Forem: Zied The latest articles on Forem by Zied (@zinzied). https://forem.com/zinzied https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1803138%2F3c76dcb5-9303-498d-9ca5-a6ca12b5e96d.jpeg Forem: Zied https://forem.com/zinzied en Py-Parkour Zied Thu, 11 Dec 2025 08:32:20 +0000 https://forem.com/zinzied/py-parkour-1f5a https://forem.com/zinzied/py-parkour-1f5a <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> _____ _--_ _ | __ \ | _ \ | | | |__) | _| |_) |__ _ __| | ___ ___ _ _ _ __ | ___/ | | | _ // _` | '__| |/ / _ \| | | | '__| | | | |_| | | \ \ (_| | | | &lt; (_) | |_| | | |_| \__, |_| \_\__,_|_| |_|\_\___/ \__,_|_| __/ | |___/ </code></pre> </div> <blockquote> <p><strong>Version</strong>: 2.0.0<br><br> <strong>Author</strong>: zinzied (<a href="mailto:zinzied@gmail.com">zinzied@gmail.com</a>)</p> </blockquote> <p><a href="https://badge.fury.io/py/py-parkour" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fbadge.fury.io%2Fpy%2Fpy-parkour.svg" alt="PyPI version" width="125" height="20"></a></p> <h1> πŸƒ Py-Parkour: The Hybrid Scraper Framework </h1> <p><strong>Py-Parkour</strong> is a lightweight automation utility designed to solve the biggest annoyances in modern web scraping:</p> <ol> <li> πŸͺ <strong>Cookie Consents</strong>: Detecting and destroying GDPR/modal popups.</li> <li> 🧭 <strong>Pagination</strong>: Auto-detecting "Next" buttons or infinite scroll.</li> <li> 🎭 <strong>Verification Gates</strong>: Generating temporary identities (Email/SMS) for signups.</li> <li> πŸ‘» <strong>Hybrid Scraping</strong>: Break in with the browser, then steal the session for fast API calls.</li> <li> πŸ“‘ <strong>API Discovery</strong>: Automatically detect hidden JSON APIs.</li> </ol> <p>It turns your scraper into a <strong>workflow automation platform</strong>.</p> <h2> πŸ“¦ Installation </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>py-parkour[full] </code></pre> </div> <p>Or for development:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt playwright <span class="nb">install</span> </code></pre> </div> <h2> πŸš€ How to Use It </h2> <h3> 1. The "Unified" Bot </h3> <p>The <code>ParkourBot</code> is your main entry point. It wraps a Playwright browser and gives you access to all gadgets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">asyncio</span> <span class="kn">from</span> <span class="n">py_parkour</span> <span class="kn">import</span> <span class="n">ParkourBot</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="n">bot</span> <span class="o">=</span> <span class="nc">ParkourBot</span><span class="p">(</span><span class="n">headless</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">start</span><span class="p">()</span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">goto</span><span class="p">(</span><span class="sh">"</span><span class="s">https://target-website.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># ... use gadgets here ... </span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="nf">main</span><span class="p">())</span> </code></pre> </div> <h3> 2. πŸͺ Gadget: Crusher (Cookie Bypasser) </h3> <p>Don't write brittle selectors for every "Accept Cookies" button.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">crush_cookies</span><span class="p">()</span> </code></pre> </div> <h3> 3. 🧭 Gadget: Compass (Auto-Pagination) </h3> <p>Stop guessing if the site uses <code>?page=2</code> or a "Next &gt;" button.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">for</span> <span class="n">page_number</span> <span class="ow">in</span> <span class="n">bot</span><span class="p">.</span><span class="nf">crawl</span><span class="p">(</span><span class="n">max_pages</span><span class="o">=</span><span class="mi">10</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Scraping Page </span><span class="si">{</span><span class="n">page_number</span><span class="si">}</span><span class="s">: </span><span class="si">{</span><span class="n">bot</span><span class="p">.</span><span class="n">current_url</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 4. 🎭 Gadget: Disguises (Temp Identity) </h3> <p>Need to sign up to view data? Generate a burner identity.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">identity</span> <span class="o">=</span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="n">identity</span><span class="p">.</span><span class="nf">generate_identity</span><span class="p">(</span><span class="n">country</span><span class="o">=</span><span class="sh">"</span><span class="s">US</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Using email: </span><span class="si">{</span><span class="n">identity</span><span class="p">.</span><span class="n">email</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">code</span> <span class="o">=</span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="n">identity</span><span class="p">.</span><span class="nf">wait_for_code</span><span class="p">()</span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="n">driver</span><span class="p">.</span><span class="n">page</span><span class="p">.</span><span class="nf">fill</span><span class="p">(</span><span class="sh">"</span><span class="s">#otp-input</span><span class="sh">"</span><span class="p">,</span> <span class="n">code</span><span class="p">)</span> </code></pre> </div> <h3> 5. ✨ The "Magic" Auto-Setup </h3> <p>Try to automate the entire signup flow (Experimental).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">auto_setup_identity</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com/signup</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 6. πŸ‘» Gadget: Shadow (Session Bridge) ⭐ NEW </h3> <p>Stop choosing between "fast" (requests) and "capable" (browser). Use both.<br> Break in with the browser, then steal the session for high-speed API calls.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># 1. Login with the browser </span><span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">goto</span><span class="p">(</span><span class="sh">"</span><span class="s">https://target.com/login</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># ... do login stuff ... </span> <span class="c1"># 2. Transfer the session to a fast aiohttp client </span><span class="k">async</span> <span class="k">with</span> <span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="n">shadow</span><span class="p">.</span><span class="nf">create_session</span><span class="p">()</span> <span class="k">as</span> <span class="n">session</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://target.com/api/secret-data</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">resp</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="k">await</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> </code></pre> </div> <h3> 7. πŸ“‘ Gadget: Radar (API Detector) ⭐ NEW </h3> <p>Why scrape HTML if there's a hidden API? Radar listens to background traffic.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">await</span> <span class="n">bot</span><span class="p">.</span><span class="nf">goto</span><span class="p">(</span><span class="sh">"</span><span class="s">https://complex-spa-site.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Check what we found </span><span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Latest JSON found: </span><span class="si">{</span><span class="n">bot</span><span class="p">.</span><span class="n">radar</span><span class="p">.</span><span class="n">latest_json</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Replay captured requests </span><span class="k">for</span> <span class="n">req</span> <span class="ow">in</span> <span class="n">bot</span><span class="p">.</span><span class="n">radar</span><span class="p">.</span><span class="n">requests</span><span class="p">:</span> <span class="k">if</span> <span class="sh">"</span><span class="s">api/v1/users</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">req</span><span class="p">[</span><span class="sh">'</span><span class="s">url</span><span class="sh">'</span><span class="p">]:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Found User API: </span><span class="si">{</span><span class="n">req</span><span class="p">[</span><span class="sh">'</span><span class="s">url</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> 🎯 Where to use it? </h2> <p>Py-Parkour is best for:</p> <ol> <li> <strong>Complex Scraping</strong>: Sites that require login or have heavy popups.</li> <li> <strong>QA Automation</strong>: Testing "User Registration" flows without using real email addresses.</li> <li> <strong>Bot Development</strong>: Quickly spinning up bots that need to pass "verify your email" checks.</li> <li> <strong>API Hunting</strong>: Discovering undocumented APIs behind SPAs.</li> </ol> <h2> πŸ— Architecture </h2> <ul> <li> <strong>Core</strong>: Async Playwright wrapper.</li> <li> <strong>Gadgets</strong>: Modular tools attached to the bot (<code>.crusher</code>, <code>.compass</code>, <code>.identity</code>, <code>.shadow</code>, <code>.radar</code>).</li> </ul> <p><em>Built with ❀️ for Scrapers who hate boilerplate.</em></p> tooling showdev automation python TLS-Chameleon Zied Thu, 11 Dec 2025 08:28:34 +0000 https://forem.com/zinzied/tls-chameleon-5a29 https://forem.com/zinzied/tls-chameleon-5a29 <h1> <a href="https://github.com/zinzied/TLS-Chameleon" rel="noopener noreferrer">TLS-Chameleon</a> </h1> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Faa4fe457-30c5-49f6-ba7b-1d8604816d81" class="article-body-image-wrapper"><img alt="TLSChameleom" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fuser-attachments%2Fassets%2Faa4fe457-30c5-49f6-ba7b-1d8604816d81" width="600" height="327"></a></p> <p>Anti-Fingerprinting HTTP client that spoofs real browser TLS fingerprints with a simple, requests-like API.</p> <h2> πŸš€ Features </h2> <ul> <li> <strong>TLS Fingerprint Spoofing</strong>: Built-in profiles for Chrome, Firefox, Safari (uses <code>curl_cffi</code> for realistic signatures).</li> <li> <strong>Persistent Sessions</strong>: Proper cookie handling and connection pooling (just like <code>requests.Session</code>).</li> <li> <strong>Magnet Module 🧲</strong>: One-line data extraction (Emails, Tables, Forms, JSON-LD, Links).</li> <li> <strong>Smart Static ⚑</strong>: Automatically fetch page assets (CSS/JS/Images) to mimic real browser traffic.</li> <li> <strong>Auto-Form πŸ“</strong>: Find and submit forms automatically, handling hidden inputs and CSRF tokens.</li> <li> <strong>Humanize 🧠</strong>: Built-in delays to mimic human reading/typing speed.</li> <li> <strong>Resilience</strong>: Auto-rotation of proxies/profiles upon blocking (403/429/Cloudflare).</li> </ul> <h2> πŸ†š Why use this vs curl_cffi? </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Raw curl_cffi</th> <th>TLS-Chameleon</th> </tr> </thead> <tbody> <tr> <td><strong>TLS Spoofing</strong></td> <td>You must manually set <code>impersonate="chrome110"</code> </td> <td> <strong>Auto-Rotation</strong>: It likely has logic to rotate these so you don't get stuck on one.</td> </tr> <tr> <td><strong>Asset Loading</strong></td> <td>You just get the HTML.</td> <td> <code>mimic_assets=True</code>: It parses the HTML and fetches CSS/JS/Images to look like a "real" browser visit (very important for some anti-bots).</td> </tr> <tr> <td><strong>Forms</strong></td> <td>You must manually parse CSRF tokens and hidden fields.</td> <td> <code>client.submit_form()</code>: It finds the form, keeps the hidden tokens, and submits for you.</td> </tr> <tr> <td><strong>Data Extraction</strong></td> <td>You need to use BeautifulSoup manually.</td> <td> <strong>Magnet Module</strong>: It has built-in extractors for emails, tables, and json_ld.</td> </tr> </tbody> </table></div> <h2> πŸ“¦ Install </h2> <p>You can install <code>TLS-Chameleon</code> directly from PyPI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>tls-chameleon[curl] </code></pre> </div> <blockquote> <p><strong>Note</strong>: The <code>[curl]</code> extra is required for TLS fingerprint spoofing.</p> </blockquote> <h2> ⚑ Quick Start </h2> <h3> 1. Simple Requests (Drop-in) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">tls_chameleon</span> <span class="kn">import</span> <span class="n">get</span> <span class="c1"># One-line spoofing </span><span class="n">r</span> <span class="o">=</span> <span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://httpbin.org/get</span><span class="sh">"</span><span class="p">,</span> <span class="n">fingerprint</span><span class="o">=</span><span class="sh">"</span><span class="s">chrome_124</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="nf">json</span><span class="p">())</span> </code></pre> </div> <h3> 2. Persistent Session (Recommended) </h3> <p>Use <code>Session</code> (alias for <code>TLSChameleon</code>) to maintain cookies across requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">tls_chameleon</span> <span class="kn">import</span> <span class="n">Session</span> <span class="k">with</span> <span class="nc">Session</span><span class="p">(</span><span class="n">fingerprint</span><span class="o">=</span><span class="sh">"</span><span class="s">chrome_120</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="c1"># First request sets cookies </span> <span class="n">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://github.com/login</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Second request sends them back! </span> <span class="n">r</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://github.com/settings</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 3. Magnet Extraction 🧲 </h3> <h4> AI Extraction (New! ✨) </h4> <p>Use <strong>Gemini</strong>, <strong>Claude</strong>, or <strong>OpenAI (ChatGPT/Grok)</strong> to extract data intelligently without regex.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install AI support</span> pip <span class="nb">install </span>tls-chameleon[ai] </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">r</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://news.ycombinator.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># 1. Google Gemini (Default) </span><span class="nf">print</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">ask</span><span class="p">(</span><span class="sh">"</span><span class="s">Summary</span><span class="sh">"</span><span class="p">,</span> <span class="n">provider</span><span class="o">=</span><span class="sh">"</span><span class="s">gemini</span><span class="sh">"</span><span class="p">))</span> <span class="c1"># 2. Anthropic Claude </span><span class="nf">print</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">ask</span><span class="p">(</span><span class="sh">"</span><span class="s">Summary</span><span class="sh">"</span><span class="p">,</span> <span class="n">provider</span><span class="o">=</span><span class="sh">"</span><span class="s">anthropic</span><span class="sh">"</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">claude-3-opus-20240229</span><span class="sh">"</span><span class="p">))</span> <span class="c1"># 3. OpenAI / Grok # (Set OPENAI_API_KEY or pass api_key=...) </span><span class="nf">print</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">ask</span><span class="p">(</span><span class="sh">"</span><span class="s">Summary</span><span class="sh">"</span><span class="p">,</span> <span class="n">provider</span><span class="o">=</span><span class="sh">"</span><span class="s">openai</span><span class="sh">"</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4o</span><span class="sh">"</span><span class="p">))</span> </code></pre> </div> <h4> Standard Extractors </h4> <p>Don't write regex. Let Magnet do it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">r</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com/contact</span><span class="sh">"</span><span class="p">)</span> <span class="n">emails</span> <span class="o">=</span> <span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">emails</span><span class="p">()</span> <span class="c1"># ['support@example.com'] </span><span class="n">tables</span> <span class="o">=</span> <span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">tables</span><span class="p">()</span> <span class="c1"># [['Row1', 'Val1'], ...] </span><span class="n">links</span> <span class="o">=</span> <span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">links</span><span class="p">()</span> <span class="n">forms</span> <span class="o">=</span> <span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">get_forms</span><span class="p">()</span> <span class="c1"># List of parsed forms </span><span class="n">json_data</span> <span class="o">=</span> <span class="n">r</span><span class="p">.</span><span class="n">magnet</span><span class="p">.</span><span class="nf">json_ld</span><span class="p">()</span> <span class="c1"># Schema.org data </span></code></pre> </div> <h3> 4. Cookie Persistence πŸͺ </h3> <p>Save your session to a Netscape-formatted file (compatible with wget/curl) to use later.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Save </span><span class="n">client</span><span class="p">.</span><span class="nf">save_cookies</span><span class="p">(</span><span class="sh">"</span><span class="s">cookies.txt</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Load later </span><span class="n">client</span><span class="p">.</span><span class="nf">load_cookies</span><span class="p">(</span><span class="sh">"</span><span class="s">cookies.txt</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 4. Smart Features </h3> <p><strong>Mimic Real Browser Traffic</strong> (Fetches static assets in background):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">client</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">mimic_assets</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><strong>Auto-Submit Forms</strong> (Handles hidden fields automatically):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Finds &lt;form&gt;, fills 'user'/'pass', keeps hidden tokens, POSTs to action. </span><span class="n">client</span><span class="p">.</span><span class="nf">submit_form</span><span class="p">(</span><span class="sh">"</span><span class="s">https://site.com/login</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">myuser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">mypassword</span><span class="sh">"</span> <span class="p">})</span> </code></pre> </div> <p><strong>Humanize Delays</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">client</span><span class="p">.</span><span class="nf">human_delay</span><span class="p">(</span><span class="n">reading_speed</span><span class="o">=</span><span class="sh">"</span><span class="s">fast</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Sleeps randomly based on speed </span></code></pre> </div> <h2> πŸ›  API Reference </h2> <h3> <code>Session(fingerprint=..., site=..., ...)</code> </h3> <ul> <li> <code>fingerprint</code>: "chrome_120", "firefox_120", "mobile_safari_17".</li> <li> <code>site</code>: "cloudflare" or "akamai" (presets for retries/headers).</li> <li> <code>randomize_ciphers</code>: True/False (shuffles cipher suite order).</li> <li> <code>proxies</code>: <code>http://user:pass@host:port</code> </li> </ul> <h3> Response Object </h3> <p>The response object wraps <code>curl_cffi.Response</code> or <code>httpx.Response</code> but adds:</p> <ul> <li> <code>.magnet</code>: Access extraction tools.</li> <li> <code>.json_fuzzy()</code>: Parse broken/JSONP responses.</li> </ul> <h2> 🀝 Contributing </h2> <p>Issues and Pull Requests welcome!</p> <h2> πŸ“œ License </h2> <p>MIT</p> <h2> 🚨 Is this library failing on a specific site? </h2> <p>Please <a href="https://github.com/zinzied/TLS-Chameleon/issues" rel="noopener noreferrer">open an issue</a> with the URL! I need test cases to improve the fingerprinting logic.</p> tooling security opensource python AI-cloudscraper Zied Thu, 11 Dec 2025 07:12:48 +0000 https://forem.com/zinzied/cloudscraper-enhanced-1m4 https://forem.com/zinzied/cloudscraper-enhanced-1m4 <h1> CloudScraper v3.5.0 πŸš€ - AI &amp; Hybrid Engine Update </h1> <p>A powerful, feature-rich Python library to bypass Cloudflare's anti-bot protection with <strong>10 production-ready bypass strategies</strong>, cutting-edge advanced stealth capabilities, async support, and comprehensive monitoring. This <strong>Hybrid Edition</strong> includes the revolutionary <strong>Hybrid Engine</strong>, integrating <code>TLS-Chameleon</code> and <code>Py-Parkour</code> for the ultimate bypass capability now powered by <strong>Google Gemini AI</strong>.</p> <h2> πŸ”₯ <strong>NEW: AI Captcha Bypass (v3.4.0)</strong> - Vision-Powered Solving </h2> <p>The scraper now deeply integrates <strong>Google Gemini 1.5 Flash</strong> to solve complex visual challenges like <strong>reCAPTCHA v2</strong>:</p> <ol> <li> <strong>Visual Understanding</strong>: Analyzes instruction images (e.g., "Select all traffic lights") and identifies target objects.</li> <li> <strong>Intelligent Solving</strong>: Visually inspects every tile, matches objects, and solves the puzzle just like a human.</li> <li> <strong>Fast &amp; Cheap</strong>: Uses Gemini 1.5 Flash for millisecond latency.</li> </ol> <h3> βœ… Verified Features </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Status</th> </tr> </thead> <tbody> <tr> <td>reCAPTCHA v2 Solving</td> <td>βœ… Tested</td> </tr> <tr> <td>Text Captcha (Generic)</td> <td>βœ… Tested</td> </tr> <tr> <td>Hybrid Engine</td> <td>βœ… Tested</td> </tr> <tr> <td>Cloudflare Bypass</td> <td>βœ… Tested</td> </tr> </tbody> </table></div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Pass your Google API Key to enable AI Solving </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">interpreter</span><span class="o">=</span><span class="sh">'</span><span class="s">hybrid</span><span class="sh">'</span><span class="p">,</span> <span class="n">google_api_key</span><span class="o">=</span><span class="sh">'</span><span class="s">YOUR_GEMINI_API_KEY</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># Proxies are automatically used for AI requests too! </span> <span class="n">rotating_proxies</span><span class="o">=</span><span class="p">[</span><span class="sh">'</span><span class="s">http://user:pass@proxy:port</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="c1"># For Complicated Text Captchas (Non-Standard) </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">interpreter</span><span class="o">=</span><span class="sh">'</span><span class="s">hybrid</span><span class="sh">'</span><span class="p">,</span> <span class="n">google_api_key</span><span class="o">=</span><span class="sh">'</span><span class="s">YOUR_GEMINI_API_KEY</span><span class="sh">'</span><span class="p">,</span> <span class="n">captcha</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">text_captcha</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">selector</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">#captcha-image</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># CSS selector for the image </span> <span class="sh">'</span><span class="s">input_selector</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">#captcha-input</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># CSS selector for the input </span> <span class="sh">'</span><span class="s">submit_selector</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">#submit-btn</span><span class="sh">'</span> <span class="c1"># Optional: submit button </span> <span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h2> πŸ”₯ <strong>Hybrid Engine</strong> - The Ultimate Solution </h2> <p>The <strong>Hybrid Engine</strong> is a game-changer that combines two powerful technologies:</p> <ol> <li> <strong>TLS-Chameleon (<code>curl_cffi</code>)</strong>: Provides perfect TLS fingerprinting (JA3/JA4) to mimic real browsers at the network layer.</li> <li> <strong>Py-Parkour (<code>playwright</code>)</strong>: A "Browser Bridge" that seamlessly launches a real browser to solve complex JavaScript challenges (Turnstile, reCAPTCHA v3) only when needed, then hands the session back to the efficient scraper.</li> </ol> <p><strong>Why use Hybrid?</strong></p> <ul> <li> <strong>Speed</strong>: Uses lightweight HTTP requests for 99% of work.</li> <li> <strong>Power</strong>: Falls back to a real browser <em>only</em> for seconds to solve a challenge.</li> <li> <strong>Stealth</strong>: Perfect TLS fingerprints + Real Browser interactions.</li> <li> <strong>Simplicity</strong>: No complex setupβ€”just <code>interpreter='hybrid'</code>.</li> </ul> <h3> ✨ <strong>Key Features</strong> </h3> <ul> <li> <strong>πŸ›‘οΈ Hybrid Engine</strong>: Automatically switches between lightweight requests and real browser solving</li> <li> <strong>πŸ€– AI Captcha Solver</strong>: Solves reCAPTCHA v2 using Google Gemini Vision</li> <li> <strong>πŸ” TLS Fingerprinting</strong>: JA3 fingerprint rotation with real browser signatures (Chrome, Firefox, Safari) via <code>tls-chameleon</code> </li> <li> <strong>πŸ•΅οΈ Traffic Pattern Obfuscation</strong>: Intelligent request spacing and behavioral consistency</li> <li> <strong>🧠 Intelligent Challenge Detection</strong>: AI-powered challenge recognition</li> <li> <strong>⚑ Async Support</strong>: Check <code>async_cloudscraper</code> for non-blocking operations</li> </ul> <h2> πŸš€ <strong>NEW: Phase 1 &amp; 2 - Industrial Strength Bypass</strong> (v3.1.2+) </h2> <p>This version includes <strong>10 production-ready bypass strategies</strong>:</p> <h3> <strong>Phase 1: Foundation Features</strong> </h3> <h4> 1. 🧬 <strong>The Hybrid Engine</strong> (Introduced in v3.3.0) </h4> <p>The most powerful mode available. Requires <code>cloudscraper[hybrid]</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Install with: pip install cloudscraper[hybrid] </span> <span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">interpreter</span><span class="o">=</span><span class="sh">'</span><span class="s">hybrid</span><span class="sh">'</span><span class="p">,</span> <span class="n">impersonate</span><span class="o">=</span><span class="sh">'</span><span class="s">chrome120</span><span class="sh">'</span><span class="p">,</span> <span class="c1"># Optional: Force specific fingerprint </span> <span class="n">google_api_key</span><span class="o">=</span><span class="sh">'</span><span class="s">YOUR_API_KEY</span><span class="sh">'</span> <span class="c1"># Optional: For AI Captcha solving </span><span class="p">)</span> <span class="n">scraper</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://hight-security-site.com</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h4> 2. πŸͺ <strong>Cookie Harvesting &amp; Persistence</strong> </h4> <ul> <li>Auto-saves <code>cf_clearance</code> cookies after successful bypasses </li> <li>Reuses cookies for 30-60 minutes (configurable TTL)</li> <li> <strong>70-90% reduction</strong> in repeat challenge encounters</li> <li>Storage: <code>~/.cloudscraper/cookies/</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Enabled by default! </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">enable_cookie_persistence</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">cookie_ttl</span><span class="o">=</span><span class="mi">1800</span> <span class="c1"># 30 minutes </span><span class="p">)</span> </code></pre> </div> <h4> 2. 🎯 <strong>Hybrid Captcha Solver</strong> </h4> <ul> <li>Tries AI OCR β†’ AI Object Detection β†’ 2Captcha in sequence</li> <li>Automatic fallback on failure</li> <li> <strong>3-5x higher solve rate</strong> vs single solver </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">captcha</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">provider</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">hybrid</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">primary</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">ai_ocr</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">fallbacks</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">ai_obj_det</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">2captcha</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">2captcha</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">api_key</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">YOUR_KEY</span><span class="sh">'</span><span class="p">}</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <h4> 3. 🌐 <strong>Browser Automation Helper</strong> </h4> <ul> <li>Uses Playwright to launch real browser when all else fails</li> <li>Ultimate fallback with <strong>99% success rate</strong> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cloudscraper.browser_helper</span> <span class="kn">import</span> <span class="n">create_browser_helper</span> <span class="n">browser</span> <span class="o">=</span> <span class="nf">create_browser_helper</span><span class="p">(</span><span class="n">headless</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">cookies</span> <span class="o">=</span> <span class="n">browser</span><span class="p">.</span><span class="nf">solve_challenge_and_get_cookies</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="n">scraper</span><span class="p">.</span><span class="n">cookies</span><span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="n">cookies</span><span class="p">)</span> </code></pre> </div> <h4> 4. ⏱️ <strong>Enhanced Human Behavior Simulation</strong> </h4> <ul> <li>Content-aware delays (text vs images vs API)</li> <li>Mouse movement simulation</li> <li>Fingerprint resistance</li> </ul> <h3> <strong>Phase 2: Advanced Strategies</strong> </h3> <h4> 5. πŸ”Œ <strong>Circuit Breaker Pattern</strong> </h4> <ul> <li>Prevents infinite retry loops</li> <li>Opens after 3 consecutive failures (configurable)</li> <li>Auto-retry after timeout </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Enabled by default! </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">enable_circuit_breaker</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">circuit_failure_threshold</span><span class="o">=</span><span class="mi">3</span><span class="p">,</span> <span class="n">circuit_timeout</span><span class="o">=</span><span class="mi">60</span> <span class="p">)</span> </code></pre> </div> <h4> 6. πŸ”„ <strong>Session Pool (Multi-Fingerprint Distribution)</strong> </h4> <ul> <li>Maintains pool of 3-10 scraper instances</li> <li>Each with unique browser fingerprint</li> <li>Round-robin / random / least-used rotation </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cloudscraper.session_pool</span> <span class="kn">import</span> <span class="n">SessionPool</span> <span class="n">pool</span> <span class="o">=</span> <span class="nc">SessionPool</span><span class="p">(</span><span class="n">pool_size</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">rotation_strategy</span><span class="o">=</span><span class="sh">'</span><span class="s">round_robin</span><span class="sh">'</span><span class="p">)</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">pool</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">https://protected-site.com</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <h4> 7. ⚑ <strong>Smart Rate Limiter</strong> </h4> <ul> <li>Adaptive per-domain delays</li> <li>Learns from 429/503 responses</li> <li>Burst prevention </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cloudscraper.rate_limiter</span> <span class="kn">import</span> <span class="n">SmartRateLimiter</span> <span class="n">limiter</span> <span class="o">=</span> <span class="nc">SmartRateLimiter</span><span class="p">(</span><span class="n">default_delay</span><span class="o">=</span><span class="mf">1.0</span><span class="p">,</span> <span class="n">burst_limit</span><span class="o">=</span><span class="mi">10</span><span class="p">)</span> <span class="n">limiter</span><span class="p">.</span><span class="nf">wait_if_needed</span><span class="p">(</span><span class="n">domain</span><span class="p">)</span> </code></pre> </div> <h4> 8. πŸ” <strong>TLS Fingerprint Rotator</strong> </h4> <ul> <li>6+ real browser JA3 signatures (Chrome, Firefox, Safari, Edge)</li> <li>Auto-rotation every N requests </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cloudscraper.tls_rotator</span> <span class="kn">import</span> <span class="n">TLSFingerprintRotator</span> <span class="n">rotator</span> <span class="o">=</span> <span class="nc">TLSFingerprintRotator</span><span class="p">(</span><span class="n">rotation_interval</span><span class="o">=</span><span class="mi">10</span><span class="p">)</span> <span class="n">fp</span> <span class="o">=</span> <span class="n">rotator</span><span class="p">.</span><span class="nf">get_fingerprint</span><span class="p">()</span> <span class="c1"># chrome_120, firefox_122, etc. </span></code></pre> </div> <h4> 9. 🧠 <strong>Challenge Prediction System (ML-based)</strong> </h4> <ul> <li>Learns which domains use which challenges</li> <li>Auto-configuration based on history</li> <li>SQLite storage: <code>~/.cloudscraper/challenges.db</code> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">cloudscraper.challenge_predictor</span> <span class="kn">import</span> <span class="n">ChallengePredictor</span> <span class="n">predictor</span> <span class="o">=</span> <span class="nc">ChallengePredictor</span><span class="p">()</span> <span class="n">predicted</span> <span class="o">=</span> <span class="n">predictor</span><span class="p">.</span><span class="nf">predict_challenge</span><span class="p">(</span><span class="sh">'</span><span class="s">example.com</span><span class="sh">'</span><span class="p">)</span> <span class="n">config</span> <span class="o">=</span> <span class="n">predictor</span><span class="p">.