curl-impersonate is a specially patched version of curl that mimics the TLS and HTTP handshakes of major browsers like Chrome, Firefox, Edge, and Safari to evade client fingerprinting.
curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
This tool is primarily used by security researchers, developers, and automation engineers who need to interact with web services that perform TLS and HTTP/2 fingerprinting to differentiate browsers from automated clients. It enables these users to make HTTP requests that appear as if they originate from real browsers, helping bypass restrictive content delivery or anti-bot measures. It is also useful in API security testing and DevSecOps automation where realistic client simulation is required.
To achieve accurate browser impersonation, curl-impersonate must be compiled with specific TLS libraries (NSS or BoringSSL) depending on the target browser. Users should be aware that while this tool helps bypass fingerprinting, it does not guarantee evasion of all anti-bot or fingerprinting techniques. Regular updates may be needed to keep pace with browser changes.
Clone the repository from GitHub: git clone https://github.com/lwthiker/curl-impersonate.git
Navigate into the cloned directory: cd curl-impersonate
Build curl-impersonate using the provided Makefile: make
Optionally build Docker images using the included workflows
Use the provided wrapper scripts to run curl impersonating specific browsers./curl_chrome99 https://example.com
Run curl impersonating Chrome version 99 to make a request to example.com
./curl_chrome100 https://example.com
Run curl impersonating Chrome version 100 to make a request to example.com
curl-impersonate --ciphers <cipher-list> --curves <curve-list> -H 'User-Agent: <browser-user-agent>' https://example.com
Manually specify TLS ciphers, curves, and headers to mimic browser handshake characteristics