meme ja4 fingerprint cloudflare

Impersonate fingerprint of the latest version of Chrome, Firefox, and Edge

The very first bytes you send to a server are enough to profile you. Large cloud providers use more and more this information to gatekeep clients or add additional steps unless you’re using a stock mainstream browser running on a mainstream operating system.

This profiling, often tied to techniques like JA4 FINGERPRINT and H2 fingerprint, analyzes network characteristics to identify the nature of you client before any meaningful interaction takes place and made.

As a MITM proxy, flxuzy can be affected by this.

However, since Fluxzy Core v1.27 and Fluxzy Desktop v1.23, we've introduced a new feature that reproduces the network fingerprints of the latest versions of popular browsers, including those implementing the post-quantum agreement X25519-MLKEM768 from September 2024.

Additionally, this update allows you to generate your own custom fingerprint using a simple configuration file.

Minimal example to get started

Fluxzy can be used as a standalone executable or a Docker container, allowing you to continue using your favorite HTTP client to send requests.

Here is the minimal rule configuration file to impersonate Chrome 131:

rule.yaml

rules:
- filter: 
    typeKind: AnyFilter # applies to any request hitting the proxy, 
                        # https://www.fluxzy.io/rule/find/?category=filter for more option
  actions:
    - typeKind: impersonateAction
      nameOrConfigFile: Chrome_Windows_131 # the name of the browser profile

For more information about rules, you can check the documentation.

Run with Fluxzy CLI

Start the proxy with the -b option to use the BouncyCastle engine, which is required for the fingerprint to work.
The CLI can be downloaded from the release page.

fluxzy start -r rule.yaml -b

Run as a docker container

Alternatively, you can find fluxzy's docker image on Docker Hub.

docker run -it -p 44344:44344 -v path_to_your_rule.yaml:/fluxzy-rule.yaml fluxzy/fluxzy:latest start -b

With .NET

If you are lucky to use the same stack as this project, there's a minimal sample to get start on the repository with Fluxzy on Nuget.

Test the Request

You can now send requests through the proxy using your favorite HTTP client. All outgoing requests will be impersonated with the specified browser's fingerprint.

curl -k -x http://localhost:44344  https://check.ja3.zone/

The option -k is used to ignore the certificate validation. To by pass this, with the command fluxzy cert, you can get the default certificate, import or generate your own certificate.

Customize your fingerprint

To go further, you can create your own impersonation profile by creating a JSON file similar to those available in the impersonate profile directory.

You can then specify the path to your configuration file in the nameOrConfigFile field of the rule.yaml file.

rule.yaml

rules:
- filter: 
    typeKind: AnyFilter
  actions:
    - typeKind: impersonateAction
      nameOrConfigFile: path_to_your_config.json

What fields of the connection properties are affected?

The impersonation affects TLS fingerprinting, HTTP/2 connection settings, and browser headers.

At the TLS level:

  • networkSettings.ja3: The basic configuration of TLS fingerprint in JA3 format. This field includes the protocol version, supported ciphersuites, TLS extensions, and elliptic curves supported by the client. You can check your JA3 fingerprint at check.ja3.zone for example.
  • networkSettings.greaseMode: GREASE mode, defined by RFC8701, is notably used by Chrome to introduce random values in the TLS handshake to prevent ossification. If not defined, GREASE mode will be inferred from the JA3 fingerprint. When enabled, this adds GREASE to: client extensions, pre-shared key, encrypted client hello, supported groups, and ciphers.
  • overrideClientExtensionsValues: A map (dictionary) of integers and base64-encoded data to override client extension values. Leave it undefined to use the default behavior.
  • networkSettings.signatureAlgorithms: Signature and hash algorithms supported by the client. Order matters here for correct JA4 fingerprinting.
  • networkSettings.earlySharedGroups: Agreement keys that will appear in the key-share extension.

At the H2 transport level:

  • h2Settings.settings: An array of settings sent by the client during announcement. Each setting has two properties: identifier (int32) and its value (int32), sent in the order they appear in the array.

At the application level:

  • headers: An array of headers sent by the client. If the skipIfExists property is set to true, the header will only be sent if it is not already present in the original request.

Notice

Currently, the built-in supported browsers are:

  • Chrome 131 (Windows and Android)
  • Firefox 133 (Windows)
  • Edge 131 (Windows)

We plan to add more browsers in the future.

Of course, not all TLS features are supported. If you modify your fingerprint to include unsupported agreements or ciphersuites for example, the connection may behave oddly or jsut fail.

Notable unsupported features include:

  • Hybrid Key Agreement: X25519-Kyber768 used in Chrome 130 and earlier.
  • Zlib Certificate Compression: Used in the latest Firefox versions but not yet controlled by popular cloud providers.

Of course, as the browser signatures are evolving very fast, we would be glad to have feedbacks as issue or pull request on the main repo.

In this page

View all articles