Skip to content

Bunch of new fingerprints#399

Closed
ghost wants to merge 5 commits into
masterfrom
unknown repository
Closed

Bunch of new fingerprints#399
ghost wants to merge 5 commits into
masterfrom
unknown repository

Conversation

@ghost

@ghost ghost commented Jun 7, 2026

Copy link
Copy Markdown

A bunch of updated fingerprints: Chrome #397, Firefox #391, Android #392, Edge (but in more proper and polished form then these PRs; 391 is wrong a little bit, for example), everything tested in wireshark

@ghost ghost force-pushed the master branch from 6f9a79e to d3b3f09 Compare June 7, 2026 15:16
@SaamoCha

SaamoCha commented Jun 7, 2026

Copy link
Copy Markdown

Thanks for putting this together. I ran an independent review with Parroteer, an experimental tool I built for capturing real browser/Android TLS fingerprints, comparing them against existing uTLS parrots/baselines, and replay-verifying generated specs.

Parroteer can also run in GitHub Actions: it captures up-to-date fingerprints, compares them with the existing fingerprints, and can automatically report detected drift. It is still early, but I hope it can be useful for a future fingerprint auto-update/reporting pipeline. Feedback, usage, and discussion are very welcome.

Target Verification result
Chrome trust_anchors support is real, and HelloChrome_141 matches Chrome when TLSTrustAnchorIDs is enabled. However, my local Chrome 149.0.7827.53 default/headless capture did not send trust_anchors and still matched current HelloChrome_133 / HelloChrome_Auto. ML-DSA (0904, 0905, 0906) also looks experimental/non-default in my capture, so HelloChrome_144 seems useful as a selectable profile, but I am less sure it should be Auto.
Firefox Confirmed. Real Firefox Stable 151.0.3 matches the updated PR shape: JA3N 8099457c290ccfe8c6d958826c26b023, JA4 t13d1617h2_86a278354501_3cbfd9057e0d. Current upstream differs by keeping cipher 49161 and missing extensions 35 / 45.
Android Confirmed. A real GitHub Actions Android API 36 emulator with OkHttp 5.3.0 matches HelloAndroid_16_OkHttp: JA3N ab22845823d9af0946cb87050d0a5679, JA4 t13d1513h2_8daaf6152771_eca864cca44a. Current HelloAndroid_11_OkHttp is clearly stale.

Android verification run: https://github.com/SaamoCha/parroteer/actions/runs/27101201876

So my read is: Firefox and Android updates are strongly supported by the captures. For Chrome, the new Trust Anchor / ML-DSA profiles are useful, but the Auto choice may need a bit more care because the observed default behavior can vary by feature/field-trial state.

@ghost

ghost commented Jun 8, 2026

Copy link
Copy Markdown
Author

Ok, I think I should keep chrome auto on older version, because these additions are experimental

@ghost ghost mentioned this pull request Jun 8, 2026
Closed
@ghost ghost closed this by deleting the head repository Jun 8, 2026
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SaamoCha