> Does cURL have an easy-to-spot fingerprint outside of its headers? If it's a h... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		schroeding 6 months ago \| parent \| context \| favorite \| on: Tell HN: Cloudflare is blocking Pale Moon and othe... > Does cURL have an easy-to-spot fingerprint outside of its headers? If it's a https URL: Yes, the TLS handshake. There are curl builds[1] which try (and succeed) to imitate the TLS handshake (and settings for HTTP/2) of a normal browser, though. [1] https://github.com/lwthiker/curl-impersonate

bennyg 6 months ago [–]

To echo further, they may be leaning on something like the [ja4 fingerprint](https://www.google.com/url?sa=t&source=web&rct=j&opi=8997844...) (which you'd need to rebuild curl to emulate that chromium version to try and trick).

ghxst 6 months ago | [–]

Curl-impersonate does this https://github.com/lwthiker/curl-impersonate

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact