alihan/browser-fingerprinting-bot-detection-avoidance
1
0
Fork 0
mirror of https://github.com/niespodd/browser-fingerprinting.git synced 2021-11-01 22:44:07 +03:00
Code Issues Projects Releases Wiki Activity
26 Commits 1 Branch 0 Tags
52e0c4f94b2ab41892c0c9341c6dd4a0fc50add6
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
niespodd 52e0c4f94b Update README.md
2021-01-31 12:05:48 +01:00
README.md
Update README.md
2021-01-31 12:05:48 +01:00

README.md

Browser Fingerprinting 👫 Anti-bot Detection

Here I study various aspects of existing evasion techniques to get around anti-bot systems. Looking for help with bypassing one?

PS. A on this repo will be appreciated!

Random, maybe useful

puppeteer-extra-plugin-stealth 😈

✔️ Win / Fail / 🤷 Tie :

  • ✔️ Client Hints - Shipped recently. In line with Chromium cpp implementation.
  • ✔️ General navigator and window properties
  • ✔️ Chrome plugins and native extensions - This includes both Widevine DRM extension, as well as Google Hangouts, safe-browsing etc.
  • 🤷 p0f - detect host OS from TCP struct - Not possible to fix via Puppeteer APIs. Used in Akamai Bot Manager to match against JS and browser headers (Client Hints and User-Agent). There is a detailed explaination of the issue. The most reliable evasion seems to be not spoofing host OS at all, or using OSfooler-ng.
  • 🤷 Browser dimensions - Although stealth plugin provides window.outerdimensions evasion, it won't work without correct config on non-default OS in headless mode; almost always fails when viewport size >= screen resolution (low screen resolution display on the host).
  • core-estimator - This can detect mismatch between navigator.hardwareConcurrency and SW/WW execution profile. Not possible to limit/bump the ServiceWorker/WebWorker thread limit via existng Puppeteer APIs.
  • WebGL extensions profiling - desc. tbd
  • RTCPeerConnection when behind a proxy - Applies to both SOCKS and HTTP(S) proxies.
  • Performance.now - desc. tbd (red pill)
  • WebGL profiling - desc. tbd
  • Behavior Detection - desc. tbd (events, params, ML+AI buzz)
  • Font fingerprinting - desc. tbd (list+version+renderer via HTML&canvas)
  • Network Latency - desc. tbd (integrity check: proxy det., JS networkinfo, dns resolv profiling&timing)
  • Battery API - desc. tbd
  • Gyroscope and other (mostly mobile) device sensors - desc. tbd

Multilogin, Kameleo and others 💰🤠

  • 🤷 Font masking - Font fingerprinting still leaks host OS due to use of different font rendering backends on Win/Lin/Mac. However, the basic "font whitelisting" technique can help to slightly rotate browser fingerprint.
  • Inconsistencies - Profile misconfiguration leads to early property/behavior inconsitency detection.
  • Native extensions - Unlike puppeteer-extra-plugin-stealth custom Chromium builds such as ML and Kameleo provide at most an override for native plugins and extensions shipped with Google Chrome.
  • AudioContext APIs and WebGL property override - Manipulation of original canvas and audio waveform can be detected with custom JS.

tbd (if you have an active subscription in any of these services and don't mind sharing an account drop me an email ❤️)

Support

If you have problems with scraping specific website, write me a short email at dniespodziany@gmail.com. Let's have a quick tête-à-tête consultation via Skype 😊.

Have I mentioned a would be appreciated? :-)

➡️ Ethereum address 0x380a4b41fB5e0e1EB8c616eBD56f62f8F934Bab6

Description
No description provided
automationbotbot-detectionchromedriverchromiumchromium-browsercrawlerdetectionfingerprintingpuppeteerrecaptchascraperspiderstealthwebwebscraping
Readme 1.1 MiB
Languages
JavaScript 99.7%
HTML 0.3%