http-quik 0.1.5

High-fidelity, stealth-optimized HTTP transport engine for Chrome 134 identity parity.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

//! Data-only definitions for Chrome transport identity profiles.
//!
//! This module defines the configuration schemas used by the `tls` and `http2`
//! modules to construct browser-identical network handshakes. No protocol
//! logic resides here; these structures serve as the single source of truth
//! for all fingerprint-sensitive parameters.
//!
//! Each [`ChromeProfile`] encodes a complete, multi-layer network identity
//! spanning TLS (Layer 4), HTTP/2 (Layer 5), and HTTP metadata (Layer 7).

use boring::ssl::SslVersion;

pub mod chrome_134;

/// Alias for BoringSSL's internal version type.
pub type TlsVersion = SslVersion;

/// Target operating system and CPU architecture.
///
/// The platform determines OS-specific protocol parameters (ALPS payload
/// length, User-Agent string, Client Hint values) and is used by
/// [`chrome_134::profile_auto`] to align the network persona with the
/// host kernel's TCP/IP characteristics.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum Platform {
    /// macOS on Apple Silicon (M1/M2/M3/M4).
    MacOsArm,
    /// macOS on Intel x86-64.
    MacOsX86,
    /// Windows 10/11 on x86-64.
    WindowsX64,
    /// Linux (Ubuntu, Debian, etc.) on x86-64.
    LinuxX64,
}

/// Configuration for the TLS 1.2/1.3 handshake layer.
///
/// This structure defines the Layer 4 identity of the client. Small changes
/// here (such as the order of cipher suites) will change the JA3/JA4
/// fingerprint and can lead to immediate detection.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct TlsProfile {
    /// Minimum allowed TLS version (typically TLS 1.2).
    pub min_version: TlsVersion,
    /// Maximum allowed TLS version (typically TLS 1.3).
    pub max_version: TlsVersion,
    /// Colon-separated list of cipher suites in OpenSSL format.
    ///
    /// Precision in the order of this list is critical as it directly
    /// impacts the JA3/JA4 fingerprint.
    pub cipher_list: &'static str,
    /// Numeric IDs for supported elliptic curve groups.
    pub curves: &'static [u16],
    /// Whether to enable TLS GREASE (RFC 8701) to simulate randomized extensions.
    pub grease_enabled: bool,
    /// Whether to permute (shuffle) TLS extensions per connection.
    pub permute_extensions: bool,
    /// Whether to send a dummy ECH (Encrypted Client Hello) extension for GREASE.
    pub enable_ech_grease: bool,
    /// Whether to enable ALPS (Application-Layer Protocol Settings).
    pub alps_enabled: bool,
    /// Whether to use the draft-01 or final ALPS codepoint.
    pub alps_use_new_codepoint: bool,
    /// Additional H2 SETTINGS IDs to append in the ALPS payload.
    ///
    /// Windows and Linux Chrome include an extra setting (ID 31386) in the
    /// ALPS handshake data that macOS omits. Each tuple is `(id, value)`.
    pub alps_extra_settings: &'static [(u16, u32)],
    /// Whether to support RFC 8879 certificate compression (Brotli).
    pub compress_certificate: bool,
    /// Whether to enable stateless session tickets for fast reconnection.
    pub session_ticket_enabled: bool,
    /// Ordered list of ALPN protocol identifiers.
    pub alpn_protocols: &'static [&'static [u8]],
    /// Ordered list of signature algorithm IDs (used for JA4_r).
    pub sigalgs: &'static [u16],
    /// Whether to verify the server's certificate chain.
    ///
    /// Real browsers always verify certificates. Disable only for testing or
    /// local proxy interception.
    pub verify_peer: bool,
}

/// Initial HTTP/2 SETTINGS frame parameters.
///
/// The values and the *order* in which they are sent are used by Akamai
/// and other WAFs to identify the client implementation.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct SettingsFrame {
    /// SETTINGS_HEADER_TABLE_SIZE (ID 0x1).
    pub header_table_size: u32,
    /// SETTINGS_ENABLE_PUSH (ID 0x2).
    pub enable_push: bool,
    /// SETTINGS_INITIAL_WINDOW_SIZE (ID 0x4).
    pub initial_window_size: u32,
    /// SETTINGS_MAX_HEADER_LIST_SIZE (ID 0x6).
    pub max_header_list_size: u32,
}

/// Configuration for the HTTP/2 protocol layer.
///
/// Defines the Layer 5 identity, focusing on behavioral markers like
/// pseudo-header ordering and stream priority.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct Http2Profile {
    /// Initial SETTINGS frame values and order.
    pub settings: SettingsFrame,
    /// Total connection-level window size (default + delta).
    ///
    /// This value determines the initial `WINDOW_UPDATE` frame increment
    /// sent immediately after the handshake. Chrome uses a specific non-standard
    /// increment that acts as a strong identity signal.
    pub initial_connection_window_size: u32,
    /// Ordering of pseudo-headers (e.g., :method, :authority, :scheme, :path).
    pub pseudo_order: [PseudoOrder; 4],
    /// Priority parameters for the initial HEADERS frame.
    pub headers_priority: HeadersPriority,
}

/// Stream priority parameters embedded in the HEADERS frame.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub struct HeadersPriority {
    /// Stream ID that this request depends on (typically 0).
    pub dep: u32,
    /// Priority weight (0-255).
    pub weight: u8,
    /// Whether this dependency is exclusive.
    pub exclusive: bool,
}

/// Canonical HTTP/2 pseudo-header identifiers.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum PseudoOrder {
    /// `:method`
    Method,
    /// `:authority`
    Authority,
    /// `:scheme`
    Scheme,
    /// `:path`
    Path,
}

/// Chrome-specific HTTP header values and Client Hint metadata.
///
/// These values are injected into every outbound request and must match
/// the declared platform. WAFs cross-check `sec-ch-ua-platform` against
/// the TLS handshake and TCP stack to detect spoofed identities.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct HeaderProfile {
    /// Full `User-Agent` header value.
    pub user_agent: String,
    /// `sec-ch-ua` Client Hint brand list.
    pub sec_ch_ua: String,
    /// `sec-ch-ua-platform` Client Hint (e.g., `"macOS"`, `"Windows"`, `"Linux"`).
    pub sec_ch_ua_platform: String,
    /// `sec-ch-ua-platform-version` Client Hint.
    ///
    /// Must match the host OS: Windows 11 reports `"13.0.0"`,
    /// macOS Sequoia reports `"15.0.0"`, Linux reports `"0.0.0"`.
    pub sec_ch_ua_platform_version: String,
    /// Whether to include the RFC 9218 `priority` header (e.g., `u=0, i`).
    pub include_priority_header: bool,
    /// Whether to advertise `zstd` in the `accept-encoding` header.
    pub zstd_encoding: bool,
}

/// A complete, multi-layer identity profile for a Chrome instance.
///
/// Combines TLS, HTTP/2, and HTTP metadata into a single configuration
/// that, when applied, makes the transport layer indistinguishable from
/// the specified Chrome version and platform.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ChromeProfile {
    /// Major Chrome version (e.g., `134`).
    pub version: u32,
    /// Target operating system and architecture.
    pub platform: Platform,
    /// TLS handshake configuration (JA3/JA4 fingerprint source).
    pub tls: TlsProfile,
    /// HTTP/2 handshake configuration (Akamai fingerprint source).
    pub h2: Http2Profile,
    /// HTTP-level metadata and Client Hints.
    pub headers: HeaderProfile,
}