标准的TLS/AKamai绕过
ja3算法:
tls设备指纹测试:
https://tls.browserleaks.com/json
akm指纹
tls网站
取id后访问id得到随机ua头
https://client.tlsfingerprint.io/
https://tlsfingerprint.io/id/546da870f29a7313
使用第三方库绕过:curl_cffi , pyhttpx , pycurl
伪造设备指纹:urllib ssl
2.0
目标网站:JTIyaHR0cHMlM0EvL3d3dy5rb3JlYW5haXIuY29tLyUyMg==
找到 用xhr下断
第一段指纹还原
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36,uaend,12147,20030107,zh-CN,Gecko,5,0,0,0,420240,0,1536,824,1536,864,334,738,1536,,cpen:0,i1:0,dm:0,cwen:0,non:1,opc:0,fc:0,sc:0,wrc:1,isc:0,vib:1,bat:1,x11:0,x12:1,8101,0.441483404220,853982169960,0,0,loc:'
IZ4 浏览器各种信息
特征:.apply(undefined
fm(sx,[hn,kh,ref]),浏览器签名
nf[ff.vk.apply(null, [qv, Jc, UV, kS])].bmak[ff.FB.apply(null, [cR, WR, Qc, NEf, Zl])] 时间搓除以2
nf[ff.Jk.call(null, DP, Rl, OX)][ff.Ck.call(null, rR, kX, wV)]() 随机数
补一个ua,设置一个插件数量为5
RSV80pt.parseHTML=true; //v8编译
document.documentElement.innerHTML ='网页源码'
RSV80pt.userAgent = 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36'
location.href='https://www.koreanair.com/'
(function () {
let old_plugig =navigator.plugins;
Object.defineProperty(navigator, 'plugins', {
get: function () {
return new Proxy(old_plugig,{
get:(target,key) =>{
let value =Reflect.get(target,key);
if (key=='length') return 5;
if(value instanceof Function){
value =value.bind(target);
}
return value;
}
});
},
});
})();
Object.defineProperty(window.speechSynthesis, 'speechSynthesis', {
set: function (val) {
this._tmp= val ;
},
get: function () {
return this._tmp;
}
});
navigator.plugins.length
第二段指纹还原
找到这个位置
两次在单步跟下去
跟到PN出现参数
'1,32,32,0,40102,0,40102,1386556,0,1707983760381,37,18271,0,0,3045,0,0,1443693,40102,0,4A9BC1C092A34FB6799FF02AC86144EF~0~YAAQJWl7dkSirFWNAQAATJSyqwsPOedkohNevoDB8MlRrzZMkfyVk+n+OaJTbRFXArT7dzu0QCJIGU1RkMXaDSHXwhH6P9dZNMgqY3xHQFvdcsVu0W43SCNybVy81zcloRScedlm+l2wpgzypb6W+Edy4yal6FaDONNg0875cgcM93f4rRAuZq7x65yLSOp9U6Vusy6zLwkBOCVt3mmWAcODKmA0oAerVhRjdgYxvKpKfvDYeOlzISwS0tZC5h2WxgvZdLwmMcgAeiuLSc4fkrosGkdCBM1YKJMCq7S4IC/mx6KWm9DoaOPIttzOGLXU+QLeOt6y0aRtF7IGVQ5hN308V+fKpSmkWM/yMLn13XqN+dDB5LwUkBAU5BxeSaXpNeng+W+SZwfY8EjlhsxL5zeDE2xL6BsSA8pk~-1~-1~-1,39192,547,1352306631,30261693,PiZtE,38507,85,0,0,0,,,7ba16ebac4ea29695c113a7c1022516c78ab68fb525e14c51470c89f7d817c8a,225'
https://www.saksfifthavenue.com
1.数据第一条amk链接通过。
简单风控:UA,插件信息
中级风控:font字体指纹,显卡指纹,canvas指纹,权限指纹,权限列表白名单
高级风控:开发者工具,鼠标轨迹
特殊风控:http2指纹
linux tls 项目 GitHub - lwthiker/curl-impersonate: curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
项目地址
GitHub - Danny-Dasilva/Ja3-Http2