Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Live fingerprinting methods to evade

See original GitHub issue

These are a few live methods of detection which currently work (and are in use by bot detection services) to distinguish puppeteer-extra-plugin-stealth running headless from normal Chrome. I think I know a fix for one or two of these, but I think that the rest of them are up to other, more V8-savvy maintainers to evade. I will post more detection methods in the coming days.

document.createElement

try{
  document.createElement("dummy value")
} catch({stack}) {
  if(stack.split("\n")[1].includes("Object.apply (<anonymous>"))
    console.log("This is puppeteer");
}

window dimensions

if(window.outerHeight-window.innerHeight>160&&window.outerWidth-window.innerHeight>160)
  console.log("This is puppeteer");

New detection method of navigator.webdriver

if(!!Object.getOwnPropertyDescriptor(navigator.__proto__,"webdriver"))
  console.log("This is puppeteer");

Fix: I am not sure about this at all, but possibly

delete navigator.__proto__.webdriver;

New detection method of navigator.languages

if(!!Object.getOwnPropertyDescriptor(navigator, "languages"))
  console.log("This is puppeteer");

console.debug

if((console.debug+"").includes("return"))
  console.log("This is puppeteer");

Issue Analytics

State:
Created 3 years ago
Reactions:3
Comments:49 (7 by maintainers)

Top GitHub Comments

2reactions

berstendcommented, Aug 6, 2020

90% of the issues mentioned here have been fixed today 😃

feat(plugin-stealth): Mask vendor in WebGL2RenderingContext (#256)
fix(plugin-stealth): Harden navigator.languages evasion (#275)
fix(plugin-stealth): Harden navigator.vendor evasion (#276)
fix(plugin-stealth): Harden navigator.plugins evasion (#278)
fix(plugin-stealth): Remove console.debug evasion (obsolete) (#279)
chore(plugin-stealth): Add leak tests for media.codecs (#277)

Published as puppeteer-extra-plugin-stealth@2.5.0

What’s left from this issue is optimizing chrome.runtime (needs more spoofing) and navigator.plugins (needs better spoofing so e.g. the Array tests fails).

2reactions

berstendcommented, Jul 11, 2020

@Sesamestrong my impression is that Proxies are the way to go, they have the stated intention that their presence is undetectable from within the same JS context and being able to intercept all ways to interact with objects.

As an aside, have a look at this MDN doc: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Proxy

And scroll to “A complete traps list example”.

JS Proxies support a bunch of different traps, get or apply is just scratching the surface. In case a trap isn’t defined the default behaviour is to pass things through to the target (which we usually don’t want), therefore it’d make sense (especially for a shared utility function) to define any and all traps for maximum control.

I once had a nice overview of traps and what respectively triggers them (e.g. toString) but can’t seem to find it right now.

edit, link to ECMAscript specification: https://www.ecma-international.org/ecma-262/9.0/#sec-proxy-object-internal-methods-and-internal-slots

edit2, I not only think that Proxies are the way to go to modify puppeteer-revealing stacktraces but basically as the underpinning of virtually all detection evasion techniques