advanced-tls-client 1.0.0

package/index.ts

@@ -0,0 +1,1319 @@
+import * as tls from 'tls';
+import * as net from 'net';
+import * as http2 from 'http2';
+import * as crypto from 'crypto';
+import { EventEmitter } from 'events';
+import * as zlib from 'zlib';
+import { promisify } from 'util';
+
+const gunzip = promisify(zlib.gunzip);
+const brotliDecompress = promisify(zlib.brotliDecompress);
+
+const GREASE_VALUES = [0x0a0a, 0x1a1a, 0x2a2a, 0x3a3a, 0x4a4a, 0x5a5a, 0x6a6a, 0x7a7a, 0x8a8a, 0x9a9a, 0xaaaa, 0xbaba, 0xcaca, 0xdada, 0xeaea, 0xfafa];
+
+interface TLSExtension {
+  type: number;
+  data?: Buffer | number[] | string[];
+}
+
+interface TLSFingerprint {
+  cipherSuites: string[];
+  extensions: number[];
+  supportedGroups: string[];
+  signatureAlgorithms: string[];
+  supportedVersions: string[];
+  ecPointFormats: number[];
+  alpnProtocols: string[];
+  pskKeyExchangeModes: number[];
+  compressionMethods: number[];
+  grease: boolean;
+  recordSizeLimit?: number;
+}
+
+interface HTTP2Fingerprint {
+  windowUpdate: number;
+  headerTableSize: number;
+  maxConcurrentStreams?: number;
+  initialWindowSize: number;
+  maxFrameSize: number;
+  maxHeaderListSize?: number;
+  enablePush: number;
+  settingsOrder: number[];
+  connectionPreface: Buffer;
+  priorityFrames: Array<{
+    streamId: number;
+    weight: number;
+    dependency: number;
+    exclusive: boolean;
+  }>;
+  pseudoHeaderOrder: string[];
+  headerPriority?: {
+    streamDep: number;
+    exclusive: boolean;
+    weight: number;
+  };
+}
+
+interface ChromeProfile {
+  name: string;
+  version: string;
+  tls: TLSFingerprint;
+  http2: HTTP2Fingerprint;
+  userAgent: string;
+  secChUa: string;
+  secChUaPlatform: string;
+  secChUaMobile: string;
+  secFetchSite: string;
+  secFetchMode: string;
+  secFetchDest: string;
+}
+
+interface RequestOptions {
+  method?: string;
+  headers?: Record<string, string>;
+  body?: string | Buffer;
+  cookies?: Record<string, string>;
+  decompress?: boolean;
+  followRedirects?: boolean;
+  maxRedirects?: number;
+}
+
+interface Response {
+  statusCode: number;
+  headers: Record<string, string | string[]>;
+  body: Buffer;
+  text?: string;
+  json?: any;
+  timing: {
+    socket: number;
+    lookup: number;
+    connect: number;
+    secureConnect: number;
+    response: number;
+    end: number;
+    total: number;
+  };
+  fingerprints: {
+    ja3: string;
+    ja3Hash: string;
+    akamai: string;
+  };
+}
+
+class ProfileRegistry {
+  private static profiles: Map<string, ChromeProfile> = new Map();
+
+  private static getGrease(): number {
+    const GREASE_VALUES = [0x0a0a, 0x1a1a, 0x2a2a, 0x3a3a, 0x4a4a, 0x5a5a, 0x6a6a, 0x7a7a, 0x8a8a, 0x9a9a, 0xaaaa, 0xbaba, 0xcaca, 0xdada, 0xeaea, 0xfafa];
+    return GREASE_VALUES[Math.floor(Math.random() * GREASE_VALUES.length)];
+  }
+
+  static chromeMobile143Android(): ChromeProfile {
+    const grease1 = this.getGrease();
+    const grease2 = this.getGrease();
+    const grease3 = this.getGrease();
+    const grease4 = this.getGrease();
+    
+    return {
+      name: 'chrome_mobile_143_android',
+      version: '143.0.0.0',
+      tls: {
+        cipherSuites: [
+          `GREASE_${grease1.toString(16)}`,
+          'TLS_AES_128_GCM_SHA256',
+          'TLS_AES_256_GCM_SHA384',
+          'TLS_CHACHA20_POLY1305_SHA256',
+          'ECDHE-ECDSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-ECDSA-AES256-GCM-SHA384',
+          'ECDHE-RSA-AES256-GCM-SHA384',
+          'ECDHE-ECDSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-AES128-SHA',
+          'ECDHE-RSA-AES256-SHA',
+          'AES128-GCM-SHA256',
+          'AES256-GCM-SHA384',
+          'AES128-SHA',
+          'AES256-SHA'
+        ],
+        extensions: [
+          grease2,
+          0xfe0d,
+          0x001b,
+          0x002b,
+          0x0010,
+          0x0023,
+          0x002d,
+          0x000b,
+          0xff01,
+          0x0005,
+          0x000a,
+          0x0017,
+          0x0000,
+          0x44cd,
+          0x0033,
+          0x0012,
+          0x000d,
+          grease3
+        ],
+        supportedGroups: [
+          `GREASE_${grease4.toString(16)}`,
+          'X25519Kyber768',
+          'X25519',
+          'prime256v1',
+          'secp384r1'
+        ],
+        signatureAlgorithms: [
+          'ecdsa_secp256r1_sha256',
+          'rsa_pss_rsae_sha256',
+          'rsa_pkcs1_sha256',
+          'ecdsa_secp384r1_sha384',
+          'rsa_pss_rsae_sha384',
+          'rsa_pkcs1_sha384',
+          'rsa_pss_rsae_sha512',
+          'rsa_pkcs1_sha512'
+        ],
+        supportedVersions: [
+          `GREASE_${grease2.toString(16)}`,
+          'TLSv1.3',
+          'TLSv1.2'
+        ],
+        ecPointFormats: [0x00],
+        alpnProtocols: ['h2', 'http/1.1'],
+        pskKeyExchangeModes: [0x01],
+        compressionMethods: [0x00],
+        grease: true,
+        recordSizeLimit: 16385,
+        encryptedClientHello: true,
+        certificateCompression: [0x02],
+        ocspStapling: true,
+        signedCertificateTimestamp: true
+      },
+      http2: {
+        windowUpdate: 15663105,
+        headerTableSize: 65536,
+        enablePush: 0,
+        initialWindowSize: 6291456,
