Please update fingerprint for w3m browser

Hi! As always I appreciate what Cloudflare does for the health of the Internet.

I have a request for the CF engineers working on automatic blocking: please update the fingerprint for what counts as a good version of the w3m text web browser.

I use it heavily and have found that an old binary I have works fine while the latest version available from Debian-testing gets a 403 Forbidden when visiting stackexchange.com.

Here are the relevant RAY IDs.

  • New version of w3m (gets blocked): CF-RAY: 8758ef178a70c77a-SEA

  • Old version of w3m (works fine): CF-RAY: 8758f581eea7a59c-SEA

I am sure your engineers will be able to sort this out quickly. But if you have any questions, please let me know. I can tell you more about w3m and share with you my guess as to which subtle change may be triggering the block.

3 Likes

Unfortunately, random RayIDs aren’t going to be much help in exposing the JA3 Fingerprint, unless stackexchange has an Enterprise plan and would be kind enough to look in firewall events log for those RayIDs.

You might be able to get it from a place like this, though:

2 Likes

How do I submit the JA3 once I have it? It looks like I’ll have to calculate it by hand as the BrowserLeaks website requires javascript and thus doesn’t work in the w3m browser.

Also, are you sure JA3 is what is needed? The Further Reading links from that site includes a blog post with an algorithm to fake any JA3. It is interesting reading as it shows that even five years ago, JA3 was considered a simple technique, easily mitigated by the bad guys.

I wish there was something better than JA3, but I know as Cloudflare’s techniques get more advanced, it will become harder for simple tools like w3m and curl to pass.

Whew, turns out someone made a JA3 wireshark plugin so I didn’t have do the calculations with pen and paper.

So, who do I talk to get this information into Cloudflare’s database?

Output from tshark for w3m browser

tshark -O JA3 -V -Y 'tls.handshake' -Tjson -e tls.handshake.ja3 -e tls.handshake.ja3s -e tls.handshake.ja4
        "tls.handshake.ja3": [
          "d39e1be3241d516b1f714bd47c2bc968"
        ],
        "tls.handshake.ja4": [
          "t13d311100_e8f1e7e78f70_d41ae481755e"
        ]
        "tls.handshake.ja3s": [
          "907bf3ecef1c987c889946b737b43de8"
        ]
1 Like