Thermoptic: The New HTTP Proxy That Makes Your Traffic Vanish

by ddos · September 9, 2025

Security researcher Matthew Bryant has introduced a new tool called Thermoptic—an HTTP proxy that disguises network requests as genuine Chrome browser traffic, enabling users to circumvent blocking systems based on connection fingerprint analysis. Such methods are increasingly employed by services like Cloudflare to identify “non-human” clients such as curl or specialized parsers.

Thermoptic allows traditional command-line utilities to masquerade as real browser requests. It synchronizes multiple layers of network “signatures”—from TLS and HTTP headers to X.509 certificates and TCP packet structures. As a result, the fingerprints observed by target services are indistinguishable from those generated by an actual Chrome session.

The tool operates by interacting with a live Chrome or Chromium instance through the Chrome DevTools Protocol (CDP). Thermoptic constructs the required context—such as navigating to a link or executing a fetch() call—performs the request within the browser, and relays the response back to the client. This ensures that all low-level details used to differentiate bots align precisely with those of a legitimate browser.

Deployment is straightforward: the proxy can be launched in Docker with a single command. By default, traffic is proxied through a local port, though the project’s author strongly advises changing the default login credentials and, if necessary, installing a root certificate to avoid HTTPS verification errors. The tool also supports hooks—small scripts that can automatically solve JavaScript challenges or set specific cookies before sending a request.

According to Bryant, Thermoptic’s primary distinction from other approaches is that it does not merely imitate browser behavior—it leverages the browser itself to execute requests. This design reduces the risk of desynchronization across network layers and makes the tool more resilient to evolving fingerprinting algorithms.

Bryant explained that Thermoptic was inspired by the growing adoption of fingerprinting techniques such as JA4+, now widely implemented in modern WAF and anti-bot systems. At the same time, he emphasized that responsibility for its use lies entirely with the users, stressing that the project is intended as an open-source experiment for researchers and developers exploring these technologies.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal