Skip to main content

Overview

The header_randomizer module provides HTTP header randomization capabilities to help beacons evade network detection. It supports four levels of randomization, from fully deterministic (level 0) to highly randomized (level 3). Module: evasion.header_randomizer

Functions

get_headers()

def get_headers(level: int) -> dict
Return HTTP headers for a beacon request at the given randomization level.

Parameters

level
int
required
Randomization level (0-3):
  • 0: Fixed Chrome UA, fixed language, fixed encoding
  • 1: Random UA, fixed language, fixed encoding
  • 2: Random UA, random language, fixed encoding
  • 3: Random UA, random language, random encoding, shuffled header order

Returns

dict
dict
Dictionary of HTTP headers with the following keys:
  • Host: Server hostname (with port if non-standard)
  • Content-Type: Always application/octet-stream
  • User-Agent: Browser user agent string
  • Accept-Language: Language preference
  • Accept-Encoding: Supported encodings
  • Accept: Content type acceptance (always */*)
  • Connection: Connection type (always keep-alive)

Raises

  • ValueError: If level is not in range 0-3

Example

from evasion.header_randomizer import get_headers

# Level 0: Fully deterministic
headers = get_headers(0)
print(headers['User-Agent'])  # Always Chrome

# Level 1: Random UA only
headers = get_headers(1)
print(headers['User-Agent'])  # Random browser
print(headers['Accept-Language'])  # Always en-US

# Level 3: Maximum randomization
headers = get_headers(3)
print(headers)  # All headers randomized, order shuffled

Constants

USER_AGENTS

USER_AGENTS = [
    'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36',
    'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0',
    'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0',
    'Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15',
]
List of browser user-agent strings used for randomization. Includes:
  • Chrome 122 on Windows 10
  • Firefox 123 on Windows 10
  • Edge 121 on Windows 10
  • Safari 17.2 on macOS 14.3

ACCEPT_LANGUAGES

ACCEPT_LANGUAGES = [
    'en-US,en;q=0.9',
    'en-GB,en;q=0.9',
    'fr-FR,fr;q=0.9,en;q=0.8',
    'de-DE,de;q=0.9,en;q=0.8',
    'ja-JP,ja;q=0.9,en;q=0.8',
    'zh-CN,zh;q=0.9,en;q=0.8',
    'pt-BR,pt;q=0.9,en;q=0.8',
]
List of Accept-Language header values used for randomization. Includes:
  • English (US)
  • English (GB)
  • French (France)
  • German (Germany)
  • Japanese (Japan)
  • Chinese (Simplified, China)
  • Portuguese (Brazil)

ACCEPT_ENCODINGS

ACCEPT_ENCODINGS = [
    'gzip, deflate, br',
    'gzip, deflate',
    'br, gzip',
]
List of Accept-Encoding header values used for randomization. Includes various combinations of gzip, deflate, and Brotli compression.

Randomization Levels

Level 0: Deterministic

  • User-Agent: Fixed Chrome UA
  • Accept-Language: en-US,en;q=0.9
  • Accept-Encoding: gzip, deflate, br
  • Header Order: Fixed
  • Use Case: Testing, environments where consistency is required

Level 1: Basic Rotation

  • User-Agent: Random from USER_AGENTS
  • Accept-Language: en-US,en;q=0.9 (fixed)
  • Accept-Encoding: gzip, deflate, br (fixed)
  • Header Order: Fixed
  • Use Case: Light evasion with predictable language/encoding

Level 2: Medium Randomization

  • User-Agent: Random from USER_AGENTS
  • Accept-Language: Random from ACCEPT_LANGUAGES
  • Accept-Encoding: gzip, deflate, br (fixed)
  • Header Order: Fixed
  • Use Case: Balanced evasion, mimics diverse user base

Level 3: Maximum Randomization

  • User-Agent: Random from USER_AGENTS
  • Accept-Language: Random from ACCEPT_LANGUAGES
  • Accept-Encoding: Random from ACCEPT_ENCODINGS
  • Header Order: Shuffled (except Host and Content-Type always first)
  • Use Case: Maximum evasion, makes fingerprinting difficult

Notes

  • Host and Content-Type headers are always present and always appear first
  • Host includes port number if non-standard (not 80 or 443)
  • Port is read from config.SERVER_PORT
  • All randomization uses Python’s random module

Build docs developers (and LLMs) love

Get started for freeTalk to us