When you're automating requests against platforms that actively detect bots, your HTTP library is a...
When you're automating requests against platforms that actively detect bots, your HTTP library is a liability. We learned this the hard way — Axios was getting our requests fingerprinted and blocked within hours. Here's why we migrated to CycleTLS v2 and what it took to make it production-ready.
The fingerprinting problem
Every HTTP client has a TLS fingerprint. When your browser connects to a server over HTTPS, the TLS handshake reveals:
Supported cipher suites (and their order)
TLS extensions
A few months ago, I was debugging a production API issue. I copied a JWT from our logs, pasted it...
I was debugging an authentication issue at 11pm when I caught myself pasting a production JWT token...
A real browser opens an HTTPS page served by a binary whose every cryptographic transform — key exchange, signature, encryption,…
Here is the uncomfortable version, up front: the fingerprint you are sweating over is the part of the...
If you have ever built a production-grade web scraper in Python, you have likely run into the dreaded...
When you build a tool that stores authentication tokens for other people's social media accounts, you...
