Skip to content

feat: implement TLS fingerprint spoofing via wreq-js#137

Open
LinearSakana wants to merge 2 commits intodecolua:masterfrom
LinearSakana:feat/TLS-fingerprint-spoofing
Open

feat: implement TLS fingerprint spoofing via wreq-js#137
LinearSakana wants to merge 2 commits intodecolua:masterfrom
LinearSakana:feat/TLS-fingerprint-spoofing

Conversation

@LinearSakana
Copy link
Contributor

@LinearSakana LinearSakana commented Feb 16, 2026

Summary

To address the increasingly strict ban measures imposed by Google on Antigravity reverse proxies, this PR implements TLS fingerprint spoofing. By mimicking legitimate Chrome 124 TLS fingerprints, this change MAY reduce the risk of detection and improve the stability of the proxy service.

This implementation is inspired by the technique used in antigravity-claude-proxy but includes additional enhancements for better compatibility.

Key Changes

1. New TLS Client Module (open-sse/utils/tlsClient.js)

  • Introduced a singleton TlsClient using wreq-js to create TLS sessions with Chrome 124 on macOS fingerprints.
  • Enhancement: Added native proxy support. The client automatically mimics the TLS fingerprint even when traffic is routed through a proxy (configured via HTTPS_PROXY / HTTP_PROXY / ALL_PROXY env vars).

2. Global Fetch Integration (open-sse/utils/proxyFetch.js)

  • Refactored proxyFetch.js to route traffic through the TlsClient by default.
  • Simplified logic: removed legacy proxy agent handling since wreq-js now handles both TLS spoofing and proxy tunneling natively.
  • Retained NO_PROXY bypass logic for local/internal traffic.
  • Added automatic fallback to native fetch if the TLS client encounters critical errors.

Impact

  • Anti-Ban: Effectively bypasses JA3/JA4 fingerprint-based blocking.
  • Compatibility: Verified to work with existing Antigravity flows.
  • Proxy Support: Explicitly supports upstream proxies while maintaining the spoofed fingerprint.

Testing

  • Verified npm install and build process.
  • Confirmed that requests are successfully routed through the wreq-js session.
  • Validated proxy configuration support.

zx added 2 commits February 16, 2026 15:41
feat: implement TLS fingerprint spoofing via wreq-js for Antigravity …
c7e56ac 
…proxy

* Add `TlsClient` utility to mimic Chrome 124 TLS handshake
* Update `patchedFetch` to use TLS client when no proxy is configured
* Add fallback mechanism to native fetch on TLS client failure
* Add `wreq-js` dependency to package.json
feat(proxy): delegate proxy handling to wreq-js and simplify fetch logic
c3de453 
* Offload proxy configuration to `wreq-js` session in `tlsClient`
* Remove manual proxy agent management and dependencies in `proxyFetch`
* Remove redundant `ResponseWrapper` and `HeadersCompat` classes
* Implement `NO_PROXY` support to bypass TLS client when needed
diegosouzapw added a commit to diegosouzapw/OmniRoute that referenced this pull request Feb 16, 2026
@diegosouzapw
feat(proxy): implement TLS fingerprint spoofing via wreq-js
3dd0cc1 
- Add TlsClient module (Chrome 124 fingerprint via wreq-js)
- Integrate TLS client as opt-in layer in proxyFetch.js (ENABLE_TLS_FINGERPRINT)
- Add per-request TLS tracking via AsyncLocalStorage
- Add TLS fingerprint column and badge to Proxy Logger dashboard
- Add TLS Fingerprint section to ProxyLogDetail modal
- Add wreq-js dependency
- Document ENABLE_TLS_FINGERPRINT in .env.example

Adapted from upstream PR decolua/9router#137, preserving all
OmniRoute-specific proxy features (AsyncLocalStorage context,
proxyDispatcher, SOCKS5, Symbol-based patch state).
@diegosouzapw diegosouzapw mentioned this pull request Feb 16, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LinearSakana