Observing differences in the fingerprint between chrome131 impersonate and chrome 132

[charliedelta02]

The question

We have chrome v131 impersonate support on curl-cffi with chrome131 for desktop (Mac, Windows) and chrome131_android for Mobile devices.
I was verifying my chrome browsers on mac and on android device and found that Google has updated their chrome browser versions to chrome v132 on desktop and mobile.

As far as my understanding goes, the ja3n hash will remain the same for a given browser version. Correct?

As per https://tls.browserleaks.com/json:

• The ja3n hash for chrome131 impersonate is:

"ja3n_hash": "dee19b855b658c6aa0f575eda2525e19",
"ja3n_text": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-5-10-11-13-16-18-23-27-35-43-45-51-17513-65037-65281,4588-29-23-24,0"

• The ja3n hash for chrome131_android impersonate is:

"ja3n_hash": "473f0e7c0b6a0f7b049072f4e683068b",
"ja3n_text": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-5-10-11-13-16-18-23-27-35-43-45-51-17513-65037-65281,29-23-24,0"

• On my Mac OS chrome browser, I observe the following ja3n fingerprint for chrome v132:

"ja3n_hash": "8e19337e7524d2573be54efb2b0784c9",
"ja3n_text": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-5-10-11-13-16-18-23-27-35-43-45-51-17613-65037-65281,4588-29-23-24,0"

• On my Android device chrome browser, I observe the following ja3n fingerprint for chrome v132:

"ja3n_hash": "8e19337e7524d2573be54efb2b0784c9",
"ja3n_text": "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-5-10-11-13-16-18-23-27-35-43-45-51-17613-65037-65281,4588-29-23-24,0"

Following are my questions:

• ja3n hash will remain the same for a given browser version. Correct?
• Is the data available on https://tls.browserleaks.com/json correct and can it be trusted?
• It appears to me that the chrome fingerprint for v132 has changed from the fingerprint for chrome v131 both for Desktop and Mobile. Is this not the case?
• If it has, would we be able to expect a new chrome v132 impersonate support for Desktop and Mobile?
• If my understanding is incorrect, how can I obtain the ja3n string for a device? I do not see anything related to ja3n using Wireshark and Wireshark is also not usable with android devices.

Versions

If it's related to a specific environment, paste your env info here.

• OS: [MacOS, Android]
• curl_cffi version [0.8.0b7]

[lexiforest]

Thanks for the heads up. I can confirm this on my Chrome 132 on macOS. Update is on my TODO list now. But I think there are some other high priority issues, such as #471.

For you questions:

ja3n hash will remain the same for a given browser version. Correct?

Yes, that's what we observed.

Is the data available on https://tls.browserleaks.com/json correct and can it be trusted?

Yes, I personally trust them. But be aware that js3(n) string does not cover all the details in a TLS fingerprint.

If my understanding is incorrect, how can I obtain the ja3n string for a device? I do not see anything related to ja3n using Wireshark and Wireshark is also not usable with android devices.

Two ways, first, you CAN capture the packet with network sniff tools, just dig deeper. Second, you can write a simple app with the target http lib, e.g. okhttp, and point the url to one of the fingerprint websites.

[charliedelta02]

Thanks for the heads up. I can confirm this on my Chrome 132 on macOS. Update is on my TODO list now. But I think there are some other high priority issues, such as #471.

Thank you for acknowledging this. As mentioned by you, there appears to be other high priority fixes. Since chrome fingerprint for Desktop and Mobile both have changed, what approach must we follow to avoid detection until there is support?

It looks like Safari has also been updated to version 18_3 for Mac and iOS. I did not observe a change in the fingerprint form Safari18_0 and Safari18_0_ios with version 18_3 at my end. Have you verified this at your end as well? Should we continue with Safari 18_3 for MacOS and iOS?

I saw somewhere that we will have Firefox support with curl-cffi. Will this be available anytime soon?

Another option that I see is this: https://curl-cffi.readthedocs.io/en/latest/impersonate.html#how-to-use-my-own-fingerprints-other-than-the-builtin-ones-e-g-okhttp
Does it make sense to use the custom fingerprint support to pass the ja3(n) string for chrome v132 to mimic it?

Two ways, first, you CAN capture the packet with network sniff tools, just dig deeper. Second, you can write a simple app with the target http lib, e.g. okhttp, and point the url to one of the fingerprint websites.

If it isn't too much to ask, would you be able to elaborate on the second approach? I did not quite understand it. Would be great if you can share a reference article or possibly an example.

[lexiforest]

Firefox support with curl-cffi. Will this be available anytime soon?

Yes, once I figure out how to build against the new Windows binary.

share a reference article or possibly an example.

https://github.com/ProxymanApp/OKHTTP-Android-Sample

[lexiforest]

It looks like Safari has also been updated to version 18_3 for Mac and iOS.

Let me verify that later tomorrow after my scheduled midnight macOS update.