + - :method + - :scheme + - :authority + - :path + stream_id: 1 + tls_client_hello: + ciphersuites: + - GREASE + - 4865 + - 4866 + - 4867 + - 49196 + - 49195 + - 52393 + - 49200 + - 49199 + - 52392 + - 49162 + - 49161 + - 49172 + - 49171 + - 157 + - 156 + - 53 + - 47 + - 49160 + - 49170 + - 10 + comp_methods: + - 0 + extensions: + - length: 0 + type: GREASE + - type: server_name + - length: 0 + type: extended_master_secret + - length: 1 + type: renegotiation_info + - length: 12 + supported_groups: + - GREASE + - 29 + - 23 + - 24 + - 25 + type: supported_groups + - ec_point_formats: + - 0 + length: 2 + type: ec_point_formats + - alpn_list: + - h2 + - http/1.1 + length: 14 + type: application_layer_protocol_negotiation + - length: 5 + status_request_type: 1 + type: status_request + - length: 22 + sig_hash_algs: + - 1027 + - 2052 + - 1025 + - 1283 + - 2053 + - 2053 + - 1281 + - 2054 + - 1537 + - 513 + type: signature_algorithms + - length: 0 + type: signed_certificate_timestamp + - key_shares: + - group: GREASE + length: 1 + - group: 29 + length: 32 + length: 43 + type: keyshare + - length: 2 + psk_ke_mode: 1 + type: psk_key_exchange_modes + - length: 11 + supported_versions: + - GREASE + - TLS_VERSION_1_3 + - TLS_VERSION_1_2 + - TLS_VERSION_1_1 + - TLS_VERSION_1_0 + type: supported_versions + - algorithms: + - 1 + length: 3 + type: compress_certificate + - data: !!binary | + AA== + length: 1 + type: GREASE + - type: padding + handshake_version: TLS_VERSION_1_2 + record_version: TLS_VERSION_1_0 + session_id_length: 32 +third_party: + akamai_hash: d4a2dcbfde511b5040ed5a5190a8d78b + akamai_text: 2:0;3:100;4:2097152;8:1;9:1|10420225|0|m,s,a,p + ja3_hash: 773906b0efdefa24a7f2b8eb6985bf37 + ja3_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-23-65281-10-11-16-5-13-18-51-45-43-27-21,29-23-24-25,0 + ja3n_hash: 44f7ed5185d22c92b96da72dbe68d307 + ja3n_text: 771,4865-4866-4867-49196-49195-52393-49200-49199-52392-49162-49161-49172-49171-157-156-53-47-49160-49170-10,0-5-10-11-13-16-18-21-23-27-43-45-51-65281,29-23-24-25,0 + user_agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15 diff --git a/tests/targets.yaml b/tests/targets.yaml index 7085fb3c..b48ce37f 100644 --- a/tests/targets.yaml +++ b/tests/targets.yaml @@ -63,14 +63,14 @@ - null - null - safari_15.5_macos12.4 -- - curl_safari17_0 +- - curl_safari18_0 - null - null - - safari_17.0_macOS -- - curl_safari17_2_ios + - safari_18.0_macOS +- - curl_safari18_0_ios - null - null - - safari_17.2_iOS + - safari_18.0_iOS # - - curl_firefox120 # - null # - null @@ -151,6 +151,14 @@ - CURL_IMPERSONATE: safari17_2_ios - libcurl-impersonate-chrome - safari_17.2_iOS +- - minicurl + - CURL_IMPERSONATE: safari18_0 + - libcurl-impersonate-chrome + - safari_18.0_macOS +- - minicurl + - CURL_IMPERSONATE: safari18_0_ios + - libcurl-impersonate-chrome + - safari_18.0_iOS # - - minicurl # - CURL_IMPERSONATE: firefox120 # - libcurl-impersonate-chrome