Add Tor 14.5

Author: perkfly

bin/curl_tor145

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+
+# Find the directory of this script
+dir=${0%/*}
+
+# The list of ciphers can be obtained by looking at the Client Hello message in
+# Wireshark, then converting it using the cipherlist array at
+"$dir/curl-impersonate" \
+    --ciphers "TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" \
+    --curves X25519:P-256:P-384:P-521:ffdhe2048:ffdhe3072 \
+    --signature-hashes ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384,ecdsa_secp521r1_sha512,rsa_pss_rsae_sha256,rsa_pss_rsae_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha256,rsa_pkcs1_sha384,rsa_pkcs1_sha512,ecdsa_sha1,rsa_pkcs1_sha1 \
+    -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0' \
+    -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
+    -H 'Accept-Language: en-US,en;q=0.5' \
+    -H 'Accept-Encoding: gzip, deflate, br, zstd' \
+    -H 'Upgrade-Insecure-Requests: 1' \
+    -H 'Sec-GPC: 1' \
+    -H 'Sec-Fetch-Dest: document' \
+    -H 'Sec-Fetch-Mode: navigate' \
+    -H 'Sec-Fetch-Site: none' \
+    -H 'Sec-Fetch-User: ?1' \
+    -H "Priority: u=0, i" \
+    -H 'TE: trailers' \
+    --http2 \
+    --http2-settings '1:65536;2:0;4:131072;5:16384' \
+    --http2-pseudo-headers-order 'mpas' \
+    --http2-window-update 12517377 \
+    --http2-stream-weight 42 \
+    --http2-stream-exclusive 0 \
+    --compressed \
+    --ech grease \
+    --tls-extension-order "0-23-65281-10-11-16-5-34-51-43-13-28-65037" \
+    --tls-delegated-credentials "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:ecdsa_sha1" \
+    --tls-record-size-limit 4001 \
+    --tls-key-shares-limit 3 \
+    --cert-compression zlib,brotli,zstd \
+    --tls-signed-cert-timestamps \
+    --tls-use-firefox-tls13-ciphers \
+    "$@"

