一、查看TLS指纹的网站
二、网站防御方式及应对
-
非法指纹黑名单
-
应对策略:修改默认指纹(修改TLS hello包的值)
-
httpx示例:
import ssl
import random
import httpx
# create an ssl context
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS)
# create random CIPHERS
CIPHERS = ":".join(random.sample(
["ECDHE+AESGCM", "ECDHE+CHACHA20", "DHE+AESGCM", "DHE+CHACHA20", "ECDH+AESGCM", "DH+AESGCM", "ECDH+AES", "DH+AES",
"RSA+AESGCM", "RSA+AES", "!aNULL", "!eNULL", "!MD5", "!DSS"], random.randint(5, 10)))
# CIPHERS = 'ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:DH+CHACHA20:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+HIGH:DH+HIGH:RSA+AESGCM:RSA+AES:RSA+HIGH'
ssl_context.set_ciphers(CIPHERS)
r = httpx.get('https://tls.browserleaks.com/json', verify=ssl_context)
print(r.json())
-
合法指纹白名单
-
应对策略:使用curl_cffi库模拟浏览器
-
curl_cffi库
- 安装
- 仓库地址:https://github.com/yifeikong/curl_cffi
- 使用
from curl_cffi import requests
# 注意这个 impersonate 参数,指定了模拟哪个浏览器
r = requests.get("https://tls.browserleaks.com/json", impersonate="chrome101")
print(r.json())
- 目前支持模拟的浏览器版本:["edge99", "edge101", "chrome99", "chrome100", "chrome101", "chrome104", "chrome107", "chrome110", "chrome99_android", "safari15_3", "safari15_5"]
- 支持代理(同requests)
from curl_cffi import requests
# 使用代理
proxies={"http": "http://ip:port", "https": "http://ip:port"}
r = requests.get("https://tls.browserleaks.com/json", impersonate="chrome101", proxies = proxies)
print(r.json())
参考来源:https://yifei.me/note/2719
