Python突破浏览器TLS/JA3 指纹

初识指纹遇到一个网站,忽然发现无论如何如何更换UA和代理请求都是403，curl_cffi 可模拟真实浏览器的 TLS | JA3 指纹。

查看 tls 指纹的网站：

https://tls.browserleaks.com/json

不同网站的生成的指纹可能有差异，但是多次访问同一个网站生成的指纹是稳定的，而且能区分开

Python requests库请求一个带JA3指纹网站的结果：

import requestsheaders = {'authority': 'tls.browserleaks.com','accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7','accept-language': 'zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7,da;q=0.6','cache-control': 'no-cache','pragma': 'no-cache','sec-ch-ua': '"Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"','sec-ch-ua-mobile': '?0','sec-ch-ua-platform': '"Windows"','sec-fetch-dest': 'document','sec-fetch-mode': 'navigate','sec-fetch-site': 'cross-site','sec-fetch-user': '?1','upgrade-insecure-requests': '1','user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36',
}response = requests.get('https://tls.browserleaks.com/json', headers=headers)
print(response.json())

可以看到，akamai_hash和akamai_text都是空的。

使用Python的curl_cffi库，主打的就是模拟各种指纹

pip install curl_cffi

支持的模拟版本，由curl-impersonate支持

edge99 = "edge99"
edge101 = "edge101"
chrome99 = "chrome99"
chrome100 = "chrome100"
chrome101 = "chrome101"
chrome104 = "chrome104"
chrome107 = "chrome107"chrome110 = "chrome110"chrome116 = "chrome116"
chrome99_android = "chrome99_android"
safari15_3 = "safari15_3"
safari15_5 = "safari15_5"
edge101 = "edge101"
ff102 = "ff102"

impersonate

from curl_cffi import requests
headers = {'authority': 'tls.browserleaks.com','accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7','accept-language': 'zh-CN,zh;q=0.9,en;q=0.8,zh-TW;q=0.7,da;q=0.6','cache-control': 'no-cache','pragma': 'no-cache','sec-ch-ua': '"Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"','sec-ch-ua-mobile': '?0','sec-ch-ua-platform': '"Windows"','sec-fetch-dest': 'document','sec-fetch-mode': 'navigate','sec-fetch-site': 'cross-site','sec-fetch-user': '?1','upgrade-insecure-requests': '1','user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36',
}response = requests.get('https://tls.browserleaks.com/json', headers=headers, impersonate="chrome110")
print(response.text)

这里需要通过from curl_cffi import requests引入requests，并在get方法里加入impersonate="chrome110"。

可以看到，akamai_hash和akamai_text都有值了。

参考

https://tls.browserleaks.com/json
https://github.com/salesforce/ja3
https://github.com/yifeikong/curl_cffi
https://github.com/lwthiker/curl-impersonate

来源： https://www.xxspvip.cn/xianqing/detail/3