-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fingerprint injection makes browsers detectable as headless #178
Comments
It seems like using the "chrome" browser ( browsers: ["chrome"] ) is the only one triggering the detection.
const { chromium } = require("playwright");
const { FingerprintInjector } = require("fingerprint-injector");
const { FingerprintGenerator } = require("fingerprint-generator");
async function runBrowser(device, os, browserType) {
const browser = await chromium.launch({
headless: false
});
// chrome, firefox, edge, safari
const { fingerprint, headers } = await new FingerprintGenerator().getFingerprint({
devices: [device],
operatingSystems: [os],
browsers: [browserType]
});
const context = await browser.newContext({
userAgent: fingerprint.navigator.userAgent,
colorScheme: 'dark',
viewport: {
width: fingerprint.screen.width,
height: fingerprint.screen.height,
},
extraHTTPHeaders: {
'accept-language': headers['accept-language'],
},
});
await new FingerprintInjector().attachFingerprintToPlaywright(context, { fingerprint, headers });
const page = await context.newPage();
await page.goto("https://arh.antoinevastel.com/bots/areyouheadless", { waitUntil: "load"});
const value = await page.evaluate(() => document.querySelector('#res p').textContent);
console.log(`Device: ${device} | Os: ${os} | Browser: ${browserType} | Status: ${value}`);
await browser.close();
} |
@steinpigs thanks for this test! |
any takers ? |
Sorry for the delay, I actually started looking into this last week - but unfortunately didn't come to any conclusion. The 'Are you headless' website seems to utilize some kind of ML-like regression, where it collects the browser fingerprint and then sends it to the server, which decides whether the fingerprint is valid or not. Since this is not an actual bot-protection service, the priority on this is a bit lower, but I'll definitely continue looking into this. Thanks for your patience! :) |
No problem, I understand. Thank you for the update. However, I wanted to mention that the injected evasions in the fingerprint-injector compromise the anonymity of the fingerprint, rendering it unusable. This is an important factor to consider. |
I'm not sure if this works here, but you should find a way to use 'new' in headless |
Thanks for the inputs, but that's not the issue here. |
Debugged this, It is getting flagged due to The https://arh.antoinevastel.com/bots/areyouheadless plugin has a check https://github.com/antoinevastel/fpscanner/blob/master/src/fpScanner.js#L119 |
@abhisheksurve45 So why did not fingerprint-suite set |
fingerprint-injector/fingerprint-injector.js without extraheader will pass the detection. |
Removing accept-language will fix this issue: |
Can confirm @tenkuken patch works! I added fingerprint-suite/packages/fingerprint-injector/src/fingerprint-injector.ts Lines 36 to 53 in 098d592
|
@barjin Are you planning a fix or customizable header settings that don't involve forking this? The
That way:
|
@barjin Isn't the guy from that page https://arh.antoinevastel.com/bots/areyouheadless working for Datadome a bot-detection company. Which would make this maybe a priority? |
@iwaduarte Make it your priority then :) PRs are welcome. Regarding the fix - I would rather not add another option in the already pretty granular options object. The other problem is that by removing the A proper solution would include hiding the headlessness without compromising the other parts of the injection - which is the first (and only) rule when introducing new features into this library. As I said, PRs (preferably with proper research/tests) are welcome. Thanks! |
@barjin I think you have to be more specific here. I could indeed drop a PR for the repo but "would include hiding the headlessness without compromising the other parts of the injection" does not give much to work with. How would you define compromise? And also if you could give a tip of what code you advise be even better :) |
💎 cloudgakkai is offering a $30 bounty for this issue |
Hello everyone, I love this lib. Therefore, I'm supporting by giving bounties as CloudGakkai here. The main goal is I want to make fingerprint-suite undetectable on puppeteer |
Can confirm with rebrowser-patches. Suno with hCaptcha easily detects fingerprint-suite and generates a 'Fake app' song even if the hCaptcha is successfully solved. Happens even with the
Sorry if I'm being too harsh, but what's the point of this project then? Is it a DIY guide? This problem should have already been solved a year ago because this is a constantly updated set of already built tools for making a good fingerprint that will at least try to avoid CAPTCHAs, not invite them. |
Hi everyone, Apologies for the long wait and for pinging the thread - this discussion has grown quite a bit over time. To address why other tools might seem more effective: most of them focus on directly patching the obvious signs of automation. As for the age of this issue, we understand the frustration. Unfortunately, we cannot dedicate reasonable manhours to this right now due to other project commitments. Solving this issue correctly would require extensive testing and research. While we’re unable to prioritize this internally, contributions from the community are always welcome. Thank you for your patience and understanding. |
Describe the bug
Simply injecting fingerprint-suite (using
newInjectedContext
ornewInjectedPage
), with or without options, for headless or headfull browser, makes the browser detected as headless in : https://arh.antoinevastel.com/bots/areyouheadless.Every time fingerprint suite is used, even without any option, it makes the browser detectable.
To Reproduce
Expected behavior
Injecting the fingerprint-suite shouldn't make the browser be detected as headless.
System information:
The text was updated successfully, but these errors were encountered: