# Table of Contents - [TLS-Client | Open Source Oasis](#tls-client-open-source-oasis) - [Supported and tested Client Profiles | Open Source Oasis](#supported-and-tested-client-profiles-open-source-oasis) - [Installation & Quick Usage | Open Source Oasis](#installation-quick-usage-open-source-oasis) - [Defaults | Open Source Oasis](#defaults-open-source-oasis) - [Proxies | Open Source Oasis](#proxies-open-source-oasis) - [Request Headers | Open Source Oasis](#request-headers-open-source-oasis) - [Response Body Encoding / Decoding | Open Source Oasis](#response-body-encoding-decoding-open-source-oasis) - [Custom Client Profile | Open Source Oasis](#custom-client-profile-open-source-oasis) - [Cookiejar | Open Source Oasis](#cookiejar-open-source-oasis) - [Certificate Pinning | Open Source Oasis](#certificate-pinning-open-source-oasis) - [Pseudo Header Order | Open Source Oasis](#pseudo-header-order-open-source-oasis) - [Client Options | Open Source Oasis](#client-options-open-source-oasis) - [Shared Library | Open Source Oasis](#shared-library-open-source-oasis) - [Examples | Open Source Oasis](#examples-open-source-oasis) - [WebSocket | Open Source Oasis](#websocket-open-source-oasis) - [Protocol Racing | Open Source Oasis](#protocol-racing-open-source-oasis) - [Node Version | Open Source Oasis](#node-version-open-source-oasis) - [Downloads | Open Source Oasis](#downloads-open-source-oasis) - [Build from source | Open Source Oasis](#build-from-source-open-source-oasis) - [Exposed Methods | Open Source Oasis](#exposed-methods-open-source-oasis) - [JavaScript | Open Source Oasis](#javascript-open-source-oasis) - [Examples | Open Source Oasis](#examples-open-source-oasis) - [Python | Open Source Oasis](#python-open-source-oasis) - [Examples | Open Source Oasis](#examples-open-source-oasis) - [TypeScript | Open Source Oasis](#typescript-open-source-oasis) - [C# | Open Source Oasis](#c-open-source-oasis) - [Examples | Open Source Oasis](#examples-open-source-oasis) - [Examples | Open Source Oasis](#examples-open-source-oasis) - [Defaults | Open Source Oasis](#defaults-open-source-oasis) - [Response | Open Source Oasis](#response-open-source-oasis) - [Payload | Open Source Oasis](#payload-open-source-oasis) - [Standalone API Application | Open Source Oasis](#standalone-api-application-open-source-oasis) - [Configuration & Start | Open Source Oasis](#configuration-start-open-source-oasis) - [Build from source | Open Source Oasis](#build-from-source-open-source-oasis) - [Memory Issues | Open Source Oasis](#memory-issues-open-source-oasis) - [Download | Open Source Oasis](#download-open-source-oasis) - [Endpoints | Open Source Oasis](#endpoints-open-source-oasis) - [Defaults | Open Source Oasis](#defaults-open-source-oasis) - [Response | Open Source Oasis](#response-open-source-oasis) - [Payload | Open Source Oasis](#payload-open-source-oasis) - [Attention | Open Source Oasis](#attention-open-source-oasis) - [How to get support | Open Source Oasis](#how-to-get-support-open-source-oasis) - [Community Support | Open Source Oasis](#community-support-open-source-oasis) - [Further Information | Open Source Oasis](#further-information-open-source-oasis) - [Frequently Asked Questions / Errors | Open Source Oasis](#frequently-asked-questions-errors-open-source-oasis) - [Contributing | Open Source Oasis](#contributing-open-source-oasis) - [Proxies | Open Source Oasis](#proxies-open-source-oasis) - [Antibots & Captchas | Open Source Oasis](#antibots-captchas-open-source-oasis) - [Community Projects | Open Source Oasis](#community-projects-open-source-oasis) --- # TLS-Client | Open Source Oasis [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis#preface) Preface ------------------------------------------------------------------------------- This TLS Client is built upon [https://github.com/Carcraftz/fhttparrow-up-right](https://github.com/Carcraftz/fhttp) and [https://github.com/Carcraftz/utlsarrow-up-right](https://github.com/Carcraftz/utls) as well as [https://github.com/refraction-networking/utlsarrow-up-right](https://github.com/refraction-networking/utls) . Big thanks to all contributors so far. Sadly it seems that the original repositories are not maintained anymore and the original \`utls\` repository is not enough without custom modifications. [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis#what-is-tls-fingerprinting) What is TLS Fingerprinting? ---------------------------------------------------------------------------------------------------------------------- Some people think it is enough to change the user-agent header of a request to let the server think that the client requesting a resource is a specific browser. Nowadays this is not enough, because the server might use a technique to detect the client browser which is called TLS Fingerprinting. Even tho this article is about TLS Fingerprinting in NodeJS it well describes the technique in detail: [https://httptoolkit.tech/blog/tls-fingerprinting-node-js/#how-does-tls-fingerprinting-workarrow-up-right](https://httptoolkit.tech/blog/tls-fingerprinting-node-js/#how-does-tls-fingerprinting-work) [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis#why-is-this-library-needed) Why is this library needed? ---------------------------------------------------------------------------------------------------------------------- With this library you are able to create a http client implementing an interface which is similar to golangs net/http client interface. This TLS Client allows you to specify the client profile (Browser) you want to use, when requesting a server. The interface of the HTTP Client looks like the following and extends the base net/http Client interface by some useful functions. Most likely you will use the `Do()` function like you did before with golangs net/http Client. Copy type HttpClient interface { GetCookies(u *url.URL) []*http.Cookie SetCookies(u *url.URL, cookies []*http.Cookie) SetCookieJar(jar http.CookieJar) GetCookieJar() http.CookieJar SetProxy(proxyUrl string) error GetProxy() string SetFollowRedirect(followRedirect bool) GetFollowRedirect() bool CloseIdleConnections() Do(req *http.Request) (*http.Response, error) Get(url string) (resp *http.Response, err error) Head(url string) (resp *http.Response, err error) Post(url, contentType string, body io.Reader) (resp *http.Response, err error) GetBandwidthTracker() bandwidth.BandwidthTracker GetDialer() proxy.ContextDialer GetTLSDialer() TLSDialerFunc } The methods should be more or less self explanatory. [NextSupported and tested Client Profileschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/supported-and-tested-client-profiles) Last updated 19 days ago --- # Supported and tested Client Profiles | Open Source Oasis ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/supported-and-tested-client-profiles#internal-client-profiles) Internal Client Profiles The internal client profiles were created and tested by myself. Of course that does not mean they are 100% correct. But i tested them more precise then the contributed profiles. 1. Chrome * 103 (chrome\_103) * 104 (chrome\_104) * 105 (chrome\_105) * 106 (chrome\_106) * 107 (chrome\_107) * 108 (chrome\_108) * 109 (chrome\_109) * 110 (chrome\_110) * 111 (chrome\_111) * 112 (chrome\_112) * 116 with PSK (chrome\_116\_PSK) * 116 with PSK and PQ (chrome\_116\_PSK\_PQ) * 117 (chrome\_117) * 120 (chrome\_120) * 124 (chrome\_124) * 133 (chrome\_133) * 133 with PSK (chrome\_133\_PSK) * 144 (chrome\_144) * 144 with PSK (chrome\_144\_PSK) * 146 (chrome\_146) * 146 with PSK (chrome\_146\_PSK) 2. Safari * 15.6.1 (safari\_15\_6\_1) * 16.0 (safari\_16\_0) 3. iOS (Safari) * 15.5 (safari\_ios\_15\_5) * 15.6 (safari\_ios\_15\_6) * 16.0 (safari\_ios\_16\_0) * 17.0 (safari\_ios\_17\_0) * 18.0 (safari\_ios\_18\_0) * 18.5 (safari\_ios\_18\_5) * 26.0 (safari\_ios\_26\_0) 4. iPadOS (Safari) * 15.6 (safari\_ipad\_15\_6) 5. Firefox * 102 (firefox\_102) * 104 (firefox\_104) * 105 (firefox\_105) * 106 (firefox\_106) * 108 (firefox\_108) * 110 (firefox\_110) * 117 (firefox\_117) 6. Opera * 89 (opera\_89) * 90 (opera\_90) * 91 (opera\_91) 7. Custom Clients * Zalando iOS Mobile (zalando\_ios\_mobile) * Nike IOS Mobile (nike\_ios\_mobile) * Cloudscraper * MMS IOS (mms\_ios or mms\_ios\_1) * MMS IOS 2 (mms\_ios\_2) * MMS IOS 3 (mms\_ios\_3) * Mesh IOS (mesh\_ios or mesh\_ios\_1) * Confirmed IOS (confirmed\_ios) ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/supported-and-tested-client-profiles#contributed-client-profiles) Contributed Client Profiles The contributed client profiles are contributed by people from the community. They are not precisely tested like the internal ones. Please be aware that they might have issues. 1. Chrome * 130 with PSK (chrome\_130\_PSK) * 131 (chrome\_131) * 131 with PSK (chrome\_131\_PSK) 2. OkHttp4 * Android 7 (okhttp4\_android\_7) * Android 8 (okhttp4\_android\_8) * Android 9 (okhttp4\_android\_9) * Android 10 (okhttp4\_android\_10) * Android 11 (okhttp4\_android\_11) * Android 12 (okhttp4\_android\_12) * Android 13 (okhttp4\_android\_13) 3. Custom Clients * Zalando Android Mobile (zalando\_android\_mobile) * Nike Android Mobile (nike\_android\_mobile) * Mesh IOS 2 (mesh\_ios\_2) * Mesh Android (mesh\_android or mesh\_android\_1) * Mesh Android 2 (mesh\_android\_2) * Confirmed Android (confirmed\_android) 4. Firefox * 120 (firefox\_120) * 123 (firefox\_123) * 132 (firefox\_132) * 133 (firefox\_133) * 135 (firefox\_135) * 146 with PSK (firefox\_146\_PSK) * 147 (firefox\_147) * 147 with PSK (firefox\_147\_PSK) You can also provide your own client. See the examples how to do that. All Clients support Random TLS Extension Order by setting the option on the HTTP client itself `WithRandomTLSExtensionOrder()`. This is needed for Chrome 107+. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/supported-and-tested-client-profiles#shared-library-and-standalone-api) Shared Library & Standalone Api When working with the Shared Library or Standalone API you need to set `"withRandomExtensionOrder":true` [PreviousTLS-Clientchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis) [NextInstallation & Quick Usagechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/installation-and-quick-usage) Last updated 20 days ago --- # Installation & Quick Usage | Open Source Oasis [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/installation-and-quick-usage#installation) Installation ----------------------------------------------------------------------------------------------------------------------------- Copy go get -u github.com/bogdanfinn/tls-client // or specific version: // go get github.com/bogdanfinn/tls-client@v1.7.2 Some users have trouble when using `go get -u`. If this is the case for you please cleanup your go.mod file and do a `go get` with a specific version like described above in the commented out code. I would recommend to check the Github tags for the latest version and install that one explicit. [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/installation-and-quick-usage#quick-usage-example) Quick Usage Example ------------------------------------------------------------------------------------------------------------------------------------------- Copy package main import ( "fmt" "io" "log" http "github.com/bogdanfinn/fhttp" "github.com/bogdanfinn/tls-client/profiles" tls_client "github.com/bogdanfinn/tls-client" ) func main() { jar := tls_client.NewCookieJar() options := []tls_client.HttpClientOption{ tls_client.WithTimeoutSeconds(30), tls_client.WithClientProfile(profiles.Chrome_120), tls_client.WithNotFollowRedirects(), tls_client.WithCookieJar(jar), // create cookieJar instance and pass it as argument //tls_client.WithProxyUrl("http://user:pass@host:port"), //tls_client.WithInsecureSkipVerify(), } client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(), options...) if err != nil { log.Println(err) return } req, err := http.NewRequest(http.MethodGet, "https://tls.peet.ws/api/all", nil) if err != nil { log.Println(err) return } req.Header = http.Header{ "accept": {"*/*"}, "accept-language": {"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"}, "user-agent": {"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36"}, http.HeaderOrderKey: { "accept", "accept-language", "user-agent", }, } resp, err := client.Do(req) if err != nil { log.Println(err) return } defer resp.Body.Close() log.Println(fmt.Sprintf("status code: %d", resp.StatusCode)) readBytes, err := io.ReadAll(resp.Body) if err != nil { log.Println(err) return } log.Println(string(readBytes)) } For more configured clients check this documentation or use your own custom client. See provided examples how to use a complete custom TLS client. [PreviousSupported and tested Client Profileschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/supported-and-tested-client-profiles) [NextClient Optionschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/client-options) Last updated 1 year ago --- # Defaults | Open Source Oasis If you call `ProvideDefaultClient()` you will receive a TLS-Client instance with the following settings * 30 seconds timeout * Chrome 133 as profile * Random TLS Extension order enabled * Follow Redirects disabled * Idle Connections will be closed after 90 seconds [PreviousCookiejarchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/cookiejar) [NextRequest Headerschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/request-headers) Last updated 1 year ago --- # Proxies | Open Source Oasis Proxies can be used by either setting them as client option `WithProxyUrl` when creating the TLS client or calling `SetProxy` on an exisiting client instance. A proxy should be formatted like this: `http://username:password@host:port` or `socks5://username:password@host:port` If you are using rotating Proxies (proxies with a static URL) then make sure to always call SetProxy with the same proxy again to let the client reconnect to the Proxy Server and receive a new IP-Address. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/proxies#shared-library-and-standalone-api) Shared Library & Standalone API When you are using the shared library or the standalone api you can supply a proxy in the `"proxyUrl"` field and set `"isRotatingProxy"` to `true` or `false`. [PreviousPseudo Header Orderchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/pseudo-header-order) [NextCertificate Pinningchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/certificate-pinning) Last updated 1 year ago --- # Request Headers | Open Source Oasis ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/request-headers#header-sorting) Header Sorting You can sort your request headers per request by just providing a special header key (`"Header-Order:"`) with a list of header keys as sort order. Please keep in mind that it does not matter if your header keys are uppercase or all lowercase. For the header order **you have to define the header keys in the order list all lowercase.** Copy req.Header = http.Header{ "header4": {`value4`}, "header2": {"value2"}, "header1": {"value1"}, "header3": {"value3"}, "Header-Order:": { "header1", "header2", "header3", "header4", }, } #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/request-headers#shared-library-and-standalone-api) Shared Library & Standalone API When you are using the shared library or the standalone api this works exactly the same. You can provide the header order with the same Header Order key. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/request-headers#header-key-capitalization) Header Key Capitalization Sometimes people are confused when to write header keys all lowercase and when to write them with first uppercase letter. For HTTP2 requests header keys are usually all lowercase. For HTTP1 Requests header keys are usually first uppercase letter. Just as a rule of thumb: `"accept-encoding"` => HTTP2 `"Accept-Encoding"` => HTTP1 [PreviousDefaultschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/defaults) [NextPseudo Header Orderchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/pseudo-header-order) Last updated 1 year ago --- # Response Body Encoding / Decoding | Open Source Oasis If you are specifying `accept-encoding` header yourself and you are on a `http1` connection than you have to take care of the response body decompression yourself. It is not done automatically. Only if you are **not** adding `accept-encoding` header then the library adds it for you if not explicit disabled and also handles the decompression automatically. On `http2` the automatic decompression should always be in place according to the `content-type` Header on the Response. `DecompressBody` is an exported function you can use. See the following example on how do decompress the response body manually Copy req, err := http.NewRequest(http.MethodGet, "https://tls.browserleaks.com/json", nil) if err != nil { log.Println(err) goreturn } req.Header = http.Header{ "accept": {"*/*"}, "accept-encoding": {"gzip"}, "accept-language": {"de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7"}, "user-agent": {"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36"}, http.HeaderOrderKey: { "accept", "accept-encoding", "accept-language", "user-agent", }, } resp, err := client.Do(req) if err != nil { log.Println(err) return } defer resp.Body.Close() decomBody := http.DecompressBody(resp) all, err := ioutil.ReadAll(decomBody) if err != nil { log.Println(err) return } log.Println(string(all)) It is possible to disable the automatic decompression on http2 by adding the following option to the http client Copy tls_client.WithTransportOptions(&tls_client.TransportOptions{ DisableCompression: true, }), #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/response-body-encoding-decoding#shared-library-and-standalone-api) Shared Library & Standalone API When you are using the shared library or standalone api application the response body will always be decompressed. [PreviousCertificate Pinningchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/certificate-pinning) [NextCustom Client Profilechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/custom-client-profile) Last updated 2 years ago --- # Custom Client Profile | Open Source Oasis **You should know at least a bit about TLS Fingerprints in order to know what you are doing here and what is minimum required.** You can build complete custom clients which consist of different things. When we look at the factory method we see that you need to provide the following information: * A clientHelloId which holds the `ClientHelloSpecFactory`. More about that later. * A key value map of http2 settings * A list of http2 settings for the order * A list of [pseudo headers](https://bogdanfinn.gitbook.io/open-source-oasis/readme/pseudo-header-order) for the order * A value for the connection flow * A slice of http2 priority settings * A optional header priority setting Copy func NewClientProfile(clientHelloId tls.ClientHelloID, settings map[http2.SettingID]uint32, settingsOrder []http2.SettingID, pseudoHeaderOrder []string, connectionFlow uint32, priorities []http2.Priority, headerPriority *http2.PriorityParam) ClientProfile { return ClientProfile{ clientHelloId: clientHelloId, settings: settings, settingsOrder: settingsOrder, pseudoHeaderOrder: pseudoHeaderOrder, connectionFlow: connectionFlow, priorities: priorities, headerPriority: headerPriority, } } You can create a `ClientHelloSpecFactory` out of a ja3 string by calling GetSpecFactoryFromJa3String. You need to provide in addition the following information, as these can't be derived from the ja3 string: * A list of supported signature algorithms * A list of supported delegated credentials algorithms * A list of supported TLS versions * A list of supported key share curves * A list of certificate compression algorithms. * A value for the RecordSizeLimit Extension Copy ja3 := "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-10-11-13-16-23-43-51-65281-45-21,29-23-24,0" ssa := []string{"ECDSAWithP256AndSHA256", "PSSWithSHA256", "PKCS1WithSHA256", "ECDSAWithP384AndSHA384", "PSSWithSHA384", "PKCS1WithSHA384", "PSSWithSHA512", "PKCS1WithSHA512"} dca := []string{"ECDSAWithP256AndSHA256", "PSSWithSHA256", "PKCS1WithSHA256", "ECDSAWithP384AndSHA384", "PSSWithSHA384", "PKCS1WithSHA384", "PSSWithSHA512", "PKCS1WithSHA512"} sv := []string{"GREASE", "1.3", "1.2"} sc := []string{"GREASE", "X25519"} alpnProtocols := []string{"h2", "http/1.1"} alpsProtocols := []string{"h2"} ccs := []tls_client.CandidateCipherSuites{ { KdfId: "HKDF_SHA256", AeadId: "AEAD_AES_128_GCM", }, { KdfId: "HKDF_SHA256", AeadId: "AEAD_CHACHA20_POLY1305", }, } cp := []uint16{128, 160, 192, 224} certCompressionAlgos := []string{"zlib"} recordSizeLimit := 0 specFunc, err := tls_client.GetSpecFactoryFromJa3String(input, ssa, dca, sv, sc, alpnProtocols, alpsProtocols, ccs, cp, certCompressionAlgos, recordSizeLimit) At the end you can just build the complete custom profile by providing all the above mentioned information. Copy ja3 := "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-10-11-13-16-23-43-51-65281-45-21,29-23-24,0" ssa := []string{"ECDSAWithP256AndSHA256", "PSSWithSHA256", "PKCS1WithSHA256", "ECDSAWithP384AndSHA384", "PSSWithSHA384", "PKCS1WithSHA384", "PSSWithSHA512", "PKCS1WithSHA512"} dca := []string{"ECDSAWithP256AndSHA256", "PSSWithSHA256", "PKCS1WithSHA256", "ECDSAWithP384AndSHA384", "PSSWithSHA384", "PKCS1WithSHA384", "PSSWithSHA512", "PKCS1WithSHA512"} sv := []string{"GREASE", "1.3", "1.2"} sc := []string{"GREASE", "X25519"} alpnProtocols := []string{"h2", "http/1.1"} alpsProtocols := []string{"h2"} ccs := []tls_client.CandidateCipherSuites{ { KdfId: "HKDF_SHA256", AeadId: "AEAD_AES_128_GCM", }, { KdfId: "HKDF_SHA256", AeadId: "AEAD_CHACHA20_POLY1305", }, } cp := []uint16{128, 160, 192, 224} certCompressionAlgos := []string{"zlib"} recordSizeLimit := 0 specFunc, err := tls_client.GetSpecFactoryFromJa3String(input, ssa, dca, sv, sc, alpnProtocols, alpsProtocols, ccs, cp, certCompressionAlgos, recordSizeLimit) if err != nil { log.Println(err.Error()) } settings := map[http2.SettingID]uint32{ http2.SettingHeaderTableSize: 65536, http2.SettingMaxConcurrentStreams: 1000, http2.SettingInitialWindowSize: 6291456, http2.SettingMaxHeaderListSize: 262144, } settingsOrder := []http2.SettingID{ http2.SettingHeaderTableSize, http2.SettingMaxConcurrentStreams, http2.SettingInitialWindowSize, http2.SettingMaxHeaderListSize, } pseudoHeaderOrder := []string{ ":method", ":authority", ":scheme", ":path", } connectionFlow := uint32(15663105) customClientProfile := tls_client.NewClientProfile(tls.ClientHelloID{ Client: "MyCustomProfile", Version: "1", Seed: nil, SpecFactory: specFunc, }, settings, settingsOrder, pseudoHeaderOrder, connectionFlow, nil, nil) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/custom-client-profile#shared-library-and-standalone-api) Shared Library & Standalone API It is also possible to define custom client profiles when working with the shared library or the standalone api. For that you are not calling functions but provide all the information on the request payload that the TLS client is able to build the client profile out of it. Instead of the `"tlsClientIdentifier"` you can provide on the request payload the `"customTlsClient"`. Copy "customTlsClient": { "ja3String": "771,2570-4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,2570-0-23-65281-10-11-35-16-5-13-18-51-45-43-27-17513-2570-21,2570-29-23-24,0", "h2Settings": { "HEADER_TABLE_SIZE": 65536, "MAX_CONCURRENT_STREAMS": 1000, "INITIAL_WINDOW_SIZE": 6291456, "MAX_HEADER_LIST_SIZE": 262144 }, "h2SettingsOrder": [\ "HEADER_TABLE_SIZE",\ "MAX_CONCURRENT_STREAMS",\ "INITIAL_WINDOW_SIZE",\ "MAX_HEADER_LIST_SIZE"\ ], "supportedSignatureAlgorithms": [\ "ECDSAWithP256AndSHA256",\ "PSSWithSHA256",\ "PKCS1WithSHA256",\ "ECDSAWithP384AndSHA384",\ "PSSWithSHA384",\ "PKCS1WithSHA384",\ "PSSWithSHA512",\ "PKCS1WithSHA512",\ ], "supportedVersions": ["GREASE", "1.3", "1.2"], "keyShareCurves": ["GREASE", "X25519"], "ECHCandidatePayloads": [], "certCompressionAlgos": ["brotli"], "recordSizeLimit": 0, "pseudoHeaderOrder": [\ ":method",\ ":authority",\ ":scheme",\ ":path"\ ], "connectionFlow": 15663105, "priorityFrames": [{\ "streamID": 1,\ "priorityParam": {\ "streamDep": 1,\ "exclusive": true,\ "weight": 1\ }\ }], "headerPriority": { "streamDep": 1, "exclusive": true, "weight": 1 }, }, [PreviousResponse Body Encoding / Decodingchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/response-body-encoding-decoding) [NextWebSocketchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/websocket) Last updated 10 months ago --- # Cookiejar | Open Source Oasis Since version 1.0.0 the TLS-Client uses the custom cookiejar implemented which can be found here: [https://github.com/bogdanfinn/tls-client/blob/master/jar.goarrow-up-right](https://github.com/bogdanfinn/tls-client/blob/master/jar.go) Before it was more or less golangs default cookiejar: [https://github.com/bogdanfinn/fhttp/blob/master/cookiejar/jar.goarrow-up-right](https://github.com/bogdanfinn/fhttp/blob/master/cookiejar/jar.go) The custom cookiejar is designed for some specific (sneaker)botting related use cases when it comes to cookie overwriting or sharing cookies across different TLD. Often these use cases were about overwriting exisiting cookies in the jar with newer values or something like that. When using the TLS-Client in go you can easilly switch between both jars just by instantiating the specific cookiejar you need: #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/cookiejar#default-go-cookiejar) Default Go Cookiejar Copy jar, _ := cookiejar.New(nil) options := []tls_client.HttpClientOption{ tls_client.WithCookieJar(jar), } client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(), options...) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/cookiejar#custom-cookiejar) Custom Cookiejar Copy jar := tls_client.NewCookieJar() options := []tls_client.HttpClientOption{ tls_client.WithCookieJar(jar), } client, err := tls_client.NewHttpClient(logger, options...) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/cookiejar#shared-library-and-standalone-api) Shared Library & Standalone API If you are using the shared library or standalone api you can either completely deactiavte cookie jar handling by setting `"withoutCookieJar"` to `true` or you can switch to the default Go cookiejar by setting `"withDefaultCookieJar"` to `true`. By default the Custom Cookiejar will always be used. [PreviousClient Optionschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/client-options) [NextDefaultschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/defaults) Last updated 2 years ago --- # Certificate Pinning | Open Source Oasis You can enable certificate pinning for a TLS-Client instance. You need to provide a map of pins by host when you create the client. See the example code below Copy pins := map[string][]string{ "bstn.com": { "NQvy9sFS99nBqk/nZCUF44hFhshrkvxqYtfrZq3i+Ww=", "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", }, } options := []tls_client.HttpClientOption{ tls_client.WithCertificatePinning(pins, tls_client.DefaultBadPinHandler), } client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(), options...) This example code shows how to enabled certificate pinning for bstn.com. Next to it you can supply a BadPinHandler function as second argument for the WithCertificatePinning option. The default BadPinHandler looks like this. This function will be executed when a bad pin is detected: Copy var DefaultBadPinHandler = func(req *http.Request) { fmt.Println("this is the default bad pin handler") } #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/certificate-pinning#shared-library-and-standalone-api) Shared Library & Standalone API When using the shared library you can supply certificate pinning settings via the `"certificatePinningHosts"` field. This should look similar to this: Copy "certificatePinningHosts": { "bstn.com": [\ "NQvy9sFS99nBqk/nZCUF44hFhshrkvxqYtfrZq3i+Ww=",\ "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=",\ "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=",\ ], }, #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/certificate-pinning#wildcards) Wildcards You can define wildcards for subdomains for example like this Copy pins := map[string][]string{ "*.bstn.com": { "NQvy9sFS99nBqk/nZCUF44hFhshrkvxqYtfrZq3i+Ww=", "4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=", "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=", }, } options := []tls_client.HttpClientOption{ tls_client.WithCertificatePinning(pins, tls_client.DefaultBadPinHandler), } client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(), options...) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/certificate-pinning#how-to-generate-pins) How to generate pins? You can easilly generate pins with this helpful tool: [https://github.com/tam7t/hpkparrow-up-right](https://github.com/tam7t/hpkp) Just install the tool and run the following command against the site you want to generate pins for: Copy hpkp-pins -server=bstn.com:443 [PreviousProxieschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/proxies) [NextResponse Body Encoding / Decodingchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/response-body-encoding-decoding) Last updated 2 years ago --- # Pseudo Header Order | Open Source Oasis Pseudo headers are the following headers: `":method"`, `":authority"`, `":scheme"`, `":path"` and the order of them varies per client profile. Therefore you can define the order of the pseudo headers on the (custom-)client Profile. Copy pseudoHeaderOrder := []string{ ":method", ":authority", ":scheme", ":path", } customClientProfile := tls_client.NewClientProfile(tls.ClientHelloID{ Client: "MyCustomProfile", Version: "1", Seed: nil, SpecFactory: specFunc, }, settings, settingsOrder, pseudoHeaderOrder, connectionFlow, nil, nil) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/pseudo-header-order#shared-library-and-standalone-api) Shared Library & Standalone API You will see on the CustomClient object [payload](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) that you can define the order as a list of strings. [PreviousRequest Headerschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/request-headers) [NextProxieschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/proxies) Last updated 2 years ago --- # Client Options | Open Source Oasis When instantiating the TLS client you can define various options which are documented here: * WithClientProfile Copy WithClientProfile configures a TLS client to use the specified client profile. * WithForceHttp1 Copy WithForceHttp1 configures a client to force HTTP/1.1 as the used protocol. * WithDisableHttp3 Copy WithDisableHttp3 configures a client to disable HTTP 3 as the used protocol. Will most likely fall back to HTTP 2 * WithInsecureSkipVerify Copy WithInsecureSkipVerify configures a client to skip SSL certificate verification. * WithTransportOptions Copy WithTransportOptions configures a client to use the specified transport options. * WithProxyUrl Copy WithProxyUrl configures a HTTP client to use the specified proxy URL. proxyUrl should be formatted as: "http://user:pass@host:port" * WithCharlesProxy Copy WithCharlesProxy configures the HTTP client to use a local running charles as proxy. host and port can be empty, then default 127.0.0.1 and port 8888 will be used * WithCookieJar Copy WithCookieJar configures a HTTP client to use the specified cookie jar. * WithServerNameOverwrite Copy WithServerNameOverwrite configures a TLS client to overwrite the server name being used for certificate verification and in the client hello. This option does only work properly if WithInsecureSkipVerify is set to true in addition * WithTimeoutMilliseconds Copy WithTimeoutMilliseconds configures an HTTP client to use the specified request timeout. timeout is the request timeout in milliseconds. * WithTimeoutSeconds Copy WithTimeoutSeconds configures an HTTP client to use the specified request timeout. timeout is the request timeout in seconds. * WithTimeout Copy WithTimeout configures an HTTP client to use the specified request timeout. timeout is the request timeout in seconds. Deprecated: use either WithTimeoutSeconds or WithTimeoutMilliseconds * WithNotFollowRedirects Copy WithNotFollowRedirects configures an HTTP client to not follow HTTP redirects. * WithCustomRedirectFunc Copy WithCustomRedirectFunc configures an HTTP client to use a custom redirect func. The redirect func have to look like that: func(req *http.Request, via []*http.Request) error Please only provide a custom redirect function if you know what you are doing. Check docs on net/http.Client CheckRedirect * WithRandomTLSExtensionOrder Copy WithRandomTLSExtensionOrder configures a TLS client to randomize the order of TLS extensions being sent in the ClientHello. Placement of GREASE and padding is fixed and will not be affected by this. * WithCertificatePinning Copy WithCertificatePinning enables SSL Pinning for the client and will throw an error if the SSL Pin is not matched. Please refer to https://github.com/tam7t/hpkp/#examples in order to see how to generate pins. The certificatePins are a map with the host as key. You can provide a BadPinHandlerFunc or nil as second argument. This function will be executed once a bad ssl pin is detected. * WithDebug Copy WithDebug configures a client to log debugging information. * WithLocalAddr Copy WithLocalAddr configures an HTTP client to use the specified local address. * WithDisableIPV4 Copy WithDisableIPV4 configures a dialer to use tcp6 network argument * WithDisableIPV6 Copy WithDisableIPV6 configures a dialer to use tcp4 network argument * WithCatchPanics Copy WithCatchPanics configures a client to catch all go panics happening during a request and not print the stacktrace. * WithDefaultHeaders Copy WithDefaultHeaders configures a client to use a set of default headers if none are specified on the request. * WithConnectHeaders Copy WithConnectHeaders configures a client to use the specified headers for the CONNECT request * WithProtocolRacing Copy WithProtocolRacing configures a client to race HTTP/3 (QUIC) and HTTP/2 (TCP) connections in parallel. Similar to Chrome's "Happy Eyeballs" approach, this starts both connection types simultaneously and uses whichever connects first. The client will remember which protocol worked for each host and use it directly on subsequent requests. This option is ignored if WithForceHttp1 or WithDisableHttp3 is set. * WithBandwidthTracker Copy WithBandwidthTracker configures a client to track the bandwidth used by the client. You can retrieve the tracker via GetBandwidthTracker() and call GetTotalBandwidth(), GetWriteBytes(), GetReadBytes() or Reset() on it. * WithDialer Copy WithDialer configures an HTTP client to use the specified dialer. This allows the use of a custom DNS resolver. * WithProxyDialerFactory Copy WithProxyDialerFactory configures an HTTP client to use a custom proxyDialerFactory instead of the default newConnectDialer(). This allows to implement custom proxy dialer use cases. * WithEnableEuckrResponse Copy WithEnableEuckrResponse configures the client to decode the response body using EUC-KR encoding. * WithDialContext Copy WithDialContext sets a custom dialer for TCP connections, allowing advanced networking (Zero-DNS, socket tagging, DPI bypass). WARNING: This overrides built-in proxy settings. If you need a proxy, you must handle the CONNECT handshake manually. Example: Copy client, err := tls_client.NewHttpClient( tls_client.NewNoopLogger(), tls_client.WithClientProfile(profiles.Chrome_124), tls_client.WithDialContext(func(ctx context.Context, network, addr string) (net.Conn, error) { // Custom dialing logic here return net.Dial(network, addr) }), ) * WithPreHook Copy WithPreHook adds a pre-request hook that is called before each request is sent. Multiple hooks can be added and they will be executed in the order they were added. If any hook returns an error, the request is aborted and subsequent hooks are not called. To continue hook execution despite an error, wrap your error with ErrContinueHooks. The hook function signature is: Copy type PreRequestHookFunc func(req *http.Request) error Example: Copy client, err := tls_client.NewHttpClient( tls_client.NewNoopLogger(), tls_client.WithClientProfile(profiles.Chrome_124), tls_client.WithPreHook(func(req *http.Request) error { req.Header.Set("X-Custom-Header", "my-value") return nil }), ) You can also add hooks at runtime using `client.AddPreRequestHook(hook)`. * WithPostHook Copy WithPostHook adds a post-response hook that is called after each request completes. Multiple hooks can be added and they will be executed in the order they were added. Hooks receive a PostResponseContext containing the request, response, and any error that occurred. If a hook returns an error, subsequent hooks are not called (unless wrapped with ErrContinueHooks). The hook function signature and context struct are: Copy type PostResponseContext struct { Request *http.Request Response *http.Response Error error // Non-nil if request failed } type PostResponseHookFunc func(ctx *PostResponseContext) error Example: Copy client, err := tls_client.NewHttpClient( tls_client.NewNoopLogger(), tls_client.WithClientProfile(profiles.Chrome_124), tls_client.WithPostHook(func(ctx *tls_client.PostResponseContext) error { if ctx.Error != nil { log.Printf("Request failed: %v", ctx.Error) } else { log.Printf("Response status: %d", ctx.Response.StatusCode) } return nil }), ) You can also add hooks at runtime using `client.AddPostResponseHook(hook)`. * ErrContinueHooks Copy ErrContinueHooks can be returned (or wrapped) by a hook function to signal that the error should be logged but hook execution should continue to the next hook. By default any error returned from a hook aborts subsequent hooks (and for pre-hooks, the request). Example: Copy tls_client.WithPreHook(func(req *http.Request) error { // This error will be logged but subsequent hooks and the request will continue return fmt.Errorf("something went wrong: %w", tls_client.ErrContinueHooks) }) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/client-options#shared-library-and-standalone-api) Shared Library & Standalone API When using the shared library or standalone api you can find almost every client option as a separate field to turn on / turn off or configure in the request payload. Please take a look at the Documentation about the [Payload](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) . [PreviousInstallation & Quick Usagechevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/installation-and-quick-usage) [NextCookiejarchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/cookiejar) Last updated 17 days ago --- # Shared Library | Open Source Oasis [Node Versionchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/node-version) [Downloadschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/downloads) [Build from sourcechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/build-from-source) [Exposed Methodschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods) [JavaScriptchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript) [Pythonchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/python) [TypeScriptchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/typescript) [C#chevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/c) [Defaultschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/defaults) [Payloadchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) [Responsechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/response) [Memory Issueschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/memory-issues) [PreviousExampleschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/examples) [NextNode Versionchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/node-version) Last updated 1 year ago --- # Examples | Open Source Oasis Please take a look at the following Go Code in the repository to see examples implemented: `./example/main.go` We provide examples for the following use cases: * GET Request * POST Request * Proxy Rotation * Custom Client Profile * Switching the Redirect Following Behavior * SSL Pinning * Downloading Image / Files [PreviousProtocol Racingchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/protocol-racing) [NextShared Librarychevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library) Last updated 2 years ago --- # WebSocket | Open Source Oasis The TLS-Client supports WebSocket connections with the same TLS fingerprinting as regular HTTP requests. This ensures consistent fingerprinting across both HTTP and WebSocket connections. **Important:** WebSocket connections require HTTP/1.1. You **must** use `WithForceHttp1()` when creating the HTTP client. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/websocket#usage-go) Usage (Go) Copy // Create HTTP client with ForceHttp1 (required for WebSocket!) client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(), tls_client.WithClientProfile(profiles.Chrome_133), tls_client.WithForceHttp1(), ) // Create WebSocket with optional header ordering headers := http.Header{ "User-Agent": {"MyBot/1.0"}, http.HeaderOrderKey: {"host", "upgrade", "connection", "user-agent"}, } ws, err := tls_client.NewWebsocket(nil, tls_client.WithUrl("wss://example.com/ws"), tls_client.WithTlsClient(client), tls_client.WithHeaders(headers), ) conn, err := ws.Connect(context.Background()) defer conn.Close() ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/websocket#websocket-options) WebSocket Options * WithUrl Copy WithUrl sets the WebSocket URL to connect to. Required. * WithTlsClient Copy WithTlsClient sets the tls-client HttpClient to use for the WebSocket connection. The underlying dialer from this client will be used to establish the connection, preserving TLS fingerprinting and other client configurations. Required. * WithHeaders Copy WithHeaders sets the HTTP headers to send during the WebSocket handshake. You can use the http.HeaderOrderKey to control header ordering. * WithReadBufferSize Copy WithReadBufferSize sets the read buffer size for the WebSocket connection. * WithWriteBufferSize Copy WithWriteBufferSize sets the write buffer size for the WebSocket connection. * WithHandshakeTimeoutMilliseconds Copy WithHandshakeTimeoutMilliseconds sets the timeout for the WebSocket handshake in milliseconds. * WithCookiejar Copy WithCookiejar sets the cookie jar to use for the WebSocket connection. [PreviousCustom Client Profilechevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/custom-client-profile) [NextProtocol Racingchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/protocol-racing) Last updated 19 days ago --- # Protocol Racing | Open Source Oasis Protocol Racing allows the TLS-Client to race HTTP/3 (QUIC) and HTTP/2 (TCP) connections in parallel, similar to Chrome's "Happy Eyeballs" approach. Both connection types are started simultaneously and whichever connects first is used. The client remembers which protocol worked for each host and uses it directly on subsequent requests. If the cached protocol fails, the client falls back to racing again. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/protocol-racing#how-it-works) How it works 1. On the first request to a host, both HTTP/3 and HTTP/2 connections are started in parallel. 2. HTTP/2 is delayed by 300ms (same as Chrome) to give HTTP/3 a slight head start. 3. Whichever protocol succeeds first is used for the request. 4. The winning protocol is cached for the host and used directly on future requests. 5. If the cached protocol fails, the cache is cleared and racing restarts. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/protocol-racing#usage-go) Usage (Go) Copy client, err := tls_client.NewHttpClient(tls_client.NewNoopLogger(), tls_client.WithClientProfile(profiles.Chrome_133), tls_client.WithProtocolRacing(), ) ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/protocol-racing#configuration-constraints) Configuration Constraints Protocol Racing cannot be used in combination with certain other options. The following configurations are invalid and will result in an error: * `WithProtocolRacing()` + `WithDisableHttp3()` — Racing requires HTTP/3 to be enabled. * `WithProtocolRacing()` + `WithForceHttp1()` — Racing requires HTTP/2 and HTTP/3. * `WithDisableIPV4()` + `WithDisableIPV6()` — Cannot disable both IP versions. * `WithCertificatePinning()` + `WithInsecureSkipVerify()` — Certificate pinning is incompatible with skipping verification. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/readme/protocol-racing#shared-library-and-standalone-api) Shared Library & Standalone API When using the shared library or standalone API, set `"withProtocolRacing": true` in the request payload to enable protocol racing. The same configuration constraints apply. [PreviousWebSocketchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/readme/websocket) [NextExampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/readme/examples) Last updated 19 days ago --- # Node Version | Open Source Oasis Some users experienced issues when using the shared library with NodeJS14 or lower. It is recommended to use at least NodeJS16. [PreviousShared Librarychevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library) [NextDownloadschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/downloads) Last updated 2 years ago --- # Downloads | Open Source Oasis Here you can find the latest prebuilt shared library. Older versions before 1.3.8 can be found in the Github history of the repository: [https://github.com/bogdanfinn/tls-client/releasesarrow-up-right](https://github.com/bogdanfinn/tls-client/releases) [PreviousNode Versionchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/node-version) [NextBuild from sourcechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/build-from-source) Last updated 20 days ago --- # Build from source | Open Source Oasis When you want to build the shared libraries from source you can just run the following script: `cffi_dist/build.sh SOME_BUILD_IDENTIFIER` and it should build the binaries for you. [PreviousDownloadschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/downloads) [NextExposed Methodschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods) Last updated 2 years ago --- # Exposed Methods | Open Source Oasis The shared library exposes the following endpoints / methods you can call. The payload is always a JSON string expect for the `freeMemory` method. You will find the methods also in use in the examples. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods#request-payload-string-greater-than-string) request(payload: string) => string This is the basic method you will use to do requests. For full detailed documentation about the payload please take a look at [Payload](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) . As you see here on other methods you have to turn the JSON Object into a JSON string before supplying it as the payload parameter. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods#getcookiesfromsession-payload-string-greater-than-string) getCookiesFromSession(payload: string) => string Get all cookies which are in the provided session for a given URL. The payload should look like this: Copy "{\"sessionId\": \"someExistingSessionId\", \"url\": \"urlToGetCookiesFor\"}" #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods#addcookiestosession-payload-string-greater-than-string) addCookiesToSession(payload: string) => string Add manual cookies to an existing session. The payload should look like this: Copy "{\"sessionId\": \"someExistingSessionId\", \"url\": \"urlToAddCookiesFor\", \"cookies\": []}" #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods#freememory-responseid-string-greater-than-void) freeMemory(responseId: string) => void Supply the `"id"` of a previous response as string in order to free the allocated memory of the previous response. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods#destroyall-greater-than-string) destroyAll() => string Destroy all existing sessions in order to release allocated memory. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods#destroysession-payload-string-greater-than-string) destroySession(payload: string) => string Destroy a specific session in order to release allocated memory. The payload should look like this: Copy "{\"sessionId\": \"someExistingSessionId\"}" [PreviousBuild from sourcechevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/build-from-source) [NextJavaScriptchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript) Last updated 2 years ago --- # JavaScript | Open Source Oasis [Exampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript/examples) [PreviousExposed Methodschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/exposed-methods) [NextExampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript/examples) Last updated 3 years ago --- # Examples | Open Source Oasis Please take a look at the following NodeJS Code in the repository to see examples implemented: `cffi_dist/example_node/` We provide examples for the following use cases: * GET Request * POST Request * Image Download * Image Upload * Async Request * Custom Client * Use Cookies * Use ffi-rs instead of ffi-napi [PreviousJavaScriptchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript) [NextPythonchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/python) Last updated 1 year ago --- # Python | Open Source Oasis [Exampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/python/examples) [PreviousExampleschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript/examples) [NextExampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/python/examples) Last updated 3 years ago --- # Examples | Open Source Oasis Please take a look at the following Python Code in the repository to see examples implemented: `cffi_dist/example_python/` We provide examples for the following use cases: * GET Request * POST Request * Image Download * Image Upload * Async Request * Custom Client * Use Cookies [PreviousPythonchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/python) [NextTypeScriptchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/typescript) Last updated 1 year ago --- # TypeScript | Open Source Oasis [Exampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/typescript/examples) [PreviousExampleschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/python/examples) [NextExampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/typescript/examples) Last updated 3 years ago --- # C# | Open Source Oasis [Exampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/c/examples) [PreviousExampleschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/typescript/examples) [NextExampleschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/c/examples) --- # Examples | Open Source Oasis Please take a look at the following Typescript Code in the repository to see examples implemented: `cffi_dist/example_typescript/` We provide examples for the following use cases: * GET Request * Async Request In general you can also take a look at the [JavaScript Examples](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/javascript/examples) . The Typescript examples are more about how to define the types correctly and use them. [PreviousTypeScriptchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/typescript) [NextC#chevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/c) Last updated 1 year ago --- # Examples | Open Source Oasis Please take a look at the following C# Code in the repository to see examples implemented: `cffi_dist/example_csharp/` We provide examples for the following use cases: * Loading and definition of the shared Library [PreviousC#chevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/c) [NextDefaultschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/defaults) Last updated 1 year ago --- # Defaults | Open Source Oasis The client from the shared library uses the same default settings as the regular TLS client which are defined [here](https://bogdanfinn.gitbook.io/open-source-oasis/readme/defaults) [PreviousExampleschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/c/examples) [NextPayloadchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) Last updated 1 year ago --- # Response | Open Source Oasis The Response of a call against the shared library looks like this Copy { "id": "some response identifier", "sessionId": "some reusable sessionId if provided on the request", "status": 200, "target": "the target url", "body": "The Response as string here or the error message", "headers": {}, "cookies": {}, "usedProtocol": "h2" } In case of an unexpected error the `"status"` will be 0 The `"id"` is necessary when you want to free the memory used to generate this response. Take a look at [Memory Issues](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/memory-issues) . The `"sessionId"` can be reused to keep the cookies from the previous requests in this session. The `"status"` indicates the status code of the remote response. The `"body"` is the response body from the remote response. The `"headers"` are the headers returned from the remote response. The `"cookies"` are the cookies returned from the remote response. The `"usedProtocol"` indicates which protocol was used for the request (e.g. `"h2"`, `"HTTP/2.0"`, `"HTTP/1.1"`). [PreviousPayloadchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) [NextMemory Issueschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/memory-issues) Last updated 19 days ago --- # Payload | Open Source Oasis This page shows once the full possible request payload against the shared library, with all default values. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#basic-request-input) Basic Request Input Copy { "catchPanics": false, "certificatePinningHosts": null, "customTlsClient": null, "transportOptions": null, "followRedirects": false, "forceHttp1": false, "disableHttp3": false, "withProtocolRacing": false, "headerOrder": null, "headers": null, "insecureSkipVerify": false, "isByteRequest": false, "isByteResponse": false, "isRotatingProxy": false, "proxyUrl": null, "requestBody": null, "requestCookies": null, "requestHostOverride": null, "defaultHeaders": null, "connectHeaders": null, "requestMethod": "", "requestUrl": "", "disableIPV6": false, "disableIPV4": false, "localAddress": null, "sessionId": null, "serverNameOverwrite": "", "streamOutputBlockSize": null, "streamOutputEOFSymbol": null, "streamOutputPath": null, "timeoutMilliseconds": 0, "timeoutSeconds": 0, "tlsClientIdentifier": "", "withDebug": false, "withCustomCookieJar": false, "withoutCookieJar": false, "withRandomTLSExtensionOrder": false, "euckrResponse": false } Field Type Description headers Map Headers to attach on the current request. defaultHeaders will be used when empty. defaultHeaders Map> Default Headers to be used when no request headers are specified. The default header order can be specified with the Key "Header-Order:" connectHeaders Map> Headers to be used during the CONNECT request. serverNameOverwrite string Lookup [Client Option](https://bogdanfinn.gitbook.io/open-source-oasis/readme/client-options) "WithServerNameOverwrite" * `sessionId` is optional. When not provided the API does not create a Session. On every forwarded request with a given sessionId you will receive the sessionId in the response to be able to reuse sessions (cookies). * Be aware that `insecureSkipVerify` and the `timeoutSeconds` can not be changed during a session. * `followRedirects` and `proxyUrl` can be changed within a session. * If you do not want to set `requestBody` or `proxyUrl` use `null` instead of empty string * When you set `isByteResponse` to `true` the response body will be a base64 encoded string. Useful when you want to download images for example. * When you set `isByteRequest` to `true` the request body needs to be a base64 encoded string. Useful when you want to upload images for example. * When you set `withProtocolRacing` to `true` the client will race HTTP/3 (QUIC) and HTTP/2 (TCP) connections in parallel, similar to Chrome's "Happy Eyeballs" approach. Cannot be used together with `forceHttp1` or `disableHttp3`. * When you set `euckrResponse` to `true` the response body will be decoded using EUC-KR encoding. * When you set `withCustomCookieJar` to `true` a custom TLS-Client cookie jar will be used which is more suited for certain use cases. Otherwise the default Go cookie jar is used. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#custom-tls-client) Custom TLS-Client Copy { "certCompressionAlgos": [], "connectionFlow": 0, "h2Settings": null, "h2SettingsOrder": null, "h3Settings": null, "h3SettingsOrder": null, "h3PseudoHeaderOrder": null, "h3PriorityParam": 0, "h3SendGreaseFrames": false, "headerPriority": null, "ja3String": "", "keyShareCurves": null, "priorityFrames": null, "alpnProtocols": null, "alpsProtocols": null, "ECHCandidatePayloads": null, "ECHCandidateCipherSuites": null, "pseudoHeaderOrder": null, "supportedDelegatedCredentialsAlgorithms": null, "supportedSignatureAlgorithms": null, "supportedVersions": null, "recordSizeLimit": 0, "streamId": 0, "allowHttp": false } Field Type Description certCompressionAlgos Array See possible values at the end of this page connectionFlow integer h2Settings Map See possible values for the Map keys at the end of this page. h2SettingsOrder Array Array of string keys which are used in the h2Settings property but ordered. h3Settings Map HTTP/3 settings. See possible values for the Map keys at the end of this page. h3SettingsOrder Array Array of string keys which are used in the h3Settings property but ordered. h3PseudoHeaderOrder Array Pseudo header order for HTTP/3 requests. h3PriorityParam integer HTTP/3 priority parameter. h3SendGreaseFrames boolean Whether to send GREASE frames in HTTP/3. headerPriority PriorityParam See type definition below in next section ja3String string keyShareCurves Array See possible values at the end of this page priorityFrames Array See type definition below in next section alpnProtocols Array List of supported protocols for the ALPN Extension alpsProtocols Array List of supported protocols for the ALPS Extension ECHCandidatePayloads Array List of ECH Candidate Payloads ECHCandidateCipherSuites Array See type definition below in next section pseudoHeaderOrder Array See possible values at the end of this page supportedDelegatedCredentialsAlgorithms Array See possible values at the end of this page supportedSignatureAlgorithms Array See possible values at the end of this page supportedVersions Array See possible values at the end of this page recordSizeLimit integer TLS record size limit extension value streamId integer Initial HTTP/2 stream ID allowHttp boolean Allow plaintext HTTP connections #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#transportoptions) TransportOptions Copy { "disableKeepAlives": false, "disableCompression": false, "maxIdleConns": 0, "maxIdleConnsPerHost": 0, "maxConnsPerHost": 0, "maxResponseHeaderBytes": 0, "writeBufferSize": 0, "readBufferSize": 0, "idleConnTimeout": 0, } Field Type Description disableKeepAlives boolean disableCompression boolean disables (automatic) decompression behavor as documented [here](https://bogdanfinn.gitbook.io/open-source-oasis/readme/response-body-encoding-decoding) maxIdleConns integer maxIdleConnsPerHost integer maxConnsPerHost integer maxResponseHeaderBytes integer If zero, a default is used writeBufferSize integer If zero, a default (currently 4KB) is used readBufferSize integer If zero, a default (currently 4KB) is used idleConnTimeout integer Duration in Nano Seconds #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#candidateciphersuite) CandidateCipherSuite Copy { "kdfId": "", "aeadId": "", } Field Type Description kdfId string See possible values at the end of this page aeadId string See possible values at the end of this page #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#priorityparam) PriorityParam Copy { "streamDep": 0, "exclusive": false, "weight": 0 } Field Type Description streamDep integer exclusive boolean weight integer #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#priorityframes) PriorityFrames Copy { "streamID": 0, "priorityParam": null } Field Type Description streamId integer priorityParam PriorityParam See type in the section above #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#cookie-input) Cookie Input Copy { "domain": "", "expires": 0, "maxAge": 0, "name": "", "path": "", "value": "", "secure": false, "httpOnly": false } Field Type Description domain string expires integer Unix Timestamp maxAge integer Number of seconds the cookie is valid. name string path string value string secure boolean Whether the cookie should only be sent over HTTPS. httpOnly boolean Whether the cookie is inaccessible to client-side scripts. If both `Expires` and `Max-Age` are set, `Max-Age` has precedence. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#values) Values Here you can find the allowed possible string values to supply for fields like `supportedDelegatedCredentialsAlgorithms`, `supportedSignatureAlgorithms`, `supportedVersions` and much more. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#h2settings) H2Settings Copy "HEADER_TABLE_SIZE", "ENABLE_PUSH", "MAX_CONCURRENT_STREAMS", "INITIAL_WINDOW_SIZE", "MAX_FRAME_SIZE", "MAX_HEADER_LIST_SIZE", "UNKNOWN_SETTING_7", "UNKNOWN_SETTING_8", "UNKNOWN_SETTING_9", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#h3settings) H3Settings Copy "QPACK_MAX_TABLE_CAPACITY", "MAX_FIELD_SECTION_SIZE", "QPACK_BLOCKED_STREAMS", "H3_DATAGRAM", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#supported-versions) Supported Versions Copy "GREASE", "1.3", "1.2", "1.1", "1.0", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#supported-signature-algorithms) Supported Signature Algorithms Copy "PKCS1WithSHA256", "PKCS1WithSHA384", "PKCS1WithSHA512", "PSSWithSHA256", "PSSWithSHA384", "PSSWithSHA512", "ECDSAWithP256AndSHA256", "ECDSAWithP384AndSHA384", "ECDSAWithP521AndSHA512", "PKCS1WithSHA1", "ECDSAWithSHA1", "Ed25519", "SHA224_RSA", "SHA224_ECDSA", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#certcompressionalgorithm) certCompressionAlgorithm Copy "zlib", "brotli", "zstd", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#supported-delegated-credentials) Supported delegated credentials Copy "PKCS1WithSHA256", "PKCS1WithSHA384", "PKCS1WithSHA512", "PSSWithSHA256", "PSSWithSHA384", "PSSWithSHA512", "ECDSAWithP256AndSHA256", "ECDSAWithP384AndSHA384", "ECDSAWithP521AndSHA512", "PKCS1WithSHA1", "ECDSAWithSHA1", "Ed25519", "SHA224_RSA", "SHA224_ECDSA" #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#keysharecurves) KeyShareCurves Copy "GREASE", "P256", "P384", "P521", "X25519", "P256Kyber768", "X25519Kyber512D", "X25519Kyber768", "X25519Kyber768Old", "X25519MLKEM768", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#kdfids) kdfIds Copy "HKDF_SHA256", "HKDF_SHA384", "HKDF_SHA512", #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload#aeadids) aeadIds Copy "AEAD_AES_128_GCM", "AEAD_AES_256_GCM", "AEAD_CHACHA20_POLY1305", [PreviousDefaultschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/defaults) [NextResponsechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/response) Last updated 19 days ago --- # Standalone API Application | Open Source Oasis The standalone API Application can be found here: [https://github.com/bogdanfinn/tls-client-apiarrow-up-right](https://github.com/bogdanfinn/tls-client-api) This is an application which is using [gosolinearrow-up-right](https://github.com/justtrackio/gosoline) and [TLS-Clientarrow-up-right](https://github.com/bogdanfinn/tls-client) to run a simple request forwarding service with the option to use specific TLS fingerprints which are implemented in [TLS-clientarrow-up-right](https://github.com/bogdanfinn/tls-client) . [PreviousMemory Issueschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/memory-issues) [NextDownloadchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/download) Last updated 2 years ago --- # Configuration & Start | Open Source Oasis * Configure things like api port and authentication keys in the `cmd/tls-client-api/config.dist.yml` file. * The default endpoint is `http://127.0.0.1:8080/api/forward` * You need to set a `x-api-key` header with an auth key from the config file. This is for protecting the API when you host it on some server. Requests without the correct keys in the header will be rejected. [PreviousBuild from sourcechevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/build-from-source) [NextEndpointschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/endpoints) Last updated 2 years ago --- # Build from source | Open Source Oasis When you want to build the application from source, make sure to also checkout this repository `https://github.com/Solem8s/gosoline` on the branch `tls-client-api` next to this project. Afterwards you can just run the following script: `cmd/tls-client-api/build.sh SOME_BUILD_IDENTIFIER` and it should build the binaries for you. [PreviousDownloadchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/download) [NextConfiguration & Startchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/configuration-and-start) Last updated 2 years ago --- # Memory Issues | Open Source Oasis #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/memory-issues#go-tls-client-and-standalone-api) Go TLS Client & Standalone API For the pure go implementation there is no real possibility to run into memory leak issues, except of the fact that you implemented your request handling badly and the references to your objects are never really freed that the go garbage collection can not clean up the used memory. If you are running into memory leak issues with the Go client or the standalone api please double check your request handling in order so see if you are doing things not as recommended (for example not closing or deferred closing the response body inside an infinite loop) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/memory-issues#shared-library) Shared Library If you are using the shared library there is potential to run into memory leak issues. Luckily you can avoid that by following a couple simple steps. By design there is memory allocated for every response coming from the go implementation (shared library) to the invoking application (python, node, etc.). The caller has to free the memory when he is done with handling the response. otherwise the memory will never be freed and you run into memory issues. On every response from the shared library you will see an `"id"` property. You can pass the value from the `"id"` field as parameter to the `freeMemory()` call of the shared library. Copy const response = tlsClientLibrary.request(JSON.stringify(requestPayload)); const responseObject = JSON.parse(response) tlsClientLibrary.freeMemory(responseObject.id) // free memory Copy response = request(dumps(request_payload).encode('utf-8')) response_bytes = ctypes.string_at(response) response_string = response_bytes.decode('utf-8') response_object = loads(response_string) freeMemory(response_object['id'].encode('utf-8')) [PreviousResponsechevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/response) [NextStandalone API Applicationchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application) Last updated 1 year ago --- # Download | Open Source Oasis Here you can find the latest prebuilt binaries. Older versions before 1.3.8 can be found in the Github history of the repository: [https://github.com/bogdanfinn/tls-client-api/releasesarrow-up-right](https://github.com/bogdanfinn/tls-client-api/releases) There is a binary for linux, macos and windows. Just modify the `config.dist.yml` file next to the binary to your needs and start the application. [PreviousStandalone API Applicationchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application) [NextBuild from sourcechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/build-from-source) Last updated 2 years ago --- # Endpoints | Open Source Oasis You need to do a POST Request against the running API with the following JSON Request Body. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/endpoints#forward-request-api-forward) Forward Request `/api/forward` Copy curl --location --request POST '127.0.0.1:8080/api/forward' \ --header 'x-api-key: my-auth-key-1' \ --header 'Content-Type: application/json' \ --data-raw '{ "tlsClientIdentifier": "chrome_105", "requestUrl": "https://tls.peet.ws/api/all", "requestMethod": "GET" }' #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/endpoints#get-cookies-from-session-api-cookies) Get Cookies from Session `/api/cookies` Copy curl --location --request POST '127.0.0.1:8080/api/cookies' \ --header 'x-api-key: my-auth-key-1' \ --header 'Content-Type: application/json' \ --data-raw '{ "sessionId":"my-custom-sessionid", "url":"http://some-url.com" }' #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/endpoints#free-single-session-api-free-session) Free Single Session `/api/free-session` Copy curl --location --request POST '127.0.0.1:8080/api/free-session' \ --header 'x-api-key: my-auth-key-1' \ --header 'Content-Type: application/json' \ --data-raw '{ "sessionId":"my-custom-sessionid" }' #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/endpoints#free-all-sessions-api-free-all) Free All Sessions `/api/free-all` Copy curl --location --request GET '127.0.0.1:8080/api/free-all' \ --header 'x-api-key: my-auth-key-1' [PreviousConfiguration & Startchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/configuration-and-start) [NextDefaultschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/defaults) Last updated 2 years ago --- # Defaults | Open Source Oasis For the standalone api the same defaults are configured as for the shared library you can find [here](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/defaults) . [PreviousEndpointschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/endpoints) [NextAttentionchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/attention) Last updated 2 years ago --- # Response | Open Source Oasis The response for the standalone api is the same as for the shared library which you can find [here](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/response) [PreviousPayloadchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/payload) [NextHow to get supportchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support) Last updated 2 years ago --- # Payload | Open Source Oasis The payload you can send against the standalone api is exactly the same as for the shared library which you can find [here](https://bogdanfinn.gitbook.io/open-source-oasis/shared-library/payload) [PreviousAttentionchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/attention) [NextResponsechevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/response) Last updated 2 years ago --- # Attention | Open Source Oasis * Applications powered with [gosolinearrow-up-right](https://github.com/justtrackio/gosoline) automatically host a health check endpoint which is by default on port `8090` under the path `/health`. So in our case it would be `http://127.0.0.1:8090/health`. * Applications powered with [gosolinearrow-up-right](https://github.com/justtrackio/gosoline) automatically host a metadata server for your application to provide insights into your application. The metadata server is hosted on port `8070` and has three endpoints. `/`, `/config`, `/memory` this should help you debugging your application. * **Do not make this endpoints public available when you host the Application on some server in the internet. You would make your config file public available.** [PreviousDefaultschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/defaults) [NextPayloadchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/payload) Last updated 2 years ago --- # How to get support | Open Source Oasis [Frequently Asked Questions / Errorschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support/frequently-asked-questions-errors) [Community Supportchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support/community-support) [PreviousResponsechevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/standalone-api-application/response) [NextFrequently Asked Questions / Errorschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support/frequently-asked-questions-errors) Last updated 1 year ago --- # Community Support | Open Source Oasis Please join the community support server here: [https://discord.gg/7Ej9eJvHqkarrow-up-right](https://discord.gg/7Ej9eJvHqk) and ask for support in the community. I will not give support to you in my Discord DMs. [PreviousFrequently Asked Questions / Errorschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support/frequently-asked-questions-errors) [NextFurther Informationchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/further-information) Last updated 2 years ago --- # Further Information | Open Source Oasis This library uses the following api: [https://tls.peet.ws/api/allarrow-up-right](https://tls.peet.ws/api/all) to verify the hashes and fingerprints for http2 and ja3. Be aware that also peets api does not show every extension/cipher a TLS client is using. Do not rely just on ja3 strings. The API does not include the GREASE Extenson into the ja3 string. It’s omitted on purpose. Always have a look at the extension list and not only on the ja3 string. Show some love for peet here: [https://www.buymeacoffee.com/peeetarrow-up-right](https://www.buymeacoffee.com/peeet) If you appreciate my work feel free to [buy me a coffeearrow-up-right](https://www.buymeacoffee.com/CaptainBarnius) or donate some money to charity. [PreviousCommunity Supportchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support/community-support) [NextAntibots & Captchaschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas) Last updated 1 year ago --- # Frequently Asked Questions / Errors | Open Source Oasis Here are some frequently asked questions about the cookiejar 1. How can i delete cookies from the session / jar? * Pass a new cookiejar instance to the clients SetCookiejar() method * For the shared library there is no option to delete all cookies of a session * You can delete a single cookie inside a session if you give the cookie a negative maxAge value. (Does only work for the tls\_client cookiejar not the standard cookiejar) 2. I can not do a successful POST Request with the shared library or standalone api * Be aware that when you do a POST Request and want to provide a forwarded request body in the `requestBody` field it has to be a string. That means if you want to send JSON you need to stringify this JSON to a string first and set the correct `content-type` header. 3. How can I use other request body content types besides json? * `requestBody` accepts strings and forwards them as the payload. combined with the `content-type` header the api makes the actual request body out of it. You can use for example `application/x-www-form-urlencoded` content type in the header and then just provide as request body a string similar to `key=value&key=value` 4. x509: certificate signed by unknown authority * As the message indicates you are trying to request a server which most likely has a self signed ssl certificate. There is a client option to skip the cerification. 5. x509: certificate has expired or is not yet valid * As the message indicates you are trying to request a server which most likely has an expired or invalid ssl certificate. There is a client option to skip the cerification. 6. stream error: stream ID 3; PROTOCOL\_ERROR * Sometimes this happens when people set a wrong `content-length` header on the request. Usually you never need to set the `content-length` header because the client will take care of that for you. [PreviousHow to get supportchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support) [NextCommunity Supportchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/how-to-get-support/community-support) Last updated 1 year ago --- # Contributing | Open Source Oasis Contributions to this documentation are welcome! If you find something that is outdated, incorrect, or missing, feel free to help improve it. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/contributing#how-to-contribute) How to contribute 1. Fork the documentation repository: [https://github.com/bogdanfinn/tls-client-docsarrow-up-right](https://github.com/bogdanfinn/tls-client-docs) 2. Create a new branch for your changes. 3. Make your changes and commit them. 4. Open a Pull Request against the `main` branch with a short description of what you changed and why. ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/contributing#what-you-can-contribute) What you can contribute * Fix typos or incorrect information * Add missing documentation for existing features * Improve existing explanations or examples * Add examples for additional languages or use cases * Add or update client profile information [PreviousCommunity Projectschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/community-projects) Last updated 19 days ago --- # Proxies | Open Source Oasis #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/proxies#thordata) Thordata Thordata is a leading global residential proxy provider with a massive pool of 60 million dynamic IPs. We empower large-scale web data extraction with fast, stable, and highly scalable access. With a guaranteed 99.9% uptime, Thordata offers a versatile range of Mobile, Static ISP, and Datacenter proxies. [![Logo](https://bogdanfinn.gitbook.io/open-source-oasis/~gitbook/image?url=https%3A%2F%2Fwww.thordata.com%2Ffavicon.ico&width=20&dpr=3&quality=100&sign=175b6ab2&sv=2)Thordata - High-Quality Proxy Service for Web Data Scrapingwww.thordata.comchevron-right](https://www.thordata.com/?ls=github&lk=scrapoxy) [PreviousAntibots & Captchaschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas) [NextCommunity Projectschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/community-projects) Last updated 27 days ago --- # Antibots & Captchas | Open Source Oasis The TLS-Client is just a tool to mimic specific client profiles. It does not solve / pass antibot solutions which have other "challenges" like a javascript challenge or require solving a captcha. Luckily for this there are various services on the market to help you. #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas#hypersolutions) HyperSolutions Hyper Solutions offers proven solutions for handling Akamai, Incapsula, DataDome, Kasada, and Cloudflare antibot systems. Our request-based APIs generate tokens and sensor data instantly. No browsers, no complexity, just fast and reliable bypass solutions trusted by leading companies across industries. [![Logo](https://bogdanfinn.gitbook.io/open-source-oasis/~gitbook/image?url=https%3A%2F%2Fhypersolutions.co%2Ffavicon.ico&width=20&dpr=3&quality=100&sign=eadd682b&sv=2)Bot Protection Bypass API | Hyper SolutionsHyper Solutionschevron-right](https://hypersolutions.co/?utm_source=gitbook&utm_medium=sponsorship&utm_campaign=open_source_oasis) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas#parallaxsystems) **ParallaxSystems** ParallaxSystems offers the most reliable solutions for handling various AntiBot Systems, trusted by leading companies across industries. With years of expertise, we ensure seamless integration and fast results, including direct cookie returns for ultimate efficiency. [![Logo](https://bogdanfinn.gitbook.io/open-source-oasis/~gitbook/image?url=https%3A%2F%2Fdiscord.com%2Fassets%2Ffavicon.ico&width=20&dpr=3&quality=100&sign=688cc3fe&sv=2)Join the ParallaxAPIs | Antibot's & solution's Discord Server!Discordchevron-right](https://discord.gg/parallaxapis) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas#capsolver.com) Capsolver.com Capsolver‘s automatic captcha solver offers the most affordable and quick captcha-solving solution. You may rapidly combine it with your program using its simple integration option to achieve the best results in a matter of seconds. [![Logo](https://bogdanfinn.gitbook.io/open-source-oasis/~gitbook/image?url=https%3A%2F%2Fwww.capsolver.com%2Ffavicon.ico&width=20&dpr=3&quality=100&sign=55caf0a6&sv=2)Capsolver: Fastest AI Captcha Solver, Auto Captcha Solving Servicecapsolverchevron-right](https://www.capsolver.com/) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas#nstbrowser.io) Nstbrowser.io Nstbrowser is a powerful anti-detect browser designed for multi-accounting professionals to manage multiple accounts securely and efficiently. [![Logo](https://bogdanfinn.gitbook.io/open-source-oasis/~gitbook/image?url=https%3A%2F%2Fwww.nstbrowser.io%2Ffavicon.ico&width=20&dpr=3&quality=100&sign=ad83ac63&sv=2)Nstbrowser - Advanced Anti-Detect Browser for Web Scraping and Multiple Accounts Managingwww.nstbrowser.iochevron-right](https://www.nstbrowser.io/) #### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/antibots-and-captchas#other-services) Other services [![Logo](https://bogdanfinn.gitbook.io/open-source-oasis/~gitbook/image?url=https%3A%2F%2Fgeekflare.com%2Fwp-content%2Fuploads%2F2024%2F05%2Fcropped-geekflare-brand-favicon-192x192.png&width=20&dpr=3&quality=100&sign=78bc44a0&sv=2)12 Best Captcha Solver APIs for Web Scraping and AutomationGeekflarechevron-right](https://geekflare.com/captcha-solving-services-api/) [PreviousFurther Informationchevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/further-information) [NextProxieschevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/proxies) Last updated 27 days ago --- # Community Projects | Open Source Oasis Here you can find a list of projects which are using the TLS-Client ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/community-projects#go) Go * [https://github.com/mochaaless/bogdanfinn-go-wrapperarrow-up-right](https://github.com/mochaaless/bogdanfinn-go-wrapper) ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/community-projects#python) Python * [https://github.com/FlorianREGAZ/Python-Tls-Clientarrow-up-right](https://github.com/FlorianREGAZ/Python-Tls-Client) * [https://github.com/rawandahmad698/noble-tlsarrow-up-right](https://github.com/rawandahmad698/noble-tls) * [https://github.com/daijro/hrequestsarrow-up-right](https://github.com/daijro/hrequests) * [https://thewebscraping.github.io/tls-requests/arrow-up-right](https://thewebscraping.github.io/tls-requests/) ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/community-projects#javascript-node) JavaScript / Node * [https://www.npmjs.com/package/@dryft/tlsclientarrow-up-right](https://www.npmjs.com/package/@dryft/tlsclient) * [https://github.com/DemonMartin/tlsClientarrow-up-right](https://github.com/DemonMartin/tlsClient) * [https://github.com/senpai0807/tls-serverarrow-up-right](https://github.com/senpai0807/tls-server) ### [hashtag](https://bogdanfinn.gitbook.io/open-source-oasis/community-projects#others) Others * [https://github.com/vihangatheturtle/TLSProxyarrow-up-right](https://github.com/vihangatheturtle/TLSProxy) * [https://github.com/brianxor/tls-apiarrow-up-right](https://github.com/brianxor/tls-api) [PreviousProxieschevron-left](https://bogdanfinn.gitbook.io/open-source-oasis/proxies) [NextContributingchevron-right](https://bogdanfinn.gitbook.io/open-source-oasis/contributing) Last updated 5 months ago ---