</span><span class="nf">get_recommended_config</span><span class="p">(</span><span class="sh">'</span><span class="s">example.com</span><span class="sh">'</span><span class="p">)</span> <span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span><span class="o">**</span><span class="n">config</span><span class="p">)</span> </code></pre> </div> <h4> 10. 🎭 <strong>Enhanced Timing</strong> (from Phase 1) </h4> <ul> <li>Content-type aware delays</li> <li>Adaptive reading time calculation</li> </ul> <h3> πŸ“Š <strong>Success Rate Comparison</strong> </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Configuration</th> <th>Success Rate</th> <th>Speed</th> <th>Use Case</th> </tr> </thead> <tbody> <tr> <td>Default (V1 + Cookies + Circuit Breaker)</td> <td>70-80%</td> <td>Fast</td> <td>Most sites</td> </tr> <tr> <td>+ Hybrid Solver</td> <td>85-95%</td> <td>Medium</td> <td>Sites with captchas</td> </tr> <tr> <td>+ Session Pool</td> <td>90-95%</td> <td>Medium</td> <td>Pattern detection</td> </tr> <tr> <td>+ Browser Fallback</td> <td>99%+</td> <td>Slow</td> <td>Hardest sites</td> </tr> </tbody> </table></div> <h3> πŸ“š <strong>Documentation</strong> </h3> <p>See <a href="//ENHANCED_FEATURES.md">ENHANCED_FEATURES.md</a> for detailed documentation on all bypass strategies.</p> <h2> β˜• Support This Project </h2> <p>If you find this library useful, consider supporting its development:</p> <p><a href="https://www.buymeacoffee.com/zied" rel="noopener noreferrer"><br> <img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fcdn.buymeacoffee.com%2Fbuttons%2Fv2%2Fdefault-yellow.png" alt="Buy Me A Coffee" width="545" height="153"><br> </a></p> <h2> Installation </h2> <blockquote> <p>[!NOTE]<br> This is a maintained fork of the original cloudscraper library. <br> You can use this version (<code>ai-cloudscraper</code>) as a drop-in replacement while waiting for updates to the original library, or continue using it as your primary driver as we will consistently update it with the latest anti-detection technologies.<br> </p> </blockquote> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install maintained version (Recommended)</span> pip <span class="nb">install </span>ai-cloudscraper <span class="c"># Install with AI solvers (Phase 1)</span> pip <span class="nb">install </span>ai-cloudscraper[ai] <span class="c"># Install with browser automation (Phase 1)</span> pip <span class="nb">install </span>ai-cloudscraper[browser] <span class="c"># Or install from source (Development)</span> pip <span class="nb">install</span> <span class="nt">-e</span> <span class="nb">.</span> </code></pre> </div> <h2> πŸš€ Quick Start </h2> <h3> Basic Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">cloudscraper</span> <span class="c1"># Create a CloudScraper instance (cookie persistence + circuit breaker enabled by default) </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">()</span> <span class="c1"># Use it like a regular requests session </span><span class="n">response</span> <span class="o">=</span> <span class="n">scraper</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://protected-site.com</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">.</span><span class="n">text</span><span class="p">)</span> </code></pre> </div> <h3> Using Phase 1 &amp; 2 Features </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">cloudscraper</span> <span class="kn">from</span> <span class="n">cloudscraper.session_pool</span> <span class="kn">import</span> <span class="n">SessionPool</span> <span class="kn">from</span> <span class="n">cloudscraper.challenge_predictor</span> <span class="kn">import</span> <span class="n">ChallengePredictor</span> <span class="c1"># Option 1: Default (Recommended for most sites) </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">()</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">scraper</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">https://protected-site.com</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Option 2: With hybrid solver </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">captcha</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">provider</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">hybrid</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">fallbacks</span><span class="sh">'</span><span class="p">:</span> <span class="p">[</span><span class="sh">'</span><span class="s">ai_ocr</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">2captcha</span><span class="sh">'</span><span class="p">],</span> <span class="sh">'</span><span class="s">2captcha</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span><span class="sh">'</span><span class="s">api_key</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">YOUR_KEY</span><span class="sh">'</span><span class="p">}</span> <span class="p">}</span> <span class="p">)</span> <span class="c1"># Option 3: Session pool for maximum stealth </span><span class="n">pool</span> <span class="o">=</span> <span class="nc">SessionPool</span><span class="p">(</span><span class="n">pool_size</span><span class="o">=</span><span class="mi">5</span><span class="p">,</span> <span class="n">rotation_strategy</span><span class="o">=</span><span class="sh">'</span><span class="s">round_robin</span><span class="sh">'</span><span class="p">)</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">pool</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">https://protected-site.com</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Option 4: Challenge predictor for smart configuration </span><span class="n">predictor</span> <span class="o">=</span> <span class="nc">ChallengePredictor</span><span class="p">()</span> <span class="n">config</span> <span class="o">=</span> <span class="n">predictor</span><span class="p">.</span><span class="nf">get_recommended_config</span><span class="p">(</span><span class="sh">'</span><span class="s">target-domain.com</span><span class="sh">'</span><span class="p">)</span> <span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span><span class="o">**</span><span class="n">config</span><span class="p">)</span> </code></pre> </div> <h2> How It Works </h2> <p>Cloudflare's anti-bot protection works by presenting JavaScript challenges that must be solved before accessing the protected content. cloudscraper:</p> <ol> <li> <strong>Detects</strong> Cloudflare challenges automatically</li> <li> <strong>Solves</strong> JavaScript challenges using embedded interpreters</li> <li> <strong>Maintains</strong> session state and cookies</li> <li> <strong>Returns</strong> the protected content seamlessly</li> </ol> <h2> Dependencies </h2> <ul> <li>Python 3.8+</li> <li>requests &gt;= 2.32.0</li> <li>requests_toolbelt &gt;= 1.0.0</li> <li>js2py &gt;= 0.74 (default JavaScript interpreter)</li> <li>Additional dependencies listed in requirements.txt</li> </ul> <h3> Optional Dependencies </h3> <p><strong>Phase 1 AI Solvers:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>ddddocr ultralytics pillow </code></pre> </div> <p><strong>Phase 1 Browser Automation:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>playwright playwright <span class="nb">install </span>chromium </code></pre> </div> <p><strong>Phase 2 features require NO additional dependencies</strong> - everything is included!</p> <h2> JavaScript Interpreters </h2> <p>cloudscraper supports multiple JavaScript interpreters:</p> <ul> <li> <strong>js2py</strong> (default) - Pure Python implementation</li> <li> <strong>nodejs</strong> - Requires Node.js installation</li> <li> <strong>native</strong> - Built-in Python solver</li> </ul> <h2> Basic Configuration </h2> <h3> Browser Selection </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Use Chrome fingerprint </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span><span class="n">browser</span><span class="o">=</span><span class="sh">'</span><span class="s">chrome</span><span class="sh">'</span><span class="p">)</span> <span class="c1"># Use Firefox fingerprint </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span><span class="n">browser</span><span class="o">=</span><span class="sh">'</span><span class="s">firefox</span><span class="sh">'</span><span class="p">)</span> </code></pre> </div> <h3> Proxy Support </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Single proxy </span><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">()</span> <span class="n">scraper</span><span class="p">.</span><span class="n">proxies</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">http</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">http://proxy:8080</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">https</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">http://proxy:8080</span><span class="sh">'</span> <span class="p">}</span> </code></pre> </div> <h3> CAPTCHA Solver Integration </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">scraper</span> <span class="o">=</span> <span class="n">cloudscraper</span><span class="p">.</span><span class="nf">create_scraper</span><span class="p">(</span> <span class="n">captcha</span><span class="o">=</span><span class="p">{</span> <span class="sh">'</span><span class="s">provider</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">2captcha</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">api_key</span><span class="sh">'</span><span class="p">:</span> <span class="sh">'</span><span class="s">your_api_key</span><span class="sh">'</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>Supported CAPTCHA providers:</p> <ul> <li>2captcha</li> <li>anticaptcha</li> <li>CapSolver</li> <li>CapMonster Cloud # Try maximum stealth configuration scraper = cloudscraper.create_scraper( enable_tls_fingerprinting=True, enable_anti_detection=True, enable_enhanced_spoofing=True, spoofing_consistency_level='high', enable_adaptive_timing=True, behavior_profile='research', # Slowest, most careful stealth_options={ 'min_delay': 3.0, 'max_delay': 10.0, 'human_like_delays': True } )</li> </ul> <h1> Enable maximum stealth mode </h1> <p>scraper.enable_maximum_stealth()<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> **Challenge detection not working?** </code></pre> </div> <p><br> python</p> <h1> Add custom challenge patterns </h1> <p>scraper.intelligent_challenge_system.add_custom_pattern(<br> domain='problem-site.com',<br> pattern_name='Custom Challenge',<br> patterns=[r'custom.+challenge.+text'],<br> challenge_type='custom',<br> response_strategy='delay_retry'<br> )<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> **Want to optimize for specific domains?