ARCHIVED — webclaw now uses wreq for TLS fingerprinting.
This repository is archived. As of webclaw v0.3.3, the TLS fingerprinting stack has been replaced with wreq by @0x676e67, which uses BoringSSL (the same TLS library Chrome ships) and the http2 crate for HTTP/2 fingerprinting.
This repo contained surgical patches to rustls, h2, hyper, hyper-util, and reqwest to achieve browser-grade TLS + HTTP/2 fingerprinting. While the approach worked for many sites, it had fundamental limitations:
- TLS compatibility gaps — our patched rustls rejected valid server configurations (e.g. Vontobel returned
IllegalParameter). BoringSSL handles these correctly because it's the actual TLS library Chrome uses. - Solo maintenance burden — keeping 5 forked crates in sync with upstream security patches is unsustainable for a single maintainer.
- Attribution — the HTTP/2 fingerprinting concepts (SETTINGS frame ordering, pseudo-header ordering) in our h2 fork were derived from work pioneered by @0x676e67. Using his maintained library directly is both technically superior and the right thing to do.
If you need browser TLS fingerprinting in Rust:
- wreq — BoringSSL, 60+ browser profiles, HTTP/2 fingerprinting via http2. Apache-2.0 license.
- impit — patched rustls, Node.js + Python bindings, by Apify.
For web extraction with built-in fingerprinting, use webclaw directly:
brew tap 0xMassi/webclaw && brew install webclawTLS and HTTP/2 browser fingerprinting in the Rust ecosystem was pioneered by @0x676e67. His http2 crate introduced configurable SETTINGS frame ordering and pseudo-header ordering, and wreq brought BoringSSL-based TLS fingerprinting to Rust. This work powers webclaw and many other projects in the scraping community.