+        maxHeaderListSize: 262144,
+        settingsOrder: [1, 2, 4, 6],
+        connectionPreface: Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'),
+        priorityFrames: [
+          { 
+            streamId: 0,
+            weight: 256,
+            dependency: 0,
+            exclusive: 1
+          }
+        ],
+        pseudoHeaderOrder: [':method', ':authority', ':scheme', ':path'],
+        headerOrder: [
+          'sec-ch-ua',
+          'sec-ch-ua-mobile',
+          'sec-ch-ua-platform',
+          'upgrade-insecure-requests',
+          'user-agent',
+          'accept',
+          'sec-fetch-site',
+          'sec-fetch-mode',
+          'sec-fetch-dest',
+          'accept-encoding',
+          'accept-language',
+          'priority'
+        ]
+      },
+      userAgent: 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Mobile Safari/537.36',
+      secChUa: '"Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24"',
+      secChUaPlatform: '"Android"',
+      secChUaMobile: '?1',
+      secFetchSite: 'none',
+      secFetchMode: 'navigate',
+      secFetchDest: 'document',
+      upgradeInsecureRequests: '1',
+      acceptLanguage: 'id,en-US;q=0.9,en;q=0.8,ms;q=0.7,ja;q=0.6,zh-CN;q=0.5,zh;q=0.4',
+      priority: 'u=0, i'
+    };
+  }
+
+  static chrome133PSK(): ChromeProfile {
+    const grease1 = this.getGrease();
+    const grease2 = this.getGrease();
+    const grease3 = this.getGrease();
+    const grease4 = this.getGrease();
+    
+    return {
+      name: 'chrome_133_psk',
+      version: '133.0.0.0',
+      tls: {
+        cipherSuites: [
+          `GREASE_${grease1.toString(16)}`,
+          'TLS_AES_128_GCM_SHA256',
+          'TLS_AES_256_GCM_SHA384',
+          'TLS_CHACHA20_POLY1305_SHA256',
+          'ECDHE-ECDSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-ECDSA-AES256-GCM-SHA384',
+          'ECDHE-RSA-AES256-GCM-SHA384',
+          'ECDHE-ECDSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-AES128-SHA',
+          'ECDHE-RSA-AES256-SHA',
+          'AES128-GCM-SHA256',
+          'AES256-GCM-SHA384',
+          'AES128-SHA',
+          'AES256-SHA'
+        ],
+        extensions: [
+          grease2,
+          0x0000,
+          0x0017,
+          0xff01,
+          0x000a,
+          0x000b,
+          0x0023,
+          0x0010,
+          0x0005,
+          0x000d,
+          0x0012,
+          0x0033,
+          0x002d,
+          0x002b,
+          0x001b,
+          0x0015,
+          grease3
+        ],
+        supportedGroups: [
+          `GREASE_${grease4.toString(16)}`,
+          'X25519Kyber768',
+          'X25519',
+          'prime256v1',
+          'secp384r1'
+        ],
+        signatureAlgorithms: [
+          'ecdsa_secp256r1_sha256',
+          'rsa_pss_rsae_sha256',
+          'rsa_pkcs1_sha256',
+          'ecdsa_secp384r1_sha384',
+          'rsa_pss_rsae_sha384',
+          'rsa_pkcs1_sha384',
+          'rsa_pss_rsae_sha512',
+          'rsa_pkcs1_sha512'
+        ],
+        supportedVersions: [
+          `GREASE_${grease2.toString(16)}`,
+          'TLSv1.3',
+          'TLSv1.2'
+        ],
+        ecPointFormats: [0x00],
+        alpnProtocols: ['h2', 'http/1.1'],
+        pskKeyExchangeModes: [0x01],
+        compressionMethods: [0x00],
+        grease: true,
+        recordSizeLimit: 16385
+      },
+      http2: {
+        windowUpdate: 15663105,
+        headerTableSize: 65536,
+        enablePush: 0,
+        initialWindowSize: 6291456,
+        maxFrameSize: 16384,
+        maxHeaderListSize: 262144,
+        settingsOrder: [1, 2, 4, 6],
+        connectionPreface: Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'),
+        priorityFrames: [
+          {
+            streamId: 0,
+            weight: 256,
+            dependency: 0,
+            exclusive: 1
+          }
+        ],
+        pseudoHeaderOrder: [':method', ':authority', ':scheme', ':path'],
+        headerOrder: [
+          'cache-control',
+          'sec-ch-ua',
+          'sec-ch-ua-mobile',
+          'sec-ch-ua-platform',
+          'upgrade-insecure-requests',
+          'user-agent',
+          'accept',
+          'sec-fetch-site',
+          'sec-fetch-mode',
+          'sec-fetch-user',
+          'sec-fetch-dest',
+          'accept-encoding',
+          'accept-language'
+        ]
+      },
+      userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36',
+      secChUa: '"Google Chrome";v="133", "Chromium";v="133", "Not_A Brand";v="24"',
+      secChUaPlatform: '"Windows"',
+      secChUaMobile: '?0',
+      secFetchSite: 'none',
+      secFetchMode: 'navigate',
+      secFetchDest: 'document'
+    };
+  }
+
+  static chrome133(): ChromeProfile {
+    const grease1 = this.getGrease();
+    const grease2 = this.getGrease();
+    const grease3 = this.getGrease();
+    const grease4 = this.getGrease();
+    
+    return {
+      name: 'chrome_133',
+      version: '133.0.0.0',
+      tls: {
+        cipherSuites: [
+          `GREASE_${grease1.toString(16)}`,
+          'TLS_AES_128_GCM_SHA256',
+          'TLS_AES_256_GCM_SHA384',
+          'TLS_CHACHA20_POLY1305_SHA256',
+          'ECDHE-ECDSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-ECDSA-AES256-GCM-SHA384',