** </code></pre> </div> <p><br> python</p> <h1> Make several learning requests first </h1> <p>for i in range(5):<br> try:<br> response = scraper.get('<a href="https://target-site.com/test'" rel="noopener noreferrer">https://target-site.com/test'</a>)<br> except Exception:<br> pass</p> <h1> Then optimize for the domain </h1> <p>scraper.optimize_for_domain('target-site.com')<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> **Check enhanced system status:** </code></pre> </div> <p><br> python<br> stats = scraper.get_enhanced_statistics()<br> for system, status in stats.items():<br> print(f"{system}: {status}")</p> <h1> Get ML optimization report </h1> <p>if hasattr(scraper, 'ml_optimizer'):<br> report = scraper.ml_optimizer.get_optimization_report()<br> print(f"Success rate: {report.get('global_success_rate', 0):.2%}")<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ### Common Issues **Challenge solving fails:** </code></pre> </div> <p><br> python</p> <h1> Try different interpreter </h1> <p>scraper = cloudscraper.create_scraper(interpreter='nodejs')</p> <h1> Increase delay </h1> <p>scraper = cloudscraper.create_scraper(delay=10)</p> <h1> Enable debug mode </h1> <p>scraper = cloudscraper.create_scraper(debug=True)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> **403 Forbidden errors:** </code></pre> </div> <p><br> python</p> <h1> Enable stealth mode </h1> <p>scraper = cloudscraper.create_scraper(<br> enable_stealth=True,<br> auto_refresh_on_403=True<br> )<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> **Slow performance:** </code></pre> </div> <p><br> python</p> <h1> Use faster interpreter </h1> <p>scraper = cloudscraper.create_scraper(interpreter='native')<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ### Debug Mode Enable debug mode to see what's happening: </code></pre> </div> <p><br> python<br> scraper = cloudscraper.create_scraper(debug=True)<br> response = scraper.get("<a href="https://example.com%22" rel="noopener noreferrer">https://example.com"</a>)</p> <h1> Debug output shows: </h1> <h1> - Challenge type detected </h1> <h1> - JavaScript interpreter used </h1> <h1> - Challenge solving process </h1> <h1> - Final response status </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ## πŸ”§ Enhanced Configuration Options ### πŸ”₯ **Enhanced Bypass Parameters** (NEW) | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `enable_tls_fingerprinting` | boolean | True | Enable advanced TLS fingerprinting | | `enable_tls_rotation` | boolean | True | Rotate TLS fingerprints automatically | | `enable_anti_detection` | boolean | True | Enable traffic pattern obfuscation | | `enable_enhanced_spoofing` | boolean | True | Enable Canvas/WebGL spoofing | | `spoofing_consistency_level` | string | 'medium' | Spoofing consistency ('low', 'medium', 'high') | | `enable_intelligent_challenges` | boolean | True | Enable AI challenge detection | | `enable_adaptive_timing` | boolean | True | Enable human behavior simulation | | `behavior_profile` | string | 'casual' | Timing profile ('casual', 'focused', 'research', 'mobile') | | `enable_ml_optimization` | boolean | True | Enable ML-based bypass optimization | | `enable_enhanced_error_handling` | boolean | True | Enable intelligent error recovery | ### 🎭 **Enhanced Stealth Options** </code></pre> </div> <p><br> python<br> stealth_options = {<br> 'min_delay': 1.0, # Minimum delay between requests<br> 'max_delay': 4.0, # Maximum delay between requests<br><br> 'human_like_delays': True, # Use human-like delay patterns<br> 'randomize_headers': True, # Randomize request headers<br> 'browser_quirks': True, # Enable browser-specific quirks<br> 'simulate_viewport': True, # Simulate viewport changes<br> 'behavioral_patterns': True # Use behavioral pattern simulation<br> }<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ### πŸ€– **Complete Enhanced Configuration Example** </code></pre> </div> <p><br> python<br> import cloudscraper</p> <h1> Ultimate bypass configuration </h1> <p>scraper = cloudscraper.create_scraper(<br> # Basic settings<br> debug=True,<br> browser='chrome',<br> interpreter='js2py',</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Enhanced bypass features enable_tls_fingerprinting=True, enable_tls_rotation=True, enable_anti_detection=True, enable_enhanced_spoofing=True, spoofing_consistency_level='medium', enable_intelligent_challenges=True, enable_adaptive_timing=True, behavior_profile='focused', enable_ml_optimization=True, enable_enhanced_error_handling=True, # Stealth mode enable_stealth=True, stealth_options={ 'min_delay': 1.5, 'max_delay': 4.0, 'human_like_delays': True, 'randomize_headers': True, 'browser_quirks': True, 'simulate_viewport': True, 'behavioral_patterns': True }, # Session management session_refresh_interval=3600, auto_refresh_on_403=True, max_403_retries=3, # Proxy rotation rotating_proxies=[ 'http://proxy1:8080', 'http://proxy2:8080', 'http://proxy3:8080' ], proxy_options={ 'rotation_strategy': 'smart', 'ban_time': 600 }, # CAPTCHA solving captcha={ 'provider': '2captcha', 'api_key': 'your_api_key' } </code></pre> </div> <p>)</p> <h1> Monitor bypass performance </h1> <p>stats = scraper.get_enhanced_statistics()<br> print(f"Active bypass systems: {len(stats)}")<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ### πŸ“ˆ **Behavior Profiles** | Profile | Description | Use Case | |---------|-------------|----------| | `casual` | Relaxed browsing patterns | General web scraping | | `focused` | Efficient but careful | Targeted data collection | | `research` | Slow, methodical access | Academic or detailed research | | `mobile` | Mobile device simulation | Mobile-optimized sites | ### πŸ“‰ **Spoofing Consistency Levels** | Level | Fingerprint Stability | Detection Resistance | Performance | |-------|----------------------|---------------------|-------------| | `low` | Minimal changes | Good | Fastest | | `medium` | Moderate variations | Excellent | Balanced | | `high` | Significant obfuscation | Maximum | Slower | ## Configuration Options ### Common Parameters | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `debug` | boolean | False | Enable debug output | | `delay` | float | auto | Override challenge delay | | `interpreter` | string | 'js2py' | JavaScript interpreter | | `browser` | string/dict | None | Browser fingerprint | | `enable_stealth` | boolean | True | Enable stealth mode | | `allow_brotli` | boolean | True | Enable Brotli compression | ### Challenge Control | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `disableCloudflareV1` | boolean | False | Disable v1 challenges | | `disableCloudflareV2` | boolean | False | Disable v2 challenges | | `disableCloudflareV3` | boolean | False | Disable v3 challenges | | `disableTurnstile` | boolean | False | Disable Turnstile | ### Session Management | Parameter | Type | Default | Description | |-----------|------|---------|-------------| | `session_refresh_interval` | int | 3600 | Session refresh time (seconds) | | `auto_refresh_on_403` | boolean | True | Auto-refresh on 403 errors | | `max_403_retries` | int | 3 | Max 403 retry attempts | ### Example Configuration </code></pre> </div> <p><br> python<br> scraper = cloudscraper.create_scraper(<br> debug=True,<br> delay=5,<br> interpreter='js2py',<br> browser='chrome',<br> enable_stealth=True,<br> stealth_options={<br> 'min_delay': 2.0,<br> 'max_delay': 5.0,<br> 'human_like_delays': True,<br> 'randomize_headers': True,<br> 'browser_quirks': True<br> }<br> )<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ## Utility Functions ### Get Tokens Extract Cloudflare cookies for use in other applications: </code></pre> </div> <p><br> python<br> import cloudscraper</p> <h1> Get cookies as dictionary </h1> <p>tokens, user_agent = cloudscraper.get_tokens("<a href="https://example.com%22" rel="noopener noreferrer">https://example.com"</a>)<br> print(tokens)</p> <h1> {'cf_clearance': '...', '__cfduid': '...'} </h1> <h1> Get cookies as string </h1> <p>cookie_string, user_agent = cloudscraper.get_cookie_string("<a href="https://example.com%22" rel="noopener noreferrer">https://example.com"</a>)<br> print(cookie_string)</p> <h1> "cf_clearance=...; __cfduid=..." </h1> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ### Integration with Other Tools Use cloudscraper tokens with curl or other HTTP clients: </code></pre> </div> <p><br> python<br> import subprocess<br> import cloudscraper</p> <p>cookie_string, user_agent = cloudscraper.get_cookie_string('<a href="https://example.com'" rel="noopener noreferrer">https://example.com'</a>)</p> <p>result = subprocess.check_output([<br> 'curl',<br> '--cookie', cookie_string,<br> '-A', user_agent,<br> '<a href="https://example.com" rel="noopener noreferrer">https://example.com</a>'<br> ])</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> ## License MIT License. See LICENSE file for details. ## πŸ“ **Enhanced Features Documentation** For detailed documentation about the enhanced bypass capabilities, see: - **[ENHANCED_FEATURES.md](ENHANCED_FEATURES.md)** - Complete technical documentation - **[examples/enhanced_bypass_demo.py](examples/enhanced_bypass_demo.py)** - Comprehensive usage examples - **[tests/test_enhanced_features.py](tests/test_enhanced_features.py)** - Feature validation tests ### πŸ” **Quick Feature Reference** | Feature | Module | Description | |---------|--------|--------------| | TLS Fingerprinting | `tls_fingerprinting.py` | JA3 fingerprint rotation | | Anti-Detection | `anti_detection.py` | Traffic pattern obfuscation | | Enhanced Spoofing | `enhanced_spoofing.py` | Canvas/WebGL fingerprint spoofing | | Challenge Detection | `intelligent_challenge_system.py` | AI-powered challenge recognition | | Adaptive Timing | `adaptive_timing.py` | Human behavior simulation | | ML Optimization | `ml_optimization.py` | Machine learning bypass optimization | | Error Handling | `enhanced_error_handling.py` | Intelligent error recovery | --- πŸŽ‰ **Enhanced CloudScraper** - Bypass the majority of Cloudflare protections with cutting-edge anti-detection technology! ## Contributing Contributions are welcome! Please feel free to submit a Pull Request. ## Disclaimer This tool is for educational and testing purposes only. Always respect website terms of service and use responsibly. </code></pre> </div> HumanFuzz Zied Tue, 13 May 2025 15:40:56 +0000 https://forem.com/zinzied/-humanfuzz-n6e https://forem.com/zinzied/-humanfuzz-n6e <h1> Description: </h1> <p>A human-like web application fuzzing library that simulates real user interactions to discover security vulnerabilities. HumanFuzz provides both a Python API and a comprehensive command-line interface for scanning web applications and APIs.</p> <h2> Features </h2> <ul> <li> <strong>Human-like Interaction</strong>: Uses a headless browser to interact with web applications like a real user</li> <li> <strong>Automatic Form Discovery</strong>: Identifies and interacts with forms, buttons, and other interactive elements</li> <li> <strong>Smart Payload Generation</strong>: Generates and mutates payloads based on context and target responses</li> <li> <strong>Multiple Vulnerability Classes</strong>: Supports testing for XSS, SQL injection, SSRF, and more</li> <li> <strong>Session Awareness</strong>: Maintains authentication and session context throughout testing</li> <li> <strong>Extensible Architecture</strong>: Easily add custom payload modules and detection rules</li> <li> <strong>Comprehensive Reporting</strong>: Generates detailed reports of findings with proof-of-concept examples</li> <li> <strong>Animated Interface</strong>: Real-time visual feedback during scanning operations</li> <li> <strong>Enhanced Protection Bypass</strong>: Advanced techniques for bypassing web application firewalls and protections</li> <li> <strong>Improved HTTP Handling</strong>: Enhanced HTTP client for better request handling and performance</li> </ul> <h2> Installation </h2> <h3> Basic Installation </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pip <span class="nb">install </span>humanfuzz </code></pre> </div> <h3> Enhanced Installation (Recommended) </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Install the required dependencies</span> pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="c"># Install additional libraries for enhanced scanning</span> pip <span class="nb">install </span>humanfuzz[enhanced] </code></pre> </div> <h2> Using the Python API </h2> <h3> Quick Start </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">humanfuzz</span> <span class="kn">import</span> <span class="n">HumanFuzzer</span> <span class="c1"># Create a fuzzer instance </span><span class="n">fuzzer</span> <span class="o">=</span> <span class="nc">HumanFuzzer</span><span class="p">()</span> <span class="c1"># Start a fuzzing session </span><span class="n">fuzzer</span><span class="p">.