Title: Thermoptic: The HTTP Proxy That Mimics Chrome Perfectly
Intro
Ever needed to make HTTP requests that blend in completely with regular web traffic? Most proxies and scraping tools have a tell – some header is slightly off, the TLS fingerprint is wrong, or the request pattern just doesn't look human. That's where Thermoptic comes in.
It's a next-generation stealth proxy built in Rust that makes your traffic look exactly like it's coming from a real Chrome browser. For developers working on web scraping, automation, or security testing, this is a tool that aims to solve the fingerprinting problem head-on.
What It Does
Thermoptic is an HTTP proxy that sits between your client and the internet. You send your requests to it, and it rewrites them on the fly. But it doesn't just change a user-agent string. It performs a deep transformation of your entire HTTP request, from the headers down to the low-level network characteristics, to perfectly mimic a request from a specific, real version of Google Chrome.
Why It's Cool
The magic of Thermoptic isn't just in swapping headers. Plenty of tools do that. Its cleverness lies in the depth of its mimicry.
- Comprehensive Header Management: It doesn't just add a Chrome user-agent. It strips your client's original headers and injects a complete, accurate set of headers that a real instance of Chrome for that version would send. This includes the correct
sec-ch-uaand other client hint headers. - TLS Fingerprint Cloaking: This is a big one. Many advanced systems perform TLS fingerprinting to identify clients. Thermoptic ensures its TLS handshake is identical to Chrome's, making it much harder to detect at the protocol level.
- HTTP/2 and ALPN Simulation: It can advertise the same Application-Layer Protocol Negotiation (ALPN) IDs as Chrome, ensuring the negotiation to HTTP/2 looks authentic.
- It's a Proxy, Not a Library: You don't have to rewrite your application. You can point any existing tool—like
curl, a script, or a full-blown app—at the Thermoptic proxy and it instantly benefits from the cloaking.
How to Try It
Getting started is straightforward, especially if you have Rust's toolchain installed.
- Clone the repository:
git clone https://github.com/mandatoryprogrammer/thermoptic cd thermoptic - Run the proxy (defaults to port 8080):
cargo run - Configure your application to use
http://127.0.0.1:8080as its HTTP proxy. For a quick test withcurl:curl -x http://127.0.0.1:8080 --proxy-insecure http://httpbin.org/headers
Check the response from httpbin.org/headers. You'll see that the request appears to come from Chrome, not curl.
Final Thoughts
Thermoptic feels like a specialized tool for a specific but important niche. If you're tired of getting blocked by sophisticated anti-bot systems during legitimate scraping or security research, this is absolutely worth a look. It tackles the problem of detection at a deeper level than most utilities. It's not a magic bullet, but it raises the bar significantly for anyone trying to tell your automated traffic apart from a real user browsing with Chrome.
Follow us for more interesting projects: @githubprojects