+          'ECDHE-RSA-AES256-GCM-SHA384',
+          'ECDHE-ECDSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-AES128-SHA',
+          'ECDHE-RSA-AES256-SHA',
+          'AES128-GCM-SHA256',
+          'AES256-GCM-SHA384',
+          'AES128-SHA',
+          'AES256-SHA'
+        ],
+        extensions: [
+          grease2,
+          0x0000,
+          0x0017,
+          0xff01,
+          0x000a,
+          0x000b,
+          0x0023,
+          0x0010,
+          0x0005,
+          0x000d,
+          0x0012,
+          0x0033,
+          0x002d,
+          0x002b,
+          0x001b,
+          0x0015,
+          grease3
+        ],
+        supportedGroups: [
+          `GREASE_${grease4.toString(16)}`,
+          'X25519Kyber768',
+          'X25519',
+          'prime256v1',
+          'secp384r1'
+        ],
+        signatureAlgorithms: [
+          'ecdsa_secp256r1_sha256',
+          'rsa_pss_rsae_sha256',
+          'rsa_pkcs1_sha256',
+          'ecdsa_secp384r1_sha384',
+          'rsa_pss_rsae_sha384',
+          'rsa_pkcs1_sha384',
+          'rsa_pss_rsae_sha512',
+          'rsa_pkcs1_sha512'
+        ],
+        supportedVersions: [
+          `GREASE_${grease2.toString(16)}`,
+          'TLSv1.3',
+          'TLSv1.2'
+        ],
+        ecPointFormats: [0x00],
+        alpnProtocols: ['h2', 'http/1.1'],
+        pskKeyExchangeModes: [0x01],
+        compressionMethods: [0x00],
+        grease: true,
+        recordSizeLimit: 16385
+      },
+      http2: {
+        windowUpdate: 15663105,
+        headerTableSize: 65536,
+        enablePush: 0,
+        initialWindowSize: 6291456,
+        maxFrameSize: 16384,
+        maxHeaderListSize: 262144,
+        settingsOrder: [1, 2, 4, 6],
+        connectionPreface: Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'),
+        priorityFrames: [
+          {
+            streamId: 0,
+            weight: 256,
+            dependency: 0,
+            exclusive: 1
+          }
+        ],
+        pseudoHeaderOrder: [':method', ':authority', ':scheme', ':path'],
+        headerOrder: [
+          'cache-control',
+          'sec-ch-ua',
+          'sec-ch-ua-mobile',
+          'sec-ch-ua-platform',
+          'upgrade-insecure-requests',
+          'user-agent',
+          'accept',
+          'sec-fetch-site',
+          'sec-fetch-mode',
+          'sec-fetch-user',
+          'sec-fetch-dest',
+          'accept-encoding',
+          'accept-language'
+        ]
+      },
+      userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36',
+      secChUa: '"Google Chrome";v="133", "Chromium";v="133", "Not_A Brand";v="24"',
+      secChUaPlatform: '"Windows"',
+      secChUaMobile: '?0',
+      secFetchSite: 'none',
+      secFetchMode: 'navigate',
+      secFetchDest: 'document'
+    };
+  }
+
+  static firefox117(): ChromeProfile {
+    return {
+      name: 'firefox_117',
+      version: '117.0',
+      tls: {
+        cipherSuites: [
+          'TLS_AES_128_GCM_SHA256',
+          'TLS_CHACHA20_POLY1305_SHA256',
+          'TLS_AES_256_GCM_SHA384',
+          'ECDHE-ECDSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-ECDSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-CHACHA20-POLY1305',
+          'ECDHE-ECDSA-AES256-GCM-SHA384',
+          'ECDHE-RSA-AES256-GCM-SHA384',
+          'ECDHE-ECDSA-AES256-SHA',
+          'ECDHE-ECDSA-AES128-SHA',
+          'ECDHE-RSA-AES128-SHA',
+          'ECDHE-RSA-AES256-SHA',
+          'AES128-GCM-SHA256',
+          'AES256-GCM-SHA384',
+          'AES128-SHA',
+          'AES256-SHA'
+        ],
+        extensions: [0x0000, 0x0017, 0xff01, 0x000a, 0x000b, 0x0023, 0x0010, 0x0005, 0x0022, 0x0033, 0x002b, 0x000d, 0x002d, 0x0029, 0x0015],
+        supportedGroups: ['X25519', 'prime256v1', 'secp384r1', 'secp521r1', 'ffdhe2048', 'ffdhe3072'],
+        signatureAlgorithms: [
+          'ecdsa_secp256r1_sha256',
+          'ecdsa_secp384r1_sha384',
+          'ecdsa_secp521r1_sha512',
+          'rsa_pss_rsae_sha256',
+          'rsa_pss_rsae_sha384',
+          'rsa_pss_rsae_sha512',
+          'rsa_pkcs1_sha256',
+          'rsa_pkcs1_sha384',
+          'rsa_pkcs1_sha512',
+          'ecdsa_sha1',
+          'rsa_pkcs1_sha1'
+        ],
+        supportedVersions: ['TLSv1.3', 'TLSv1.2'],
+        ecPointFormats: [0x00],
+        alpnProtocols: ['h2', 'http/1.1'],
+        pskKeyExchangeModes: [0x01],
+        compressionMethods: [0x00],
+        grease: false
+      },
+      http2: {
+        windowUpdate: 12517377,
+        headerTableSize: 65536,
+        enablePush: 0,
+        initialWindowSize: 131072,
+        maxFrameSize: 16384,
+        settingsOrder: [1, 4, 5],
+        connectionPreface: Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'),
+        priorityFrames: [
+          { streamId: 3, weight: 200, dependency: 0, exclusive: false },
+          { streamId: 5, weight: 100, dependency: 0, exclusive: false },
+          { streamId: 7, weight: 0, dependency: 0, exclusive: false },
+          { streamId: 9, weight: 0, dependency: 7, exclusive: false },
+          { streamId: 11, weight: 0, dependency: 3, exclusive: false },
+          { streamId: 13, weight: 240, dependency: 0, exclusive: false }
+        ],
+        pseudoHeaderOrder: [':method', ':path', ':authority', ':scheme'],
+        headerPriority: { streamDep: 13, exclusive: false, weight: 41 }
+      },
+      userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:117.0) Gecko/20100101 Firefox/117.0',
+      secChUa: '',
+      secChUaPlatform: '',
+      secChUaMobile: '',
+      secFetchSite: 'none',
+      secFetchMode: 'navigate',
+      secFetchDest: 'document'
+    };
+  }
+
+  static safariIOS18(): ChromeProfile {
+    const grease1 = this.getGrease();
+    const grease2 = this.getGrease();
+    
+    return {
+      name: 'safari_ios_18_0',
+      version: '18.0',
+      tls: {
+        cipherSuites: [
+          `GREASE_${grease1.toString(16)}`,
+          'TLS_AES_128_GCM_SHA256',
+          'TLS_AES_256_GCM_SHA384',
+          'TLS_CHACHA20_POLY1305_SHA256',
+          'ECDHE-ECDSA-AES256-GCM-SHA384',
+          'ECDHE-ECDSA-AES128-GCM-SHA256',
+          'ECDHE-ECDSA-CHACHA20-POLY1305',
+          'ECDHE-RSA-AES256-GCM-SHA384',
+          'ECDHE-RSA-AES128-GCM-SHA256',
+          'ECDHE-RSA-CHACHA20-POLY1305',
+          'ECDHE-ECDSA-AES256-SHA',
+          'ECDHE-ECDSA-AES128-SHA',
+          'ECDHE-RSA-AES256-SHA',
+          'ECDHE-RSA-AES128-SHA',
+          'AES256-GCM-SHA384',
+          'AES128-GCM-SHA256',
+          'AES256-SHA',
+          'AES128-SHA',
+          'ECDHE-ECDSA-DES-CBC3-SHA',
+          'ECDHE-RSA-DES-CBC3-SHA',
+          'DES-CBC3-SHA'
+        ],
+        extensions: [
+          grease2,
+          0x0000,
+          0x0017,
+          0xff01,
+          0x000a,
+          0x000b,
+          0x0010,
+          0x0005,
+          0x000d,
+          0x0012,
+          0x0033,
+          0x002d,
+          0x002b,
+          0x0015
+        ],
+        supportedGroups: ['X25519', 'prime256v1', 'secp384r1', 'secp521r1'],
+        signatureAlgorithms: [
+          'ecdsa_secp256r1_sha256',
+          'rsa_pss_rsae_sha256',
+          'rsa_pkcs1_sha256',
+          'ecdsa_secp384r1_sha384',
+          'ecdsa_sha1',
+          'rsa_pss_rsae_sha384',
+          'rsa_pss_rsae_sha384',
+          'rsa_pkcs1_sha384',
+          'rsa_pss_rsae_sha512',
+          'rsa_pkcs1_sha512',
+          'rsa_pkcs1_sha1'
+        ],
+        supportedVersions: ['TLSv1.3', 'TLSv1.2', 'TLSv1.1', 'TLSv1.0'],
+        ecPointFormats: [0x00],
+        alpnProtocols: ['h2', 'http/1.1'],
+        pskKeyExchangeModes: [0x01],
+        compressionMethods: [0x00],
+        grease: true
+      },
+      http2: {
+        windowUpdate: 10420225,
+        headerTableSize: 4096,
+        enablePush: 0,
+        maxConcurrentStreams: 100,
+        initialWindowSize: 2097152,
+        settingsOrder: [2, 3, 4, 8, 9],
+        connectionPreface: Buffer.from('PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n'),
+        priorityFrames: [],
+        pseudoHeaderOrder: [':method', ':scheme', ':authority', ':path']
+      },
+      userAgent: 'Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1',
+      secChUa: '',
+      secChUaPlatform: '',
+      secChUaMobile: '?1',
+      secFetchSite: 'none',
+      secFetchMode: 'navigate',
+      secFetchDest: 'document'
+    };
+  }
+
+  static get(name: string): ChromeProfile {
+    switch(name.toLowerCase()) {
+      case 'chrome_mobile_143_android': return this.chromeMobile143Android();
+      case 'chrome_133_psk': return this.chrome133PSK();
+      case 'chrome_133': return this.chrome133();
+      case 'firefox_117': return this.firefox117();
+      case 'safari_ios_18_0': return this.safariIOS18();
+      default: return this.chrome133();
+    }
+  }
+
+  static get latest(): ChromeProfile {
+    return this.chrome133();
+  }
+
+  static get latestMobile(): ChromeProfile {
+    return this.chromeMobile143Android();
+  }
+}
+
+
+class CookieJar {
+  private cookies: Map<string, Map<string, { value: string; expires?: Date; path: string; domain: string }>> = new Map();
+
+  setCookie(domain: string, name: string, value: string, options: { expires?: Date; path?: string } = {}): void {
+    if (!this.cookies.has(domain)) this.cookies.set(domain, new Map());
+    this.cookies.get(domain)!.set(name, { value, expires: options.expires, path: options.path || '/', domain });
+  }
+
+  getCookies(domain: string, path: string = '/'): string {
+    const domainCookies = this.cookies.get(domain);
+    if (!domainCookies) return '';
+    const validCookies: string[] = [];
+    const now = new Date();
+    for (const [name, cookie] of domainCookies) {
+      if (cookie.expires && cookie.expires < now) {
+        domainCookies.delete(name);
+        continue;
+      }
+      if (path.startsWith(cookie.path)) validCookies.push(`${name}=${cookie.value}`);
+    }
+    return validCookies.join('; ');
+  }
+
+  parseSetCookie(domain: string, setCookieHeaders: string[]): void {
+    for (const header of setCookieHeaders) {
+      const parts = header.split(';').map(p => p.trim());
+      const [nameValue] = parts;
+      const [name, value] = nameValue.split('=');
+      const options: { expires?: Date; path?: string } = { path: '/' };
+      for (let i = 1; i < parts.length; i++) {
+        const [key, val] = parts[i].split('=');
