http2-header-impersonation
CommunitySpoof browser HTTP/2 headers to evade anti-bot detection
System Documentation
What problem does it solve?
Anti-bot systems detect non-browser HTTP/2 behavior (including incorrect SETTINGS frames, pseudo-header ordering, and missing browser-specific headers) even when TLS fingerprints are correctly spoofed, blocking legitimate reconnaissance and penetration testing requests. This Skill closes that detection gap by enabling precise spoofing of all protocol-level HTTP/2 browser fingerprints.
Core Features & Use Cases
- Multi-Browser Profile Support: Spoofs HTTP/2 SETTINGS frames, pseudo-header ordering, and complete header sets for Chrome, Firefox, Safari iOS, and OkHttp (Android) to match real browser behavior exactly.
- Flexible Implementation: Supports automated profile application via the impit library or manual header configuration for curl/httpx for use in environments where impit cannot be installed.
- Use Case: Use this Skill during web application reconnaissance when TLS fingerprint spoofing alone fails to bypass anti-bot WAFs that analyze HTTP/2 connection setup, or when testing mobile API endpoints that require Android OkHttp-specific header profiles.
Quick Start
Use the http2-header-impersonation skill to configure your HTTP client to send Chrome 142 browser-matching HTTP/2 headers and SETTINGS frames to bypass anti-bot detection on your target web application.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: http2-header-impersonation Download link: https://github.com/uphiago/recon-skills/archive/main.zip#http2-header-impersonation Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.