</span><span class="nf">start_session</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Authenticate (if needed) </span><span class="n">fuzzer</span><span class="p">.</span><span class="nf">authenticate</span><span class="p">(</span> <span class="n">login_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://example.com/login</span><span class="sh">"</span><span class="p">,</span> <span class="n">username_field</span><span class="o">=</span><span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">,</span> <span class="n">password_field</span><span class="o">=</span><span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">,</span> <span class="n">username</span><span class="o">=</span><span class="sh">"</span><span class="s">test_user</span><span class="sh">"</span><span class="p">,</span> <span class="n">password</span><span class="o">=</span><span class="sh">"</span><span class="s">test_password</span><span class="sh">"</span> <span class="p">)</span> <span class="c1"># Discover and fuzz forms automatically </span><span class="n">results</span> <span class="o">=</span> <span class="n">fuzzer</span><span class="p">.</span><span class="nf">fuzz_site</span><span class="p">()</span> <span class="c1"># Generate a report </span><span class="n">fuzzer</span><span class="p">.</span><span class="nf">generate_report</span><span class="p">(</span><span class="sh">"</span><span class="s">vulnerability_report.html</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> Enhanced API Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">humanfuzz</span> <span class="kn">import</span> <span class="n">HumanFuzzer</span> <span class="c1"># Create an enhanced fuzzer instance </span><span class="n">fuzzer</span> <span class="o">=</span> <span class="nc">HumanFuzzer</span><span class="p">(</span> <span class="n">headless</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">browser_type</span><span class="o">=</span><span class="sh">"</span><span class="s">chromium</span><span class="sh">"</span><span class="p">,</span> <span class="n">bypass_cloudflare</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># Enable Cloudflare bypass </span> <span class="n">enhanced_http</span><span class="o">=</span><span class="bp">True</span> <span class="c1"># Use enhanced HTTP client </span><span class="p">)</span> <span class="c1"># Start a fuzzing session </span><span class="n">fuzzer</span><span class="p">.</span><span class="nf">start_session</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Perform API scanning </span><span class="n">fuzzer</span><span class="p">.</span><span class="nf">api_scan</span><span class="p">(</span> <span class="n">base_url</span><span class="o">=</span><span class="sh">"</span><span class="s">https://api.example.com</span><span class="sh">"</span><span class="p">,</span> <span class="n">endpoints</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">/users</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">/products</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">/orders</span><span class="sh">"</span><span class="p">],</span> <span class="n">auth_headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer YOUR_TOKEN</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># Generate a comprehensive report </span><span class="n">fuzzer</span><span class="p">.</span><span class="nf">generate_report</span><span class="p">(</span><span class="sh">"</span><span class="s">vulnerability_report.html</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> Using the Command-Line Interface </h2> <p>HumanFuzz provides a comprehensive command-line interface for easy scanning operations.</p> <h3> Basic Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py <span class="o">[</span><span class="nt">-h</span><span class="o">]</span> <span class="o">{</span>scan,api,report,version<span class="o">}</span> ... </code></pre> </div> <h3> Commands </h3> <ul> <li> <code>scan</code>: Scan a website for vulnerabilities</li> <li> <code>api</code>: Scan API endpoints</li> <li> <code>report</code>: Generate a report from saved results</li> <li> <code>version</code>: Show version information</li> </ul> <h3> Scan Command </h3> <p>The <code>scan</code> command is used to scan a website for vulnerabilities:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py scan https://example.com <span class="o">[</span>options] </code></pre> </div> <h4> Options </h4> <ul> <li> <code>--depth, -d DEPTH</code>: Maximum crawl depth (default: 2)</li> <li> <code>--pages, -p PAGES</code>: Maximum pages to crawl (default: 10)</li> <li> <code>--visible, -v</code>: Show browser window</li> <li> <code>--simulate, -s</code>: Run in simulation mode (no actual browser)</li> <li> <code>--output, -o OUTPUT</code>: Output file for the report (default: auto-generated)</li> <li> <code>--format, -f {html,json,md}</code>: Report format (default: html)</li> <li> <code>--auth, -a</code>: Enable authentication</li> <li> <code>--username, -u USERNAME</code>: Username for authentication</li> <li> <code>--password, -pw PASSWORD</code>: Password for authentication</li> <li> <code>--login-url, -l LOGIN_URL</code>: Login URL (if different from main URL)</li> <li> <code>--username-field USERNAME_FIELD</code>: Username field name/ID (default: username)</li> <li> <code>--password-field PASSWORD_FIELD</code>: Password field name/ID (default: password)</li> <li> <code>--submit-button SUBMIT_BUTTON</code>: Submit button selector (optional)</li> <li> <code>--cookies, -c COOKIES</code>: Cookies to use (format: name1=value1;name2=value2)</li> <li> <code>--headers HEADERS</code>: Custom headers (format: name1=value1;name2=value2)</li> <li> <code>--user-agent USER_AGENT</code>: Custom User-Agent</li> <li> <code>--timeout TIMEOUT</code>: Request timeout in seconds (default: 30)</li> <li> <code>--delay DELAY</code>: Delay between requests in seconds (default: 0)</li> <li> <code>--bypass-cloudflare</code>: Enable Cloudflare bypass using cloudscraper25</li> <li> <code>--enhanced-http</code>: Use urllib4-enhanced for HTTP requests</li> <li> <code>--verbose</code>: Enable verbose output</li> <li> <code>--save-results SAVE_RESULTS</code>: Save raw results to JSON file</li> </ul> <h3> API Command </h3> <p>The <code>api</code> command is used to scan API endpoints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py api https://api.example.com <span class="o">[</span>options] </code></pre> </div> <h4> Options </h4> <ul> <li> <code>--endpoints, -e ENDPOINTS</code>: Comma-separated list of endpoints to scan</li> <li> <code>--endpoints-file ENDPOINTS_FILE</code>: File containing endpoints (one per line)</li> <li> <code>--methods, -m METHODS</code>: HTTP methods to use (comma-separated, default: GET,POST,PUT,DELETE)</li> <li> <code>--auth-type {none,basic,bearer,api-key}</code>: Authentication type</li> <li> <code>--auth-user AUTH_USER</code>: Username for Basic Auth</li> <li> <code>--auth-pass AUTH_PASS</code>: Password for Basic Auth</li> <li> <code>--auth-token AUTH_TOKEN</code>: Token for Bearer Auth</li> <li> <code>--api-key-name API_KEY_NAME</code>: API key header name (default: X-API-Key)</li> <li> <code>--api-key-value API_KEY_VALUE</code>: API key value</li> <li> <code>--headers HEADERS</code>: Custom headers (format: name1=value1;name2=value2)</li> <li> <code>--output, -o OUTPUT</code>: Output file for the report (default: auto-generated)</li> <li> <code>--format, -f {html,json,md}</code>: Report format (default: html)</li> <li> <code>--simulate, -s</code>: Run in simulation mode</li> <li> <code>--verbose</code>: Enable verbose output</li> <li> <code>--save-results SAVE_RESULTS</code>: Save raw results to JSON file</li> </ul> <h3> Report Command </h3> <p>The <code>report</code> command is used to generate a report from saved results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py report <span class="nt">--input</span> results.json <span class="nt">--output</span> report.html <span class="o">[</span>options] </code></pre> </div> <h4> Options </h4> <ul> <li> <code>--input, -i INPUT</code>: Input JSON file with scan results (required)</li> <li> <code>--output, -o OUTPUT</code>: Output report file (required)</li> <li> <code>--format, -f {html,json,md}</code>: Report format (default: html)</li> <li> <code>--template, -t TEMPLATE</code>: Custom template file for the report</li> </ul> <h3> Version Command </h3> <p>The <code>version</code> command shows version information:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py version </code></pre> </div> <h2> CLI Examples </h2> <h3> Basic Website Scan </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py scan https://example.com </code></pre> </div> <h3> Scan with Authentication </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py scan https://example.com <span class="nt">--auth</span> <span class="nt">--username</span> admin <span class="nt">--password</span> secret </code></pre> </div> <h3> Scan with Cloudflare Bypass and Enhanced HTTP </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py scan https://example.com <span class="nt">--bypass-cloudflare</span> <span class="nt">--enhanced-http</span> </code></pre> </div> <h3> API Scan with Bearer Authentication </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py api https://api.example.com <span class="nt">--endpoints</span> /users,/products <span class="nt">--auth-type</span> bearer <span class="nt">--auth-token</span> <span class="s2">"YOUR_TOKEN"</span> </code></pre> </div> <h3> Generate Report from Saved Results </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>humanfuzz_cli.py report <span class="nt">--input</span> scan_results.json <span class="nt">--output</span> vulnerability_report.html </code></pre> </div> <h2> Enhanced Features </h2> <h3> Cloudflare Bypass </h3> <p>The <code>--bypass-cloudflare</code> option enables Cloudflare protection bypass. This allows scanning websites protected by Cloudflare, which would normally block automated scanning tools.</p> <p>Benefits:</p> <ul> <li>Bypass Cloudflare's anti-bot protection</li> <li>Access protected content for scanning</li> <li>Maintain session context through Cloudflare challenges</li> </ul> <h3> Enhanced HTTP Requests </h3> <p>The <code>--enhanced-http</code> option enables the use of enhanced HTTP libraries for requests, providing improved capabilities for more effective scanning.