TLS Profiles
To use the BMP API correctly, you need a TLS client that mimics iOS device fingerprints. Standard HTTP libraries won't work.
iOS Profiles
The following profiles cover the majority of iOS apps. Choose based on the app's requirements.
StandardIOS26
For iOS 26+ apps with modern TLS requirements.
StandardIOS26 = profiles.NewClientProfile(
tls.ClientHelloID{
Client: "StandardIOS26",
RandomExtensionOrder: false,
Version: "1.0.0",
Seed: nil,
SpecFactory: func() (tls.ClientHelloSpec, error) {
clientHello := tls.ClientHelloSpec{
CipherSuites: []uint16{
tls.GREASE_PLACEHOLDER,
0x1302, 0x1303, 0x1301,
0xc02c, 0xc02b, 0xcca9,
0xc030, 0xc02f, 0xcca8,
0xc00a, 0xc009, 0xc014, 0xc013,
},
CompressionMethods: []uint8{tls.CompressionNone},
Extensions: []tls.TLSExtension{
&tls.UtlsGREASEExtension{},
&tls.SNIExtension{},
&tls.ExtendedMasterSecretExtension{},
&tls.RenegotiationInfoExtension{Renegotiation: tls.RenegotiateOnceAsClient},
&tls.SupportedCurvesExtension{Curves: []tls.CurveID{
tls.CurveID(tls.GREASE_PLACEHOLDER),
0x11ec, 0x001d, 0x0017, 0x0018, 0x0019,
}},
&tls.SupportedPointsExtension{SupportedPoints: []byte{tls.PointFormatUncompressed}},
&tls.ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}},
&tls.StatusRequestExtension{},
&tls.SignatureAlgorithmsExtension{SupportedSignatureAlgorithms: []tls.SignatureScheme{
0x0403, 0x0804, 0x0401, 0x0503, 0x0805,
0x0805, 0x0501, 0x0806, 0x0601, 0x0201,
}},
&tls.SCTExtension{},
&tls.KeyShareExtension{KeyShares: []tls.KeyShare{
{Group: tls.CurveID(tls.GREASE_PLACEHOLDER), Data: []byte{0}},
{Group: tls.X25519MLKEM768},
{Group: tls.X25519},
}},
&tls.PSKKeyExchangeModesExtension{Modes: []uint8{tls.PskModeDHE}},
&tls.SupportedVersionsExtension{Versions: []uint16{
tls.GREASE_PLACEHOLDER, tls.VersionTLS13, tls.VersionTLS12,
}},
&tls.UtlsCompressCertExtension{Algorithms: []tls.CertCompressionAlgo{tls.CertCompressionZlib}},
&tls.UtlsGREASEExtension{},
&tls.UtlsPaddingExtension{GetPaddingLen: tls.BoringPaddingStyle},
},
}
return clientHello, nil
},
},
map[http2.SettingID]uint32{
http2.SettingEnablePush: 0,
http2.SettingMaxConcurrentStreams: 100,
http2.SettingInitialWindowSize: 2097152,
9: 1,
},
[]http2.SettingID{
http2.SettingEnablePush,
http2.SettingInitialWindowSize,
http2.SettingMaxConcurrentStreams,
9,
},
[]string{":method", ":scheme", ":path", ":authority"},
uint32(10485760),
[]http2.Priority{},
&http2.PriorityParam{},
)StandardIOS
For standard iOS apps.
SecondaryIOS26
Alternative profile for iOS 26+ apps.
SecondaryIOS
Alternative profile for standard iOS apps.
Verification
To verify your TLS fingerprint, compare against real iOS devices:
3
Identify differences
Use Diff Checker to identify differences
Last updated