feat(impersonate): Export the Impersonate custom extension configuration

src/async_impl/client.rs

@@ -129,6 +129,8 @@ struct Config {
     enable_ech_grease: bool,
     #[cfg(feature = "impersonate")]
     permute_extensions: bool,
+    #[cfg(feature = "impersonate")]
+    pre_shared_key: bool,
 }
 
 impl Default for ClientBuilder {
@@ -208,14 +210,16 @@ impl ClientBuilder {
                 enable_ech_grease: false,
                 #[cfg(feature = "impersonate")]
                 permute_extensions: false,
+                #[cfg(feature = "impersonate")]
+                pre_shared_key: false,
             },
         }
     }
 
     /// Sets the necessary values to mimic the specified impersonate version.
     #[cfg(feature = "__impersonate")]
     pub fn impersonate(mut self, impersonate: Impersonate) -> ClientBuilder {
-        use crate::impersonate::profile::configure_impersonate;
+        use crate::impersonate::configure_impersonate;
 
         self.config.impersonate = impersonate;
         configure_impersonate(impersonate, self)
@@ -224,7 +228,7 @@ impl ClientBuilder {
     /// Sets the necessary values to mimic the specified impersonate version. (websocket)
     #[cfg(feature = "__impersonate")]
     pub fn impersonate_websocket(mut self, impersonate: Impersonate) -> ClientBuilder {
-        use crate::impersonate::profile::configure_impersonate;
+        use crate::impersonate::configure_impersonate;
 
         self.config.impersonate = impersonate;
         self = self.http1_only();
@@ -245,6 +249,13 @@ impl ClientBuilder {
         self
     }
 
+    /// Enable TLS pre_shared_key
+    #[cfg(feature = "__impersonate")]
+    pub fn pre_shared_key(mut self) -> ClientBuilder {
+        self.config.pre_shared_key = true;
+        self
+    }
+
     /// Returns a `Client` that uses this `ClientBuilder` configuration.
     ///
     /// # Errors
@@ -307,6 +318,7 @@ impl ClientBuilder {
                         certs_verification: config.certs_verification,
                         enable_ech_grease: config.enable_ech_grease,
                         permute_extensions: config.permute_extensions,
+                        pre_shared_key: config.pre_shared_key,
                         h2: match config.http_version_pref {
                             HttpVersionPref::Http1 => false,
                             HttpVersionPref::Http2 | HttpVersionPref::All => true,

src/blocking/client.rs

@@ -96,13 +96,18 @@ impl ClientBuilder {
         self.with_inner(move |inner| inner.enable_ech_grease())
     }
 
-
     /// Enable TLS permute_extensions
     #[cfg(feature = "__impersonate")]
     pub fn permute_extensions(self) -> ClientBuilder {
         self.with_inner(move |inner| inner.permute_extensions())
     }
 
+    /// Enable TLS pre_shared_key
+    #[cfg(feature = "__impersonate")]
+    pub fn pre_shared_key(self) -> ClientBuilder {
+        self.with_inner(move |inner| inner.pre_shared_key())
+    }
+
     /// Returns a `Client` that uses this `ClientBuilder` configuration.
     ///
     /// # Errors

src/connect.rs

@@ -195,7 +195,7 @@ impl Connector {
                     http.set_nodelay(true);
                 }
 
-                let mut http = tls.create_https_connector(&self.context, http).await?;
+                let mut http = tls.create_connector(&self.context, http).await?;
                 let io = http.call(dst).await?;
 
                 if let hyper_boring::MaybeHttpsStream::Https(stream) = io {
@@ -243,7 +243,7 @@ impl Connector {
                     let host = dst.host().ok_or("no host in url")?;
                     let port = dst.port().map(|p| p.as_u16()).unwrap_or(443);
 
-                    let mut http = tls.create_https_connector(&self.context, http.clone()).await?;
+                    let mut http = tls.create_connector(&self.context, http.clone()).await?;
                     let conn = http.call(proxy_dst).await?;
                     log::trace!("tunneling HTTPS over proxy");
                     let tunneled = tunnel(

src/impersonate/chrome/mod.rs

@@ -1,7 +1,3 @@
-use boring::{
-    error::ErrorStack,
-    ssl::{CertCompressionAlgorithm, SslConnector, SslConnectorBuilder, SslMethod, SslVersion},
-};
 pub mod v100;
 pub mod v101;
 pub mod v104;
@@ -20,17 +16,6 @@ pub mod v123;
 pub mod v124;
 pub mod v126;
 
-const SIGALGS_LIST: [&str; 8] = [
-    "ecdsa_secp256r1_sha256",
-    "rsa_pss_rsae_sha256",
-    "rsa_pkcs1_sha256",
-    "ecdsa_secp384r1_sha384",
-    "rsa_pss_rsae_sha384",
-    "rsa_pkcs1_sha384",
-    "rsa_pss_rsae_sha512",
-    "rsa_pkcs1_sha512",
-];
-
 const CIPHER_LIST: [&str; 15] = [
     "TLS_AES_128_GCM_SHA256",
     "TLS_AES_256_GCM_SHA384",
@@ -48,27 +33,3 @@ const CIPHER_LIST: [&str; 15] = [
     "TLS_RSA_WITH_AES_128_CBC_SHA",
     "TLS_RSA_WITH_AES_256_CBC_SHA",
 ];
-
-fn ssl_builder() -> Result<SslConnectorBuilder, ErrorStack> {
-    let mut builder = SslConnector::builder(SslMethod::tls_client())?;
-
-    builder.set_default_verify_paths()?;
-
-    builder.set_grease_enabled(true);
-
-    builder.enable_ocsp_stapling();
-
-    builder.set_cipher_list(&CIPHER_LIST.join(":"))?;
-
-    builder.set_sigalgs_list(&SIGALGS_LIST.join(":"))?;
-
-    builder.enable_signed_cert_timestamps();
-
-    builder.add_cert_compression_alg(CertCompressionAlgorithm::Brotli)?;
-
-    builder.set_min_proto_version(Some(SslVersion::TLS1_2))?;
-
-    builder.set_max_proto_version(Some(SslVersion::TLS1_3))?;
-
-    Ok(builder)
-}

src/impersonate/chrome/v100.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v101.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v104.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v105.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v106.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v107.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v108.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v109.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v114.rs

@@ -1,5 +1,7 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{
         ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, DNT, UPGRADE_INSECURE_REQUESTS, USER_AGENT,
@@ -9,8 +11,10 @@ use http::{
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),

src/impersonate/chrome/v116.rs

@@ -1,14 +1,18 @@
-use super::ssl_builder;
-use crate::impersonate::{BoringTlsConnector, Http2Data, ImpersonateSettings};
+use super::CIPHER_LIST;
+use crate::impersonate::extension::{ChromeExtension, Extension, SslExtension};
+use crate::impersonate::profile::{Http2Settings, ImpersonateSettings};
+use crate::impersonate::BoringTlsConnector;
 use http::{
     header::{ACCEPT, ACCEPT_ENCODING, ACCEPT_LANGUAGE, UPGRADE_INSECURE_REQUESTS, USER_AGENT},
     HeaderMap, HeaderValue,
 };
 
 pub(crate) fn get_settings(headers: HeaderMap) -> ImpersonateSettings {
     ImpersonateSettings {
-        tls_connector: BoringTlsConnector::new(ssl_builder),
-        http2: Http2Data {
+        tls_connector: BoringTlsConnector::new(|| {
+            ChromeExtension::builder()?.configure_cipher_list(&CIPHER_LIST)
+        }),
+        http2: Http2Settings {
             initial_stream_window_size: Some(6291456),
             initial_connection_window_size: Some(15728640),
             max_concurrent_streams: Some(1000),