</p> <p>Benefits:</p> <ul> <li>Automatic retry mechanisms for failed requests</li> <li>Better error handling and reporting</li> <li>Improved performance for large-scale scanning</li> <li>Enhanced cookie and session management</li> <li>Support for complex authentication schemes</li> </ul> <h2> Advanced Usage </h2> <p>See the <a href="https://humanfuzz.readthedocs.io" rel="noopener noreferrer">documentation</a> for advanced usage examples, including:</p> <ul> <li>Custom payload modules</li> <li>Targeted fuzzing of specific forms or endpoints</li> <li>Recording and replaying user flows</li> <li>Integration with CI/CD pipelines</li> <li>Creating custom scan profiles</li> </ul> <h2> Contributing </h2> <p>Contributions are welcome! Please feel free to submit a Pull Request.</p> <h2> License </h2> <p>This project is licensed under the MIT License - see the <a href="https://dev.toLICENSE">LICENSE</a> file for details.</p> <h2> Copyright </h2> <p>Β© 2025 Powered By zinzied</p> programming python beginners ai-urllib4 Zied Mon, 12 May 2025 07:20:22 +0000 https://forem.com/zinzied/urllib4-enhanced-lib-58cc https://forem.com/zinzied/urllib4-enhanced-lib-58cc <h1> # urllib4: An Enhanced HTTP Client for Python </h1> <p> <a href="https://github.com/zinzied/ai-urllib4" rel="noopener noreferrer"><img alt="Project Status" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimg.shields.io%2Fbadge%2Fstatus-production--ready-green" width="148" height="20"></a> <a href="https://github.com/zinzied/ai-urllib4" rel="noopener noreferrer"><img alt="Python Versions" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimg.shields.io%2Fbadge%2Fpython-3.7%252B-blue" width="86" height="20"></a> <a href="https://github.com/zinzied/ai-urllib4" rel="noopener noreferrer"><img alt="Development Stage" src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimg.shields.io%2Fbadge%2Fstage-stable-green" width="84" height="20"></a> </p> <p>ai-urllib4 is a modern HTTP client for Python that builds upon the foundation of urllib3 while adding enhancements for modern web applications. It provides a powerful yet user-friendly interface for making HTTP requests with advanced features.</p> <h2> Features </h2> <p>urllib4 provides a comprehensive set of features for modern web applications:</p> <h3> βœ… Core Features: </h3> <ul> <li>Connection pooling and thread safety</li> <li>Basic URL parsing and manipulation</li> <li>HTTP header handling and collections</li> <li>Multipart form data encoding</li> <li>SSL/TLS utility functions</li> <li>File upload functionality</li> <li>HTTP/HTTPS request handling</li> <li>Proxy support</li> <li>Retry mechanisms</li> <li>Redirect handling</li> <li>Compression support</li> </ul> <h3> βœ… Advanced Features: </h3> <ul> <li>Enhanced HTTP/2 Support</li> <li>WebSocket capabilities with extensions and subprotocols</li> <li>Improved security features</li> <li>HTTP/3 (QUIC) support with Multipath QUIC</li> </ul> <h2> Usage Example </h2> <p>You can use urllib4 for your HTTP requests with a simple, intuitive API:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Simple GET request &gt;&gt;&gt; import urllib4 &gt;&gt;&gt; resp = urllib4.request("GET", "http://httpbin.org/robots.txt") &gt;&gt;&gt; resp.status 200 &gt;&gt;&gt; resp.data b"User-agent: *\nDisallow: /deny\n" # POST request with JSON data &gt;&gt;&gt; import urllib4 &gt;&gt;&gt; import json &gt;&gt;&gt; data = {"name": "John", "age": 30} &gt;&gt;&gt; resp = urllib4.request( ... "POST", ... "http://httpbin.org/post", ... headers={"Content-Type": "application/json"}, ... body=json.dumps(data).encode() ... ) &gt;&gt;&gt; resp.status 200 </code></pre> </div> <h2> Installation </h2> <p>You can install urllib4 with pip:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>pip <span class="nb">install </span>urllib4 </code></pre> </div> <p>For additional features, you can install optional dependencies:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># For HTTP/3 support</span> <span class="nv">$ </span>pip <span class="nb">install </span>ai-urllib4[http3] <span class="c"># For WebSocket subprotocols</span> <span class="nv">$ </span>pip <span class="nb">install </span>ai-urllib4[websocket] <span class="c"># For all optional features</span> <span class="nv">$ </span>pip <span class="nb">install </span>ai-urllib4[all] </code></pre> </div> <p>Alternatively, you can install from source:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/zinzied/urllib4.git <span class="nv">$ </span><span class="nb">cd </span>urllib4 <span class="nv">$ </span>pip <span class="nb">install</span> <span class="nt">-e</span> <span class="nb">.</span> </code></pre> </div> <h2> Development and Testing </h2> <p>To set up a development environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>git clone https://github.com/zinzied/urllib4.git <span class="nv">$ </span><span class="nb">cd </span>urllib4 <span class="nv">$ </span>pip <span class="nb">install</span> <span class="nt">-e</span> <span class="s2">".[dev]"</span> </code></pre> </div> <p>To run tests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>python <span class="nt">-m</span> pytest </code></pre> </div> <p>Note that many tests are currently failing as the library is under active development.</p> <h2> Documentation </h2> <p>Documentation is currently limited to code comments and this README. As the project matures, more comprehensive documentation will be developed.</p> <h2> Roadmap </h2> <p>The following features are planned for future development:</p> <h3> HTTP/3 Enhancements </h3> <ul> <li>Connection migration for improved reliability</li> <li>HTTP/3 priority management</li> <li>WebTransport support</li> </ul> <h3> WebSocket Enhancements </h3> <ul> <li>Additional WebSocket extensions</li> <li>WebSocket over HTTP/2</li> </ul> <h3> HTTP/2 Support </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">urllib4</span> <span class="kn">from</span> <span class="n">urllib4.http2</span> <span class="kn">import</span> <span class="n">inject_into_urllib4</span><span class="p">,</span> <span class="n">ConnectionProfile</span> <span class="c1"># Enable HTTP/2 support </span><span class="nf">inject_into_urllib4</span><span class="p">()</span> <span class="c1"># Create a pool manager with a specific connection profile </span><span class="n">http</span> <span class="o">=</span> <span class="n">urllib4</span><span class="p">.</span><span class="nc">PoolManager</span><span class="p">(</span><span class="n">http2_profile</span><span class="o">=</span><span class="n">ConnectionProfile</span><span class="p">.</span><span class="n">HIGH_PERFORMANCE</span><span class="p">)</span> <span class="c1"># Make a request (automatically uses HTTP/2 if the server supports it) </span><span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">https://nghttp2.org</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">HTTP version: </span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">version_string</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> WebSocket Support </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">urllib4.websocket</span> <span class="kn">import</span> <span class="n">WebSocketConnection</span> <span class="c1"># Connect to a WebSocket server with compression and health monitoring </span><span class="n">ws</span> <span class="o">=</span> <span class="nc">WebSocketConnection</span><span class="p">(</span> <span class="sh">"</span><span class="s">wss://echo.websocket.org</span><span class="sh">"</span><span class="p">,</span> <span class="n">enable_compression</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">compression_level</span><span class="o">=</span><span class="mi">9</span><span class="p">,</span> <span class="n">enable_health_monitoring</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">ping_interval</span><span class="o">=</span><span class="mf">30.0</span><span class="p">,</span> <span class="n">ping_timeout</span><span class="o">=</span><span class="mf">5.0</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># Connect to the server </span><span class="n">ws</span><span class="p">.</span><span class="nf">connect</span><span class="p">()</span> <span class="c1"># Send a text message </span><span class="n">ws</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="sh">"</span><span class="s">Hello, WebSocket!</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Send a binary message </span><span class="n">ws</span><span class="p">.</span><span class="nf">send</span><span class="p">(</span><span class="sa">b</span><span class="sh">"</span><span class="se">\x01\x02\x03\x04</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Send a structured object using a subprotocol </span><span class="n">ws</span> <span class="o">=</span> <span class="nc">WebSocketConnection</span><span class="p">(</span> <span class="sh">"</span><span class="s">wss://echo.websocket.org</span><span class="sh">"</span><span class="p">,</span> <span class="n">protocols</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">json</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> <span class="n">ws</span><span class="p">.</span><span class="nf">connect</span><span class="p">()</span> <span class="n">ws</span><span class="p">.</span><span class="nf">send</span><span class="p">({</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">John</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">age</span><span class="sh">"</span><span class="p">:</span> <span class="mi">30</span><span class="p">})</span> <span class="c1"># Automatically encoded as JSON </span> <span class="c1"># Receive a message with timeout </span><span class="k">try</span><span class="p">:</span> <span class="n">message</span> <span class="o">=</span> <span class="n">ws</span><span class="p">.</span><span class="nf">receive</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="mf">5.0</span><span class="p">)</span> <span class="k">if</span> <span class="nf">isinstance</span><span class="p">(</span><span class="n">message</span><span class="p">,</span> <span class="nb">dict</span><span class="p">):</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Received JSON: </span><span class="si">{</span><span class="n">message</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Received: </span><span class="si">{</span><span class="n">message</span><span class="p">.