+        if (key.toLowerCase() === 'expires') options.expires = new Date(val);
+        else if (key.toLowerCase() === 'path') options.path = val;
+      }
+      this.setCookie(domain, name, value, options);
+    }
+  }
+}
+
+class TLSSocketManager extends EventEmitter {
+  private socket: net.Socket | null = null;
+  private tlsSocket: tls.TLSSocket | null = null;
+  private profile: ChromeProfile;
+  private timing: Response['timing'];
+  private startTime: number = 0;
+
+  constructor(profile: ChromeProfile) {
+    super();
+    this.profile = profile;
+    this.timing = { socket: 0, lookup: 0, connect: 0, secureConnect: 0, response: 0, end: 0, total: 0 };
+  }
+
+  private convertCipherSuite(suite: string): string {
+    const cipherMap: { [key: string]: string } = {
+      'TLS_AES_128_GCM_SHA256': 'TLS_AES_128_GCM_SHA256',
+      'TLS_AES_256_GCM_SHA384': 'TLS_AES_256_GCM_SHA384',
+      'TLS_CHACHA20_POLY1305_SHA256': 'TLS_CHACHA20_POLY1305_SHA256',
+      'ECDHE-ECDSA-AES128-GCM-SHA256': 'ECDHE-ECDSA-AES128-GCM-SHA256',
+      'ECDHE-RSA-AES128-GCM-SHA256': 'ECDHE-RSA-AES128-GCM-SHA256',
+      'ECDHE-ECDSA-AES256-GCM-SHA384': 'ECDHE-ECDSA-AES256-GCM-SHA384',
+      'ECDHE-RSA-AES256-GCM-SHA384': 'ECDHE-RSA-AES256-GCM-SHA384',
+      'ECDHE-ECDSA-CHACHA20-POLY1305': 'ECDHE-ECDSA-CHACHA20-POLY1305',
+      'ECDHE-RSA-CHACHA20-POLY1305': 'ECDHE-RSA-CHACHA20-POLY1305',
+      'ECDHE-RSA-AES128-SHA': 'ECDHE-RSA-AES128-SHA',
+      'ECDHE-RSA-AES256-SHA': 'ECDHE-RSA-AES256-SHA',
+      'AES128-GCM-SHA256': 'AES128-GCM-SHA256',
+      'AES256-GCM-SHA384': 'AES256-GCM-SHA384',
+      'AES128-SHA': 'AES128-SHA',
+      'AES256-SHA': 'AES256-SHA'
+    };
+    
+    if (suite.startsWith('GREASE_')) {
+      return '';
+    }
+    
+    return cipherMap[suite] || suite;
+  }
+
+  private convertSupportedGroup(group: string): string {
+    const groupMap: { [key: string]: string } = {
+      'X25519Kyber768': 'X25519',
+      'X25519': 'X25519',
+      'prime256v1': 'prime256v1',
+      'secp256r1': 'prime256v1',
+      'P-256': 'prime256v1',
+      'secp384r1': 'secp384r1',
+      'P-384': 'secp384r1',
+      'secp521r1': 'secp521r1',
+      'P-521': 'secp521r1'
+    };
+    
+    if (group.startsWith('GREASE_')) {
+      return '';
+    }
+    
+    return groupMap[group] || group;
+  }
+
+  async connect(hostname: string, port: number): Promise<tls.TLSSocket> {
+    this.startTime = Date.now();
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        this.destroy();
+        reject(new Error('Connection timeout'));
+      }, 30000);
+
+      this.socket = new net.Socket();
+      this.socket.setKeepAlive(true, 60000);
+      this.socket.setNoDelay(true);
+      this.timing.socket = Date.now() - this.startTime;
+
+      this.socket.on('lookup', () => {
+        this.timing.lookup = Date.now() - this.startTime;
+      });
+
+      this.socket.connect(port, hostname, () => {
+        this.timing.connect = Date.now() - this.startTime;
+
+        const ciphers = this.profile.tls.cipherSuites
+          .map(suite => this.convertCipherSuite(suite))
+          .filter(suite => suite !== '')
+          .join(':');
+
+        const curves = this.profile.tls.supportedGroups
+          .map(group => this.convertSupportedGroup(group))
+          .filter(group => group !== '')
+          .join(':');
+
+        const tlsOptions: tls.ConnectionOptions = {
+          socket: this.socket!,
+          servername: hostname,
+          ALPNProtocols: this.profile.tls.alpnProtocols,
+          ciphers: ciphers,
+          minVersion: 'TLSv1.2' as any,
+          maxVersion: 'TLSv1.3' as any,
+          ecdhCurve: curves,
+          sigalgs: this.profile.tls.signatureAlgorithms.join(':'),
+          rejectUnauthorized: false,
+          requestCert: false,
+          honorCipherOrder: true,
+          sessionTimeout: 300
+        };
+
+        this.tlsSocket = tls.connect(tlsOptions);
+
+        this.tlsSocket.on('secureConnect', () => {
+          clearTimeout(timeout);
+          this.timing.secureConnect = Date.now() - this.startTime;
+          resolve(this.tlsSocket!);
+        });
+
+        this.tlsSocket.on('error', (err) => {
+          clearTimeout(timeout);
+          this.destroy();
+          reject(err);
+        });
+      });
+
+      this.socket.on('error', (err) => {
+        clearTimeout(timeout);
+        this.destroy();
+        reject(err);
+      });
+
+      this.socket.on('timeout', () => {
+        clearTimeout(timeout);
+        this.destroy();
+        reject(new Error('Socket timeout'));
+      });
+    });
+  }
+
+  getTiming(): Response['timing'] {
+    return { ...this.timing, total: Date.now() - this.startTime };
+  }
+
+  destroy(): void {
+    if (this.tlsSocket && !this.tlsSocket.destroyed) {
+      this.tlsSocket.removeAllListeners();
+      this.tlsSocket.destroy();
+      this.tlsSocket = null;
+    }
+    if (this.socket && !this.socket.destroyed) {
+      this.socket.removeAllListeners();
+      this.socket.destroy();
+      this.socket = null;
+    }
+  }
+
+  isConnected(): boolean {
+    return this.tlsSocket !== null && !this.tlsSocket.destroyed;
+  }
+
+  getSocket(): tls.TLSSocket | null {
+    return this.tlsSocket;
