requests — undetectable HTTP client

Repo → aoughwl/requests Reference

An HTTP client that hands the entire TLS/JA3/JA4/HTTP-2 fingerprint off to curl-impersonate — so requests are byte-indistinguishable from a real browser at the network layer — then puts that whole machine (headers, cookies, proxies, TLS, DNS, redirects, retries, timing) under programmatic control.

import requests
let s = newSession("chrome136", proxy = "socks5h://user:pass@host:1080")
let r = s.get("https://example.com")
echo r.status, " HTTP/", r.httpVersion, " ", r.body.len, "b"
Area Control
Fingerprint 7 impersonation profiles; browser-exact ClientHello + HTTP/2 SETTINGS
HTTP/2 + HTTP/3 useHttp3 / useHttp3Only (curl-impersonate’s bundled ngtcp2 speaks real h3)
Headers verbatim ordered headers, strip/override, multi-value reads
Cookies in-memory + file-backed jar, CURLSH share across sessions
Proxy http/https/socks4/4a/5/5h + ProxyPool rotation
TLS / DNS cipher/version/mTLS overrides, pinHost (RESOLVE), interface/local-port binding
More streaming up/download, multipart, fetchAll concurrency, before/after hooks, opt-in retry/backoff, a coherence audit linter

Where BoringSSL matters — reproducing Chrome’s ClientHello — it lives here (inside curl-impersonate), not in the general-purpose tls layer. A pure-nimony port over the curl-impersonate FFI lives under nimony/.


Back to top

aoughwl — next-gen self-hosted platform for things n stuff. Reach out on Discord (timbuktu_guy) for access to the private backends.

This site uses Just the Docs, a documentation theme for Jekyll.