</span><span class="n">text</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">except</span> <span class="n">WebSocketTimeoutError</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="s">Timed out waiting for message</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Close the connection </span><span class="n">ws</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <h3> WebSocket Extensions and Subprotocols </h3> <p>urllib4 supports various WebSocket extensions and subprotocols:</p> <ul> <li> <p><strong>Extensions</strong>:</p> <ul> <li> <code>permessage-deflate</code>: Compresses WebSocket messages for better performance</li> </ul> </li> <li> <p><strong>Subprotocols</strong>:</p> <ul> <li> <code>json</code>: Automatically encodes/decodes JSON data</li> <li> <code>msgpack</code>: Efficiently encodes/decodes MessagePack data (requires <code>msgpack</code> package)</li> <li> <code>cbor</code>: Efficiently encodes/decodes CBOR data (requires <code>cbor2</code> package)</li> </ul> </li> </ul> <h3> HTTP/3 Support </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">urllib4</span> <span class="kn">from</span> <span class="n">urllib4.http3</span> <span class="kn">import</span> <span class="n">HTTP3Connection</span><span class="p">,</span> <span class="n">HTTP3Settings</span><span class="p">,</span> <span class="n">QUICSettings</span><span class="p">,</span> <span class="n">inject_into_urllib4</span> <span class="c1"># Direct HTTP/3 usage </span><span class="n">quic_settings</span> <span class="o">=</span> <span class="nc">QUICSettings</span><span class="p">(</span> <span class="n">enable_multipath</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># Enable Multipath QUIC </span> <span class="n">max_paths</span><span class="o">=</span><span class="mi">4</span><span class="p">,</span> <span class="n">enable_0rtt</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="c1"># Enable 0-RTT for faster connections </span><span class="p">)</span> <span class="n">http3_settings</span> <span class="o">=</span> <span class="nc">HTTP3Settings</span><span class="p">(</span> <span class="n">quic</span><span class="o">=</span><span class="n">quic_settings</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># Create an HTTP/3 connection </span><span class="n">conn</span> <span class="o">=</span> <span class="nc">HTTP3Connection</span><span class="p">(</span> <span class="sh">"</span><span class="s">cloudflare-quic.com</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># A server that supports HTTP/3 </span> <span class="n">settings</span><span class="o">=</span><span class="n">http3_settings</span><span class="p">,</span> <span class="p">)</span> <span class="c1"># Connect and make a request </span><span class="n">conn</span><span class="p">.</span><span class="nf">connect</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="n">conn</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Status: </span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">status</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Body: </span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">data</span><span class="p">.</span><span class="nf">decode</span><span class="p">()[</span><span class="si">:</span><span class="mi">100</span><span class="p">]</span><span class="si">}</span><span class="s">...</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Close the connection </span><span class="n">conn</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="c1"># Alternatively, inject HTTP/3 support into urllib4 </span><span class="nf">inject_into_urllib4</span><span class="p">()</span> <span class="c1"># Now all HTTPS requests will automatically use HTTP/3 when available </span><span class="n">http</span> <span class="o">=</span> <span class="n">urllib5</span><span class="p">.</span><span class="nc">PoolManager</span><span class="p">()</span> <span class="n">response</span> <span class="o">=</span> <span class="n">http</span><span class="p">.</span><span class="nf">request</span><span class="p">(</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">https://cloudflare-quic.com/</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> πŸ€– AI-Powered Smart Config </h3> <p>ai-urllib4 includes an experimental AI module that suggests optimal connection parameters based on URL heuristics.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">ai_urllib4.ai</span> <span class="kn">import</span> <span class="n">AISmartConfig</span><span class="p">,</span> <span class="n">optimize_params_for</span> <span class="c1"># Get a suggested timeout for an API endpoint </span><span class="n">timeout</span> <span class="o">=</span> <span class="n">AISmartConfig</span><span class="p">.</span><span class="nf">suggest_timeout</span><span class="p">(</span><span class="sh">"</span><span class="s">https://api.example.com/v1/users</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Suggested Timeout: </span><span class="si">{</span><span class="n">timeout</span><span class="si">}</span><span class="s">s</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Get a full set of optimized parameters </span><span class="n">params</span> <span class="o">=</span> <span class="nf">optimize_params_for</span><span class="p">(</span><span class="sh">"</span><span class="s">https://cdn.example.com/big-file.zip</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Optimized Params: </span><span class="si">{</span><span class="n">params</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Output: {'timeout': 60.0, 'retries': 3} </span></code></pre> </div> <h3> πŸš€ AsyncIO Support </h3> <p>First-class support for <code>asyncio</code> and <code>anyio</code> is now available.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">asyncio</span> <span class="kn">from</span> <span class="n">ai_urllib4.async_connectionpool</span> <span class="kn">import</span> <span class="n">connection_from_url</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="n">pool</span> <span class="o">=</span> <span class="nf">connection_from_url</span><span class="p">(</span><span class="sh">"</span><span class="s">http://httpbin.org</span><span class="sh">"</span><span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pool</span><span class="p">.</span><span class="nf">urlopen</span><span class="p">(</span><span class="sh">"</span><span class="s">GET</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">/get</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">response</span><span class="p">)</span> <span class="k">await</span> <span class="n">pool</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">run</span><span class="p">(</span><span class="nf">main</span><span class="p">())</span> </code></pre> </div> <h3> Enhanced Security Features (Planned) </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># This is a planned API - not yet implemented </span><span class="kn">import</span> <span class="n">urllib4</span> <span class="kn">from</span> <span class="n">urllib4.util.cert_verification</span> <span class="kn">import</span> <span class="n">SPKIPinningVerifier</span><span class="p">,</span> <span class="n">CertificateTransparencyPolicy</span> <span class="kn">from</span> <span class="n">urllib4.util.hsts</span> <span class="kn">import</span> <span class="n">HSTSCache</span><span class="p">,</span> <span class="n">HSTSHandler</span> <span class="c1"># Create a pool manager with SPKI pinning </span><span class="n">pins</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">example.com</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">pin-sha256:YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=</span><span class="sh">"</span><span class="p">}</span> <span class="p">}</span> <span class="n">http</span> <span class="o">=</span> <span class="n">urllib4</span><span class="p">.</span><span class="nc">PoolManager</span><span class="p">(</span> <span class="n">spki_pins</span><span class="o">=</span><span class="n">pins</span><span class="p">,</span> <span class="n">cert_transparency_policy</span><span class="o">=</span><span class="n">CertificateTransparencyPolicy</span><span class="p">.</span><span class="n">BEST_EFFORT</span> <span class="p">)</span> <span class="c1"># Create an HSTS handler </span><span class="n">hsts_cache</span> <span class="o">=</span> <span class="nc">HSTSCache</span><span class="p">()</span> <span class="n">hsts_handler</span> <span class="o">=</span> <span class="nc">HSTSHandler</span><span class="p">(</span><span class="n">hsts_cache</span><span class="p">)</span> <span class="c1"># Secure a URL if needed </span><span class="n">url</span> <span class="o">=</span> <span class="sh">"</span><span class="s">http://example.com/api</span><span class="sh">"</span> <span class="n">secured_url</span> <span class="o">=</span> <span class="n">hsts_handler</span><span class="p">.</span><span class="nf">secure_url</span><span class="p">(</span><span class="n">url</span><span class="p">)</span> <span class="c1"># Returns https://example.com/api if in HSTS cache </span></code></pre> </div> <h2> Contributing </h2> <p>This project is in its early stages and contributions are welcome! Here's how you can help:</p> <ul> <li> <strong>Bug Reports</strong>: If you find a bug, please open an issue with detailed information.</li> <li> <strong>Feature Requests</strong>: Have ideas for new features? Open an issue to discuss.</li> <li> <strong>Code Contributions</strong>: Pull requests are welcome for bug fixes or new features.</li> <li> <strong>Documentation</strong>: Help improve or expand the documentation.</li> <li> <strong>Testing</strong>: Help write or improve tests for the codebase.</li> </ul> <h3> Development Guidelines </h3> <ol> <li>Fork the repository</li> <li>Create a feature branch (<code>git checkout -b feature/amazing-feature</code>)</li> <li>Commit your changes (<code>git commit -m 'Add some amazing feature'</code>)</li> <li>Push to the branch (<code>git push origin feature/amazing-feature</code>)</li> <li>Open a Pull Request</li> </ol> <h2> Why ai-urllib4? (vs urllib3) </h2> <p>While <code>ai-urllib4</code> is built on the solid foundation of <code>urllib3</code>, it introduces key differences designed for modern, high-performance applications:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>urllib3</th> <th>ai-urllib4</th> </tr> </thead> <tbody> <tr> <td><strong>Async Support</strong></td> <td>❌ Synchronous only (blocking)</td> <td>βœ… <strong>Native AsyncIO</strong> (<code>async</code>/<code>await</code>)</td> </tr> <tr> <td><strong>Configuration</strong></td> <td>Manual Tuning</td> <td>πŸ€– <strong>AI Smart Config</strong> (Heuristic optimization)</td> </tr> <tr> <td><strong>HTTP/2 &amp; 3</strong></td> <td>Experimental / Partial</td> <td>βœ… <strong>First-Class Support</strong> (Multipath QUIC, etc.)</td> </tr> <tr> <td><strong>WebSocket</strong></td> <td>Limited / Extension needed</td> <td>βœ… <strong>Built-in Advanced Support</strong> (Subprotocols, etc.)</td> </tr> </tbody> </table></div> <h3> Key Differentiators: </h3> <ol> <li> <strong>πŸš€ AsyncIO Support</strong>: <code>ai-urllib4</code> allows non-blocking requests perfect for apps using <code>FastAPI</code>, <code>Quart</code>, or standard <code>asyncio</code>.</li> <li> <strong>πŸ€– AI-Powered Tuning</strong>: The <code>AISmartConfig</code> module automatically suggests timeout and retry settings based on the target URL type (API vs Download).</li> <li> <strong>πŸ”’ Modern Security</strong>: Stronger focus on Certificate Transparency and SPKI Pinning out of the box.</li> </ol> <h2> Security Considerations </h2> <p>urllib4 is designed with security in mind, providing robust SSL/TLS verification, certificate transparency checking, and HSTS support. It's suitable for use in production environments where security is a priority.</p> <h2> Acknowledgements </h2> <p>This project builds on concepts from the urllib3 project and other Python HTTP libraries. We extend our gratitude to the authors and maintainers of these projects for their foundational work.</p> <h2> License </h2> <p>This project is licensed under the MIT License - see the LICENSE file for details.</p> urllib4 python urlib3 http