+  }
+
+  getCipherInfo(): any {
+    return this.tlsSocket?.getCipher();
+  }
+
+  getProtocol(): string | undefined {
+    return this.tlsSocket?.getProtocol();
+  }
+
+  getALPNProtocol(): string | false | null | undefined {
+    return this.tlsSocket?.alpnProtocol;
+  }
+}
+
+class HTTP2ClientManager {
+  private client: http2.ClientHttp2Session | null = null;
+  private profile: ChromeProfile;
+  private tlsSocket: tls.TLSSocket;
+
+  constructor(tlsSocket: tls.TLSSocket, profile: ChromeProfile) {
+    this.tlsSocket = tlsSocket;
+    this.profile = profile;
+  }
+
+  async createSession(): Promise<http2.ClientHttp2Session> {
+    return new Promise((resolve, reject) => {
+      const settingsMap: any = {};
+
+      this.profile.http2.settingsOrder.forEach(settingId => {
+        switch (settingId) {
+          case 1:
+            settingsMap.headerTableSize = this.profile.http2.headerTableSize;
+            break;
+          case 2:
+            settingsMap.enablePush = this.profile.http2.enablePush === 1;
+            break;
+          case 3:
+            if (this.profile.http2.maxConcurrentStreams !== undefined) {
+              settingsMap.maxConcurrentStreams = this.profile.http2.maxConcurrentStreams;
+            }
+            break;
+          case 4:
+            settingsMap.initialWindowSize = this.profile.http2.initialWindowSize;
+            break;
+          case 5:
+            if (this.profile.http2.maxFrameSize !== undefined) {
+              settingsMap.maxFrameSize = this.profile.http2.maxFrameSize;
+            }
+            break;
+          case 6:
+            if (this.profile.http2.maxHeaderListSize !== undefined) {
+              settingsMap.maxHeaderListSize = this.profile.http2.maxHeaderListSize;
+            }
+            break;
+        }
+      });
+
+      const settings: http2.SecureClientSessionOptions = {
+        createConnection: () => this.tlsSocket,
+        settings: settingsMap
+      };
+
+      this.client = http2.connect(`https://${this.tlsSocket.servername}`, settings);
+
+      this.client.on('connect', () => {
+        resolve(this.client!);
+      });
+
+      this.client.on('error', reject);
+    });
+  }
+
+  request(path: string, headers: Record<string, string>): http2.ClientHttp2Stream {
+    if (!this.client) throw new Error('HTTP2 session not established');
+
+    const orderedHeaders: Record<string, string> = {};
+    
+    this.profile.http2.pseudoHeaderOrder.forEach(pseudo => {
+      if (headers[pseudo]) {
+        orderedHeaders[pseudo] = headers[pseudo];
+      }
+    });
+
+    if (this.profile.http2.headerOrder) {
+      this.profile.http2.headerOrder.forEach(headerName => {
+        if (headers[headerName] && !headerName.startsWith(':')) {
+          orderedHeaders[headerName] = headers[headerName];
+        }
+      });
+      
+      Object.keys(headers).forEach(key => {
+        if (!key.startsWith(':') && !orderedHeaders[key]) {
+          orderedHeaders[key] = headers[key];
+        }
+      });
+    } else {
+      Object.keys(headers).forEach(key => {
+        if (!key.startsWith(':') && !orderedHeaders[key]) {
+          orderedHeaders[key] = headers[key];
+        }
+      });
+    }
+
+    const requestOptions: any = { ...orderedHeaders };
+
+    if (this.profile.http2.priorityFrames && this.profile.http2.priorityFrames.length > 0) {
+      const priority = this.profile.http2.priorityFrames[0];
+      if (priority.weight) {
+        requestOptions.weight = priority.weight;
+      }
+      if (priority.exclusive !== undefined) {
+        requestOptions.exclusive = priority.exclusive === 1;
+      }
+      if (priority.dependency !== undefined && priority.dependency !== 0) {
+        requestOptions.parent = priority.dependency;
+      }
+    }
+
+    const stream = this.client.request(requestOptions);
+
+    if (this.profile.http2.headerPriority) {
+      try {
+        stream.priority({
+          parent: this.profile.http2.headerPriority.streamDep,
+          weight: this.profile.http2.headerPriority.weight,
+          exclusive: this.profile.http2.headerPriority.exclusive
+        });
+      } catch (e) {}
+    }
+
+    return stream;
+  }
+
+  getClient(): http2.ClientHttp2Session | null {
+    return this.client;
+  }
+
+  isConnected(): boolean {
+    return this.client !== null && !this.client.destroyed;
+  }
+
+  destroy(): void {
+    if (this.client && !this.client.destroyed) {
+      this.client.close();
+      this.client = null;
+    }
+  }
+}
+
+class AdvancedTLSClient {
+  private profile: ChromeProfile;
+  private sessionCache: Map<string, { tlsManager: TLSSocketManager; http2Manager: HTTP2ClientManager; lastUsed: number }> = new Map();
+  private cookieJar: CookieJar = new CookieJar();
+  private maxCachedSessions: number = 10;
+  private sessionTimeout: number = 300000;
+  private cleanupInterval: NodeJS.Timeout | null = null;
+
+  constructor(profileName?: string) {
+    this.profile = profileName ? ProfileRegistry.get(profileName) : ProfileRegistry.latest;
+    this.startSessionCleanup();
+  }
+
+  private startSessionCleanup(): void {
+    this.cleanupInterval = setInterval(() => {
+      const now = Date.now();
