Pages: 1

#1 Yesterday 02:25:42

keinn
Member
Registered: 2014-10-20
Posts: 114

httpclient about tls ja3 fingerprint

Nowadays, many websites employ security risk control mechanisms such as Cloudflare, Akamai, and others. One of these techniques involves detecting TLS fingerprints. The general approach includes verifying elements like TLS ciphers and User-Agent headers. For detailed information, see: https://edgewatch.com/blog/ja3-fingerprinting/.

This poses a challenge for the Delphi ecosystem, as there are currently no HTTP client libraries in Delphi capable of accessing such protected sites—including our own mORMot framework.

In contrast, Python offers many solutions. Among the best are:
- https://github.com/lexiforest/curl-impersonate
- https://github.com/lexiforest/curl_cffi

These tools modify the TLS configuration of requests to 100% emulate real browsers, thereby passing security checks.

To test this behavior, you can compare the responses when accessing `https://tls.browserleaks.com/json` using different clients such as a real browser, Delphi's `NetHTTPClient`, and the `mORMot` HTTP client. If the returned JSON contains non-empty values for the `akamai_hash` and `akamai_text` fields, it indicates that the request successfully bypassed detection.

Sometimes, using an HTTP client may result in strange connection resets or failures to access certain websites, and this issue could very likely be caused by the aforementioned TLS fingerprint detection mechanisms.

for study , with deepwiki AI helper , we can learn the curl_cffi repo : https://deepwiki.com/lexiforest/curl_cffi

Last edited by keinn (Yesterday 02:31:38)

Offline

#2 Yesterday 06:09:41

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 15,026
Website

Re: httpclient about tls ja3 fingerprint

Interesting reading. Thanks.

Sadly I don't see the relevance of this "niche" feature.
Such FingerPrinting is not a good security feature, because it could be easily faked/emulated with the python tools you referred to.
Mutual TLS authentication is a safer - and standard approach.

Trying to tweak the TLS fingerprint to remedy client "strange connection resets or failures" seems not a good idea to me.

I still want to write a TLS 1.3 layer in mORMot in the future. Maybe I could add JA3 to its featureset, eventually.

Note: a more comprehensive reference about TLS fingerprinting may be https://lwthiker.com/networks/2022/06/1 … nting.html

Offline

Pages: 1

Board footer

Powered by FluxBB