||4 days ago|
|.github/workflows||3 weeks ago|
|chrome||4 days ago|
|firefox||4 days ago|
|tests||1 month ago|
|Dockerfile.template||4 days ago|
|INSTALL.md||4 weeks ago|
|LICENSE||4 months ago|
|Makefile.in||4 weeks ago|
|README.md||4 days ago|
|browsers.json||4 days ago|
|configure.ac||1 month ago|
|generate_dockerfiles.sh||4 months ago|
A special compilation of curl that makes it impersonate real browsers. It can impersonate the four major browsers: Chrome, Edge, Safari & Firefox. This curl binary is able to perform a TLS handshake that is identical to that of a real browser.
When you use an HTTP client with a TLS website, it first performs a TLS handshake. The first message of that handshake is called Client Hello. The Client Hello message that curl produces differs drastically from that of a real browser. Compare the following Wireshark capture. Left is a regular curl, right is Firefox.
Some web services therefore use the TLS handshake to fingerprint which HTTP client is accessing them. Notably, some bot protection platforms use this to identify curl and block it. With the modified curl in this repository, the Client Hello message looks exactly like that of a real browser. This tricks TLS fingerprinters to think that it is a real browser that is accessing them.
The modifications that were needed to make this work:
- Compiling curl with nss, the TLS library that Firefox uses, instead of OpenSSL. For the Chrome version, compiling with BoringSSL.
- Modifying the way curl configures various TLS extensions and SSL options.
- Adding support for new TLS extensions.
- Running curl with some non-default flags, for example
The resulting curl looks, from a network perspective, identical to a real browser. Compare: (left is
curl-impersonate, right is Firefox):
The following browsers can be impersonated.
|Browser||Version||Build||OS||Target name||Wrapper script|
|91 ESR||91.6.0esr||Windows 10||
|15.3||166220.127.116.11.8||MacOS Big Sur||
This list is also available in the browsers.json file.
For each supported browser there is a wrapper script that launches
curl-impersonate with all the needed headers and flags. For example:
You can add command line flags and they will be passed on to curl. However, some flags change curl's TLS signature which may cause it to be detected.
See Advanced usage for more options.
There are two versions of
curl-impersonate for technical reasons. The chrome version is used to impersonate Chrome, Edge and Safari. The firefox version is used to impersonate Firefox.
Pre-compiled binaries for Linux and macOS (Intel) are available at the GitHub releases page. Before you use them you need to install nss (Firefox's TLS library):
- Ubuntu -
sudo apt install libnss3
- Red Hat/Fedora/CentOS -
yum install nss nss-pem
- macOS -
brew install nss
The pre-compiled binaries contain libcurl-impersonate and a statically compiled curl-impersonate for ease of use.
Building from source
Docker images based on Alpine Linux with
curl-impersonate compiled and ready to use are available on Docker Hub. The images contain the binary and all the wrapper scripts. Use like the following:
# Firefox version docker pull lwthiker/curl-impersonate:0.5-ff docker run --rm lwthiker/curl-impersonate:0.5-ff curl_ff100 https://www.wikipedia.org # Chrome version docker pull lwthiker/curl-impersonate:0.5-chrome docker run --rm lwthiker/curl-impersonate:0.5-chrome curl_chrome101 https://www.wikipedia.org
libcurl-impersonate.so is libcurl compiled with the same changes as the command line
It has an additional API function:
CURLcode curl_easy_impersonate(struct Curl_easy *data, const char *target);
You can call it with the target names, e.g.
chrome101, and it will internally set all the options and headers that are otherwise set by the wrapper scripts. Specifically it sets:
CURLOPT_HTTP2_PSEUDO_HEADERS_ORDER(non-standard HTTP options created for this project).
CURLOPT_SSL_ENABLE_TICKET(non-standard TLS options created for this project).
Note that if you call
curl_easy_setopt() later with one of the above it will override the options set by
Using CURL_IMPERSONATE env var
Experimental: If your application uses
libcurl already, you can replace the existing library at runtime with
LD_PRELOAD (Linux only). You can then set the
CURL_IMPERSONATE env var. For example:
LD_PRELOAD=/path/to/libcurl-impersonate.so CURL_IMPERSONATE=chrome101 my_app
CURL_IMPERSONATE env var has two effects:
curl_easy_impersonate()is called automatically for any new curl handle created by
curl_easy_impersonate()is called automatically after any
This means that all the options needed for impersonation will be automatically set for any curl handle.
Note that the above will NOT WORK for
curl itself because the curl tool overrides the TLS settings. Use the wrapper scripts instead.
This repository contains two main folders:
- chrome - Scripts and patches for building the Chrome version of
- firefox - Scripts and patches for building the Firefox version of
The layout is similar for both. For example, the Firefox directory contains:
- Dockerfile - Used to build
curl-impersonatewith all dependencies.
- curl_ff91esr, curl_ff95, curl_ff98 - Wrapper scripts that launch
curl-impersonatewith the correct flags.
- curl-impersonate.patch - The main patch that makes curl use the same TLS extensions as Firefox. Also makes curl compile statically with libnghttp2 and libnss.
Other files of interest:
- tests/signatures.yaml - YAML database of known browser signatures that can be impersonated.
If you'd like to help, please check out the open issues. You can open a pull request with your changes.
This repository contains the build process for
curl-impersonate. The actual patches to
curl are maintained in a separate repository forked from the upstream curl. The changes are maintained in the impersonate-firefox and impersonate-chrome branches.