+      for (const [key, session] of this.sessionCache) {
+        if (now - session.lastUsed > this.sessionTimeout) {
+          session.http2Manager.destroy();
+          session.tlsManager.destroy();
+          this.sessionCache.delete(key);
+        }
+      }
+    }, 60000);
+    
+    if (this.cleanupInterval.unref) {
+      this.cleanupInterval.unref();
+    }
+  }
+
+  async request(url: string, options: RequestOptions = {}): Promise<Response> {
+    const maxRedirects = options.maxRedirects !== undefined ? options.maxRedirects : 5;
+    const followRedirects = options.followRedirects !== false;
+    let redirectCount = 0;
+    let currentUrl = url;
+    let response: Response;
+
+    while (true) {
+      response = await this.performRequest(currentUrl, options);
+
+      if (followRedirects && [301, 302, 303, 307, 308].includes(response.statusCode)) {
+        if (redirectCount >= maxRedirects) {
+          throw new Error(`Too many redirects (max: ${maxRedirects})`);
+        }
+
+        const locationHeader = response.headers['location'];
+        if (!locationHeader) {
+          break;
+        }
+
+        const location = Array.isArray(locationHeader) ? locationHeader[0] : locationHeader;
+        currentUrl = new URL(location, currentUrl).toString();
+        redirectCount++;
+
+        if ([301, 302, 303].includes(response.statusCode)) {
+          options.method = 'GET';
+          delete options.body;
+        }
+      } else {
+        break;
+      }
+    }
+
+    return response;
+  }
+
+  private async performRequest(url: string, options: RequestOptions = {}): Promise<Response> {
+    const parsedUrl = new URL(url);
+    const hostname = parsedUrl.hostname;
+    const port = parsedUrl.port ? parseInt(parsedUrl.port) : 443;
+    const path = parsedUrl.pathname + parsedUrl.search;
+
+    const cacheKey = `${hostname}:${port}`;
+    let session = this.sessionCache.get(cacheKey);
+
+    if (!session || !this.isSessionAlive(session)) {
+      if (session) {
+        session.http2Manager.destroy();
+        session.tlsManager.destroy();
+        this.sessionCache.delete(cacheKey);
+      }
+
+      const tlsManager = new TLSSocketManager(this.profile);
+      const tlsSocket = await tlsManager.connect(hostname, port);
+      const http2Manager = new HTTP2ClientManager(tlsSocket, this.profile);
+      await http2Manager.createSession();
+
+      session = { tlsManager, http2Manager, lastUsed: Date.now() };
+
+      if (this.sessionCache.size >= this.maxCachedSessions) {
+        const oldestKey = Array.from(this.sessionCache.entries())
+          .sort((a, b) => a[1].lastUsed - b[1].lastUsed)[0][0];
+        const oldest = this.sessionCache.get(oldestKey)!;
+        oldest.http2Manager.destroy();
+        oldest.tlsManager.destroy();
+        this.sessionCache.delete(oldestKey);
+      }
+
+      this.sessionCache.set(cacheKey, session);
+    }
+
+    session.lastUsed = Date.now();
+
+    const headers = this.buildHeaders(hostname, path, options);
+    const stream = session.http2Manager.request(path, headers);
+
+    return new Promise((resolve, reject) => {
+      const chunks: Buffer[] = [];
+      let responseHeaders: Record<string, string | string[]> = {};
+      let statusCode = 0;
+      const responseTime = Date.now();
+
+      stream.on('response', (headers) => {
+        responseHeaders = headers;
+        statusCode = parseInt(headers[':status'] as string);
+        session!.tlsManager.getTiming().response = Date.now() - responseTime;
+
+        const setCookieHeaders = headers['set-cookie'];
+        if (setCookieHeaders) {
+          const cookieArray = Array.isArray(setCookieHeaders) ? setCookieHeaders : [setCookieHeaders];
+          this.cookieJar.parseSetCookie(hostname, cookieArray);
+        }
+      });
+
+      stream.on('data', (chunk) => chunks.push(chunk));
+
+      stream.on('end', async () => {
+        stream.removeAllListeners();
+        
+        let body = Buffer.concat(chunks);
+        const timing = session!.tlsManager.getTiming();
+        timing.end = Date.now();
+
+        if (options.decompress !== false) {
+          const encoding = responseHeaders['content-encoding'];
+          if (encoding === 'gzip') body = await gunzip(body);
+          else if (encoding === 'br') body = await brotliDecompress(body);
+        }
+
+        let text: string | undefined;
+        let json: any;
+
+        try {
+          text = body.toString('utf-8');
+          if (responseHeaders['content-type']?.toString().includes('application/json')) {
+            json = JSON.parse(text);
+          }
+        } catch (e) {}
+
+        const ja3 = this.generateJA3();
+
+        resolve({
+          statusCode,
+          headers: responseHeaders,
+          body,
+          text,
+          json,
+          timing,
+          fingerprints: {
+            ja3,
+            ja3Hash: crypto.createHash('md5').update(ja3).digest('hex'),
+            akamai: `1:${this.profile.http2.headerTableSize};2:${this.profile.http2.enablePush};4:${this.profile.http2.initialWindowSize};6:${this.profile.http2.maxHeaderListSize}|00|0|m,a,s,p`
+          }
+        });
+      });
+
+      stream.on('error', (err) => {
+        stream.removeAllListeners();
