Absortio

Email → Summary → Bookmark → Email

Add New Statistics About
← Back to list
Previous Next

A next-generation HTTP stealth proxy which perfectly cloaks requests as the Chro...

https://opensourceprojects.dev/post/1988822692565512353 Dec 5, 2025 06:13

Extracto

A next-generation HTTP stealth proxy which perfectly cloaks requests as the Chrome browser

Resumen

Resumen Principal

Thermoptic es un innovador proxy HTTP desarrollado en Rust que aborda uno de los desafíos más complejos en el ámbito de la automatización web: la detección de tráfico no humano. Su principal misión es generar solicitudes HTTP que sean indistinguibles de las originadas por un navegador Google Chrome real, resolviendo de manera frontal el problema del fingerprinting. Este enfoque va mucho más allá de una simple modificación del User-Agent; Thermoptic realiza una transformación profunda y exhaustiva de cada solicitud, desde la gestión de encabezados hasta las características de red de bajo nivel, replicando con precisión una versión específica de Chrome. Esta capacidad de mimetismo perfecto lo convierte en una herramienta invaluable para desarrolladores dedicados al web scraping ético, la automatización avanzada y las pruebas de seguridad, permitiéndoles sortear los cada vez más sofisticados sistemas anti-bot que buscan identificar y bloquear el tráfico automatizado.

Elementos Clave

  • Mimetismo Completo de Encabezados: Thermoptic no solo añade un User-Agent de Chrome, sino que elimina los encabezados originales del cliente e inyecta un conjunto completo y preciso de encabezados que una instancia real de Chrome enviaría. Esto incluye detalles cruciales como sec-ch-ua y otros client hints, que son vitales para la autenticación de navegadores modernos.
  • Ofuscación del Fingerprint TLS: Una de las características más avanzadas es su capacidad para asegurar que su handshake TLS sea idéntico al de Chrome. Esta simulación a nivel de protocolo es fundamental para evadir los sistemas de detección avanzados que utilizan el fingerprinting TLS para identificar el software cliente subyacente.
  • Simulación de Protocolos Avanzados (HTTP/2 y ALPN): El proxy puede anunciar los mismos IDs de Application-Layer Protocol Negotiation (ALPN) que Chrome, garantizando que la negociación hacia HTTP/2 parezca completamente auténtica. Esta precisión a nivel de protocolo contribuye significativamente a

Contenido

Project Description

2 PostsID: 1988822692565512353

Title: Thermoptic: The HTTP Proxy That Mimics Chrome Perfectly

Intro

Ever needed to make HTTP requests that blend in completely with regular web traffic? Most proxies and scraping tools have a tell – some header is slightly off, the TLS fingerprint is wrong, or the request pattern just doesn't look human. That's where Thermoptic comes in.

It's a next-generation stealth proxy built in Rust that makes your traffic look exactly like it's coming from a real Chrome browser. For developers working on web scraping, automation, or security testing, this is a tool that aims to solve the fingerprinting problem head-on.

What It Does

Thermoptic is an HTTP proxy that sits between your client and the internet. You send your requests to it, and it rewrites them on the fly. But it doesn't just change a user-agent string. It performs a deep transformation of your entire HTTP request, from the headers down to the low-level network characteristics, to perfectly mimic a request from a specific, real version of Google Chrome.

Why It's Cool

The magic of Thermoptic isn't just in swapping headers. Plenty of tools do that. Its cleverness lies in the depth of its mimicry.

  • Comprehensive Header Management: It doesn't just add a Chrome user-agent. It strips your client's original headers and injects a complete, accurate set of headers that a real instance of Chrome for that version would send. This includes the correct sec-ch-ua and other client hint headers.
  • TLS Fingerprint Cloaking: This is a big one. Many advanced systems perform TLS fingerprinting to identify clients. Thermoptic ensures its TLS handshake is identical to Chrome's, making it much harder to detect at the protocol level.
  • HTTP/2 and ALPN Simulation: It can advertise the same Application-Layer Protocol Negotiation (ALPN) IDs as Chrome, ensuring the negotiation to HTTP/2 looks authentic.
  • It's a Proxy, Not a Library: You don't have to rewrite your application. You can point any existing tool—like curl, a script, or a full-blown app—at the Thermoptic proxy and it instantly benefits from the cloaking.

How to Try It

Getting started is straightforward, especially if you have Rust's toolchain installed.

  1. Clone the repository: 
    git clone https://github.com/mandatoryprogrammer/thermoptic
cd thermoptic
  2. Run the proxy (defaults to port 8080): 
    cargo run
  3. Configure your application to use http://127.0.0.1:8080 as its HTTP proxy. For a quick test with curl: 
    curl -x http://127.0.0.1:8080 --proxy-insecure http://httpbin.org/headers

Check the response from httpbin.org/headers. You'll see that the request appears to come from Chrome, not curl.

Final Thoughts

Thermoptic feels like a specialized tool for a specific but important niche. If you're tired of getting blocked by sophisticated anti-bot systems during legitimate scraping or security research, this is absolutely worth a look. It tackles the problem of detection at a deeper level than most utilities. It's not a magic bullet, but it raises the bar significantly for anyone trying to tell your automated traffic apart from a real user browsing with Chrome.

Follow us for more interesting projects: @githubprojects

📧

Did you like this read? Join our newsletter and you will get weekly top stories like this delivered to your inbox. No spam etc.

Join our weekly newsletter

Subscribe to our newsletter to get the latest updates on open-source projects.

Contributors

Fuente: Open-source Projects