Are your Python web scrapers getting blocked by "Connection aborted", "RemoteDisconnected", or 403 Forbidden errors—even when using rotating proxies, high-quality cookies, and realistic User-Agents?
Modern anti-bot firewalls (like Cloudflare, Akamai, and Fastly) check your client's JA3 / TLS Fingerprint in the TLS Client Hello handshake. The standard Python requests library uses a default OpenSSL cipher signature that instantly flags your script as an automated bot.
This repository demonstrates the concept of bypassing JA3 fingerprint blocking by overriding the default SSLContext ciphers in a custom urllib3 Transport Adapter.
When a browser connects to an HTTPS website, it sends a Client Hello packet listing the TLS versions, extensions, and cipher suites it supports. This list is hashed into a JA3 Fingerprint.
Python's default requests handshake signature:
- Default OpenSSL Ciphers: Suspicious / Bot-like
- Result: Blocked (403 or immediate socket closure)
By subclassing requests.adapters.HTTPAdapter and injecting a custom ssl.SSLContext configured with Chrome-mimicking ciphers, we can make Python look like a real browser:
- Custom Mimic Ciphers: Legitimate / Browser-like
- Result: Bypass / Success
Here is a simplified example showing how to mount a custom adapter to override TLS ciphers:
import ssl
import requests
from requests.adapters import HTTPAdapter
class SimpleJA3Adapter(HTTPAdapter):
def init_poolmanager(self, *args, **kwargs):
# Create a default client SSL Context
context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
# Override ciphers to resemble a real browser
ciphers = (
"ECDHE-ECDSA-AES128-GCM-SHA256:"
"ECDHE-RSA-AES128-GCM-SHA256:"
"ECDHE-ECDSA-CHACHA20-POLY1305"
)
context.set_ciphers(ciphers)
kwargs['ssl_context'] = context
return super().init_poolmanager(*args, **kwargs)
# Usage
session = requests.Session()
session.mount('https://', SimpleJA3Adapter())
# Try scraping a JA3-checking endpoint
response = session.get('https://tls.peet.ws/api/clean')
print(response.json())While the basic snippet above illustrates the concept, production-level scraping against strict anti-bot protections (like Cloudflare Turnstile/Under Attack Mode or Akamai Bot Manager) requires a highly robust, complete integration template.
We have packaged a fully optimized, production-tested bypass template on Gumroad:
👉 Download the Premium JA3 Bypass Template ($9.00 USD) on Gumroad
ja3_adapter.py: The complete, optimizedDESAdapterclass utilizing native Pythonsslconfigurations, mapping Chrome's exact cipher ordering and preventing handshake negotiation drops.example.py: A plug-and-play integration template demonstrating how to initialize the adapter, mount it, pass custom headers, and scrape protected endpoints.README.md: Detailed integration guide, dependency listings, and troubleshooting steps.- Lifetime Updates: Free access to updated cipher list mappings as browsers update their signatures.
Stop spending days trying to compile heavy C-based alternatives (like pycurl) or running slow browser automation tools (like Selenium/Playwright). Solve it natively in 2 lines of code!
This project is licensed under the MIT License - see the LICENSE file for details.