+        reject(err);
+      });
+
+      if (options.body) {
+        const bodyBuffer = Buffer.isBuffer(options.body) ? options.body : Buffer.from(options.body);
+        stream.write(bodyBuffer);
+      }
+
+      stream.end();
+    });
+  }
+
+  private generateJA3(): string {
+    const version = '771';
+    const ciphers = this.profile.tls.cipherSuites
+      .filter(c => !c.startsWith('GREASE_'))
+      .map(c => {
+        const map: any = {
+          'TLS_AES_128_GCM_SHA256': '4865',
+          'TLS_AES_256_GCM_SHA384': '4866',
+          'TLS_CHACHA20_POLY1305_SHA256': '4867',
+          'ECDHE-ECDSA-AES128-GCM-SHA256': '49195',
+          'ECDHE-RSA-AES128-GCM-SHA256': '49199',
+          'ECDHE-ECDSA-AES256-GCM-SHA384': '49196',
+          'ECDHE-RSA-AES256-GCM-SHA384': '49200',
+          'ECDHE-ECDSA-CHACHA20-POLY1305': '52393',
+          'ECDHE-RSA-CHACHA20-POLY1305': '52392',
+          'ECDHE-RSA-AES128-SHA': '49171',
+          'ECDHE-RSA-AES256-SHA': '49172',
+          'AES128-GCM-SHA256': '156',
+          'AES256-GCM-SHA384': '157',
+          'AES128-SHA': '47',
+          'AES256-SHA': '53'
+        };
+        return map[c] || '0';
+      }).join('-');
+    
+    const extensions = this.profile.tls.extensions
+      .filter(e => typeof e === 'number')
+      .join('-');
+    const groups = this.profile.tls.supportedGroups
+      .filter(g => !g.startsWith('GREASE_'))
+      .map(g => {
+        const map: any = { 
+          'X25519': '29', 
+          'prime256v1': '23', 
+          'secp384r1': '24', 
+          'secp521r1': '25', 
+          'X25519Kyber768': '25497' 
+        };
+        return map[g] || '0';
+      }).join('-');
+    const ecFormats = this.profile.tls.ecPointFormats.join('-');
+    
+    return `${version},${ciphers},${extensions},${groups},${ecFormats}`;
+  }
+
+  private buildHeaders(hostname: string, path: string, options: RequestOptions): Record<string, string> {
+    const method = (options.method || 'GET').toUpperCase();
+    
+    const headers: Record<string, string> = {
+      ':method': method,
+      ':authority': hostname,
+      ':scheme': 'https',
+      ':path': path
+    };
+
+    if (this.profile.http2.headerOrder) {
+      const defaultHeaders: Record<string, string> = {
+        'sec-ch-ua': this.profile.secChUa,
+        'sec-ch-ua-mobile': this.profile.secChUaMobile,
+        'sec-ch-ua-platform': this.profile.secChUaPlatform,
+        'upgrade-insecure-requests': this.profile.upgradeInsecureRequests || '1',
+        'user-agent': this.profile.userAgent,
+        'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
+        'sec-fetch-site': this.profile.secFetchSite,
+        'sec-fetch-mode': this.profile.secFetchMode,
+        'sec-fetch-dest': this.profile.secFetchDest,
+        'accept-encoding': 'gzip, deflate, br, zstd',
+        'accept-language': this.profile.acceptLanguage || 'en-US,en;q=0.9'
+      };
+
+      if (this.profile.priority) {
+        defaultHeaders['priority'] = this.profile.priority;
+      }
+
+      this.profile.http2.headerOrder.forEach(headerName => {
+        if (defaultHeaders[headerName]) {
+          headers[headerName] = defaultHeaders[headerName];
+        }
+      });
+    }
+
+    const cookies = options.cookies 
+      ? Object.entries(options.cookies).map(([k, v]) => `${k}=${v}`).join('; ')
+      : this.cookieJar.getCookies(hostname, path);
+    
+    if (cookies) headers['cookie'] = cookies;
+
+    if (options.headers) Object.assign(headers, options.headers);
+
+    if (method === 'POST' || method === 'PUT' || method === 'PATCH') {
+      if (!headers['content-type']) headers['content-type'] = 'application/x-www-form-urlencoded';
+      if (options.body) {
+        const bodyLength = Buffer.isBuffer(options.body) ? options.body.length : Buffer.byteLength(options.body);
+        headers['content-length'] = bodyLength.toString();
+      }
+    }
+
+    return headers;
+  }
+
+  private isSessionAlive(session: { http2Manager: HTTP2ClientManager }): boolean {
+    try {
+      return session.http2Manager.isConnected();
+    } catch {
+      return false;
+    }
+  }
+
+  getCookies(domain: string): string {
+    return this.cookieJar.getCookies(domain);
+  }
+
+  setCookie(domain: string, name: string, value: string, options?: { expires?: Date; path?: string }): void {
+    this.cookieJar.setCookie(domain, name, value, options);
+  }
+
+  destroy(): void {
+    if (this.cleanupInterval) {
+      clearInterval(this.cleanupInterval);
+      this.cleanupInterval = null;
+    }
+
+    this.sessionCache.forEach(session => {
+      try {
+        session.http2Manager.destroy();
+        session.tlsManager.destroy();
+      } catch (e) {}
+    });
+    this.sessionCache.clear();
+  }
+}
+
+export { AdvancedTLSClient };

package/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "advanced-tls-client",
+  "version": "1.0.0",
+  "description": "Advanced TLS/HTTP2 Client with JA3 fingerprinting",
+  "main": "index.ts",
+  "type": "module",
+  "scripts": {},
+  "keywords": ["tls", "http2", "ja3", "fingerprint"],
+  "author": "",
+  "license": "MIT",
+  "engines": {
+    "node": ">=16.0.0"
+  },
+  "dependencies": {
+    "@types/node": "^20.0.0"
+  }
+}