HTTP/2 Antifingerprint
Allows to create ClientHttp2Session with passive fingerprint evasion by changing JA3, HTTP/2 options, header order and pseudo-header order.
Example
const http2antifingerprint = require("http2-antifingerprint"); // default import
const { http2antifingerprint } = require("http2-antifingerprint"); // particular import
(async () => {
const options = {
proxy: {
scheme: "http",
user: "user", // Is not mandatory
password: "password", // Is not mandatory
host: "example.com",
port: 80,
},
onSwitchingProtocols: (response) => console.log(response.statusCode), // Callback is fired on connection upgrade
};
const listener = () => {};
const client = await http2antifingerprint.connect(
"https://example.com",
listener,
options
); // Returns a Promise
client.on("error", (err) => console.error(err)); // Methods of node:http2 session are left intact
const request = client.request(
{
":method": "POST",
":authority": "example.com",
":scheme": "https",
":path": "/",
"user-agent": "node",
"accept-encoding": "gzip, deflate, br",
"accept-language": "en-US",
},
{}, // Client session request options from node:http2
{
reorderPseudoHeaders: true, // Headers starting with colon will be reordered
reorderHeaders: false, // All other headers that do not start with colon will not be reordered
preferChromeHeaderOrder: true, // The headers provided will maintain chrome header order that depend on the http method
}
);
// Further API is left intact
request.on("response", (headers) => {
for (const name in headers) {
console.log(`${name}: ${headers[name]}`);
}
});
request.setEncoding("utf8");
let data = "";
request.on("data", (chunk) => {
data += chunk;
});
request.on("end", () => {
console.log(`\n${data}`);
client.close();
});
request.end();
})();API
Creating a HTTP/2 session
await http2antifingerprint.connect([authority], [listener], [options])
Returns a Promise<ClientHttp2Session>.
-
[authority]- the remote HTTP/2 server to connect to. This must be in the form of a minimal, valid URL with the http:// or https:// prefix, host name, and IP port (if a non-default port is used). Userinfo (user ID and password), path, querystring, and fragment details in the URL will be ignored. -
[listener]- will be registered as a one-time listener of the 'connect' event. Not mandatory. -
[options]- not a mandatory argument.
[options] can have proxy object consisting of scheme, host and port and may contain user or password properties.
[options] can have onSwitchingProtocols callback that is getting called with the http.IncomingMessage argument. Since 1.1.4 supports any http2 option, such as createConnection.
Can have tlsConnectOverrides that override the existing default TLS values. Might be useful for encryption setting override or for custom ALPN protocols:
const options = {
tlsConnectOverrides: {
ALPNProtocols: ["h2", "http/1.1", "spdy/3.1"],
},
};
const client = await http2antifingerprint.connect(
"https://example.com",
listener,
options
);banOriginalHeaderOrder - allows to never send the original order given in request options
banOriginalPseudoHeaderOrder - allows to never send the original pseudo-header order given in request options
ca - specify .pem certificate
seed - allows to set up http2 window values depending on numeric value. History acquired using _http2antifingerprint.seedHistory
isRequestDependsOnSeed - should _http2antifingerprint.seedHistory generate entry and update http2 window settings on every new request from the same session. Defaults to false
Creating a request
const request = client.request([headers], [client session options], [header options]);
-
[headers]- an object that contains key-value pairs of pseudo-headers and headers. -
[client session options]- the same semantics as innode:http2built-in package. Can be an empty object. -
[header options]- not a mandatory argument that can havereorderPseudoHeadersandreorderHeadersboolean properties. Both aretrueby default.
Fallbacks to parent's client session options if [header options] are not specified.
Can have preferChromeHeaderOrder property that cannot be used with reorderPseudoHeaders or with reorderHeaders properties.
In such case, header ordering will be chrome, because many sites reject non-chrome header orders or detect bots with it. Defaults to false
-
reorderPseudoHeadersdefaults totrue -
reorderHeadersdefaults totrue
Can have strictMode boolean property. If specified, the client.request method call without second and third arguments will reject with error.
false by default.
negotiationSpoof allows to spoof tls's secureProtocol and sigals list during client hello stage, if set to true. Defaults to false.
curveSpoof allows to spoof the elliptic curves. Defaults to tls.DEFAULT_ECDH_CURVE.
spoofSecureOptions allows to imitate various OpenSSL implementations to execute during hello stage. Defaults to false.
Notice: if preferChromeHeaderOrder is true, it is not required to set reorderPseudoHeaders and reorderHeaders properties to false as they will default to false.
legacyTlsSpoof allows to imitate under TLSv.1.2 versions. Servers often reject such versions including the node.js http2 server
forceTlsV1 - use only TLSv1 if true. Requires legacyTlsSpoof to be true
forceTlsV1dot1 - use only TLSv1.1 if true. Requires legacyTlsSpoof to be true
forceTlsV1dot2 - use only TLSv1.2 if true. Requires legacyTlsSpoof to be true
tls - prefer any TLS version if above options won't work. Overrides forceTls... options
Test
npm test