patches/curl.patch

@@ -1514,10 +1514,10 @@ index 93cc2d44f..52e80ce9c 100644
   * Store nghttp2 version info in this buffer.
 diff --git a/lib/impersonate.c b/lib/impersonate.c
 new file mode 100644
-index 000000000..e2cb10a9a
+index 000000000..0ce4c3be5
 --- /dev/null
 +++ b/lib/impersonate.c
-@@ -0,0 +1,1434 @@
+@@ -0,0 +1,1502 @@
 +#include "curl_setup.h"
 +
 +#include <curl/curl.h>
@@ -2435,6 +2435,7 @@ index 000000000..e2cb10a9a
 +    .http2_settings = "1:65536;2:0;4:131072;5:16384",
 +    .http2_window_update = 12517377,
 +    .http2_pseudo_headers_order = "mpas",
++    .http2_stream_exclusive = 0,
 +    .cert_compression = "zlib,brotli,zstd",
 +    .ech = "grease",
 +    .tls_session_ticket = true,
@@ -2499,6 +2500,7 @@ index 000000000..e2cb10a9a
 +    .http2_settings = "1:65536;2:0;4:131072;5:16384",
 +    .http2_window_update = 12517377,
 +    .http2_pseudo_headers_order = "mpas",
++    .http2_stream_exclusive = 0,
 +    .cert_compression = "zlib,brotli,zstd",
 +    .ech = "grease",
 +    .tls_session_ticket = true,
@@ -2948,6 +2950,72 @@ index 000000000..e2cb10a9a
 +    .tls_use_new_alps_codepoint = false,
 +    .tls_signed_cert_timestamps = true,
 +    .tls_grease = true
++  },
++  {
++    .target = "tor145",  // tor 14.5, based on firefox 128
++    .alias = "tor145",
++    .httpversion = CURL_HTTP_VERSION_2_0,
++    .ssl_version = CURL_SSLVERSION_TLSv1_2 | CURL_SSLVERSION_MAX_DEFAULT,
++    .ciphers =
++      "TLS_AES_128_GCM_SHA256,"
++      "TLS_CHACHA20_POLY1305_SHA256,"
++      "TLS_AES_256_GCM_SHA384,"
++      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,"
++      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,"
++      "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,"
++      "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,"
++      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,"
++      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,"
++      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,"
++      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,"
++      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,"
++      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,"
++      "TLS_RSA_WITH_AES_128_GCM_SHA256,"
++      "TLS_RSA_WITH_AES_256_GCM_SHA384,"
++      "TLS_RSA_WITH_AES_128_CBC_SHA,"
++      "TLS_RSA_WITH_AES_256_CBC_SHA",
++    .http_headers = {
++      "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0",
++      "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
++      "Accept-Language: en-US,en;q=0.5",
++      "Accept-Encoding: gzip, deflate, br, zstd",
++      "Sec-GPC: 1",
++      "Upgrade-Insecure-Requests: 1",
++      "Sec-Fetch-Dest: document",
++      "Sec-Fetch-Mode: navigate",
++      "Sec-Fetch-Site: none",
++      "Sec-Fetch-User: ?1",
++      "Priority: u=0, i",
++      "Te: trailers"
++    },
++    .curves = "X25519:P-256:P-384:P-521:ffdhe2048:ffdhe3072",
++    .sig_hash_algs =
++      "ecdsa_secp256r1_sha256,"
++      "ecdsa_secp384r1_sha384,"
++      "ecdsa_secp521r1_sha512,"
++      "rsa_pss_rsae_sha256,"
++      "rsa_pss_rsae_sha384,"
++      "rsa_pss_rsae_sha512,"
++      "rsa_pkcs1_sha256,"
++      "rsa_pkcs1_sha384,"
++      "rsa_pkcs1_sha512,"
++      "ecdsa_sha1,"
++      "rsa_pkcs1_sha1",
++    .alpn = true,
++    .http2_settings = "1:65536;2:0;4:131072;5:16384",
++    .http2_window_update = 12517377,
++    .http2_pseudo_headers_order = "mpas",
++    .http2_stream_exclusive = 0,
++    .cert_compression = "zlib,brotli,zstd",
++    .ech = "grease",
++    .tls_session_ticket = true,
++    .tls_extension_order = "0-23-65281-10-11-16-5-34-51-43-13-28-65037",
++    .tls_delegated_credentials = "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:ecdsa_sha1",
++    .tls_record_size_limit = 4001,
++    .tls_grease = false,
++    .tls_signed_cert_timestamps = true,
++    .tls_key_shares_limit = 3,
++    .use_firefox_tls13_ciphers = true
 +  }
 +};
 +

tests/signatures/tor_14.5_macOS.yaml

@@ -0,0 +1,132 @@
+browser:
+  name: tor
+  os: macOS
+  version: 14.5
+signature:
+  http2:
+    frames:
+    - frame_type: SETTINGS
+      settings:
+      - key: 1
+        value: 65536
+      - key: 2
+        value: 0
+      - key: 4
+        value: 131072
+      - key: 5
+        value: 16384
+      stream_id: 0
+    - frame_type: WINDOW_UPDATE
+      stream_id: 0
+      window_size_increment: 12517377
+    - frame_type: HEADERS
+      headers:
+      - 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0'
+      - 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
+      - 'accept-language: en-US,en;q=0.5'
+      - 'accept-encoding: gzip, deflate, br, zstd'
+      - 'upgrade-insecure-requests: 1'
+      - 'sec-gpc: 1'
+      - 'sec-fetch-dest: document'
+      - 'sec-fetch-mode: navigate'
+      - 'sec-fetch-site: none'
+      - 'sec-fetch-user: ?1'
+      - 'priority: u=0, i'
+      - 'te: trailers'
+      pseudo_headers:
+      - :method
+      - :path
+      - :authority
+      - :scheme
+      stream_id: 15
+  tls_client_hello:
+    ciphersuites:
+    - 4865
+    - 4867
+    - 4866
+    - 49195
+    - 49199
+    - 52393
+    - 52392
+    - 49196
+    - 49200
+    - 49162
+    - 49161
+    - 49171
+    - 49172
+    - 156
+    - 157
+    - 47
+    - 53
+    comp_methods:
+    - 0
+    extensions:
+    - type: server_name
+    - length: 0
+      type: extended_master_secret
+    - length: 1
+      type: renegotiation_info
+    - length: 16
+      supported_groups:
+      - 29
+      - 23
+      - 24
+      - 25
+      - 256
+      - 257
+      type: supported_groups
+    - ec_point_formats:
+      - 0
+      length: 2
+      type: ec_point_formats
+    - alpn_list:
+      - h2
+      - http/1.1
+      length: 14
+      type: application_layer_protocol_negotiation
+    - length: 5
+      status_request_type: 1
+      type: status_request
+    - length: 10
+      sig_hash_algs:
+      - 1027
+      - 1283
+      - 1539
+      - 515
+      type: delegated_credentials
+    - key_shares:
+      - group: 4588
+        length: 1216
+      - group: 29
+        length: 32
+      - group: 23
+        length: 65
+      length: 1327
+      type: keyshare
+    - length: 5
+      supported_versions:
+      - TLS_VERSION_1_3
+      - TLS_VERSION_1_2
+      type: supported_versions
+    - length: 24
+      sig_hash_algs:
+      - 1027
+      - 1283
+      - 1539
+      - 2052
+      - 2053
+      - 2054
+      - 1025
+      - 1281
+      - 1537
+      - 515
+      - 513
+      type: signature_algorithms
+    - length: 2
+      record_size_limit: 4001
+      type: record_size_limit
+    - length: 0
+      type: encrypted_client_hello
+    handshake_version: TLS_VERSION_1_2
+    record_version: TLS_VERSION_1_0
+    session_id_length: 32

tests/targets.yaml

@@ -91,6 +91,10 @@
   - null
   - null
   - firefox_135.0.1_macOS
+- - curl_tor145
+  - null
+  - null
+  - tor_14.5_macOS
 
 # Test libcurl-impersonate by loading it with LD_PRELOAD to an app
 # linked against the regular libcurl and setting the
@@ -195,3 +199,7 @@
   - CURL_IMPERSONATE: firefox135
   - libcurl-impersonate
   - firefox_135.0.1_macOS
+- - minicurl
+  - CURL_IMPERSONATE: tor145
+  - libcurl-impersonate
+  - tor_14.5_macOS

win/bin/curl_tor145.bat

@@ -0,0 +1,35 @@
+:: The list of ciphers can be obtained by looking at the Client Hello message in
+:: Wireshark, then converting it using the cipherlist array at
+
+@echo off
+"%~dp0curl.exe" ^
+    --ciphers "TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA" ^
+    --curves X25519:P-256:P-384:P-521:ffdhe2048:ffdhe3072 ^
+    --signature-hashes ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384,ecdsa_secp521r1_sha512,rsa_pss_rsae_sha256,rsa_pss_rsae_sha384,rsa_pss_rsae_sha512,rsa_pkcs1_sha256,rsa_pkcs1_sha384,rsa_pkcs1_sha512,ecdsa_sha1,rsa_pkcs1_sha1 ^
+    -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.0) Gecko/20100101 Firefox/128.0" ^
+    -H "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" ^
+    -H "Accept-Language: en-US,en;q=0.5" ^
+    -H "Accept-Encoding: gzip, deflate, br, zstd" ^
+    -H "Upgrade-Insecure-Requests: 1" ^
+    -H "Sec-GPC: 1" ^
+    -H "Sec-Fetch-Dest: document" ^
+    -H "Sec-Fetch-Mode: navigate" ^
+    -H "Sec-Fetch-Site: none" ^
+    -H "Sec-Fetch-User: ?1" ^
+    -H "Priority: u=0, i" ^
+    -H "TE: Trailers" ^
+    --http2 ^
+    --http2-settings "1:65536;2:0;4:131072;5:16384" ^
+    --http2-pseudo-headers-order "mpas" ^
+    --http2-window-update 12517377 ^
+    --http2-stream-weight 42 ^
+    --http2-stream-exclusive 0 ^
+    --compressed ^
+    --ech grease ^
+    --tls-extension-order "0-23-65281-10-11-16-5-34-51-43-13-28-65037" ^
+    --tls-delegated-credentials "ecdsa_secp256r1_sha256:ecdsa_secp384r1_sha384:ecdsa_secp521r1_sha512:ecdsa_sha1" ^
+    --tls-record-size-limit 4001 ^
+    --tls-key-shares-limit 3 ^
+    --cert-compression zlib,brotli,zstd ^
+    --tls-signed-cert-timestamps ^
+    %*