Code change in overrideCodecs method is causing bot detection

[dekelev]

Code change in overrideCodecs method from fingerprint-injector v2 is causing bot detection.
Using fingerprint-injector v2 with the code from v1 works just fine.

To Reproduce
Load nuwber.com

Expected behavior
Website should load, but instead it blocks the session with anti-bot error.

System information:

• OS: MacOS
• Node.js v16.14.0

Additional context
Here's the affected code (v2 on the left):

[barjin]

Thank you for submitting this issue!

Nuwber.com is a funny website - I'm getting blocked with my regular Firefox-Linux setup without any fingerprint hiding tricks. IIRC the previous code actually did nothing (the codec names had different formats) - now, with the (partial) codec injection in place, this might be related to the MediaSource API issue.

I'll try to experiment some more and get back to this once we'll know more. In the meantime, feel free to fork this project and build your own version with the overrideCodecs line commented :)

[B4nan]

feel free to fork this project and build your own version with the overrideCodecs line commented :)

Or better, just use https://github.com/ds300/patch-package

[dekelev]

Thank you! I've already forked the injector for this purpose, so no pressure.

Some websites do block any Linux based OS using on the SSL fingerprint, so unless you're masking it like Windows or Mac, you might get blocked just for that.

I'll try to make some time available to debug the MediaSource API issue. I wasn't aware that it wasn't actually working in v1 and that it might also be injected by other libraries.

[dekelev]

I can confirm that changing this line in utils.js:

throw new Error(`Codec ${codecString} not found in ${JSON.stringify(codecs)}`);

to return false solves the issue and passes the anti-bot detection.

The canPlayType method was not designed to throw an error:
https://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_av_met_canplaytype

[barjin]

@dekelev thank you for the research! The change you mentioned is now in the stable branch - and published in [email protected]. While nuwber.com still doesn't load for me, I noticed better performance with other pages and fingerprinting services.

Feel free to test out the latest version and let us know, whether it solved your problem. Sorry for the wait!

[dekelev]

Thanks @barjin! For me, as long as no error was thrown from that method, nuwber worked fine, even with the fingerprint-injector v1 code, where it wasn't really injected well. I'm not sure what could be the other difference between us that have affect here. They don't check for SSL fingerprint BTW.