puppeteer-extra-plugin-stealth - npm Package Compare versions

Comparing version 2.3.2 to 2.4.0

evasions/_template/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/_template/index.js#L10-L24)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/_template/index.js#L10-L24)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/chrome.runtime/index.js

@@ -5,5 +5,10 @@ 'use strict'
 
+const { getChromeRuntimeMock } = require('../shared')
+
 /**
  * Pass the Chrome Test.
  *
+ * This will work for iframes as well, except for `srcdoc` iframes:
+ * https://github.com/puppeteer/puppeteer/issues/1106
+ *
  * Could be mocked further.
@@ -21,7 +26,20 @@ */
   async onPageCreated(page) {
-    await page.evaluateOnNewDocument(() => {
-      window.chrome = {
-        runtime: {}
+    await page.evaluateOnNewDocument(
+      args => {
+        // Rematerialize serialized functions
+        if (args && args.fns) {
+          for (const fn of Object.keys(args.fns)) {
+            eval(`var ${fn} =  ${args.fns[fn]}`) // eslint-disable-line
+          }
+        }
+
+        window.chrome = getChromeRuntimeMock(window)
+      },
+      {
+        // Serialize functions
+        fns: {
+          getChromeRuntimeMock: `${getChromeRuntimeMock.toString()}`
+        }
       }
-    })
+    )
   }
@@ -28,0 +46,0 @@ }

evasions/chrome.runtime/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/chrome.runtime/index.js#L10-L26)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/chrome.runtime/index.js#L15-L44)
 
@@ -18,4 +18,7 @@ - `opts` (optional, default `{}`)
 
+This will work for iframes as well, except for `srcdoc` iframes:
+<https://github.com/puppeteer/puppeteer/issues/1106>
+
 Could be mocked further.
 
 ---

evasions/console.debug/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/console.debug/index.js#L8-L24)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/console.debug/index.js#L8-L24)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/navigator.languages/index.js

@@ -19,5 +19,5 @@ 'use strict'
     await page.evaluateOnNewDocument(() => {
-      // Overwrite the `plugins` property to use a custom getter.
+      // Overwrite the `languages` property to use a custom getter.
       Object.defineProperty(navigator, 'languages', {
-        get: () => ['en-US', 'en']
+        get: () => ['en-US', 'en'] // TODO: Make configurable by user
       })
@@ -24,0 +24,0 @@ })

evasions/navigator.languages/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/navigator.languages/index.js#L8-L25)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/navigator.languages/index.js#L8-L25)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/navigator.permissions/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/navigator.permissions/index.js#L8-L53)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/navigator.permissions/index.js#L8-L53)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/navigator.plugins/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/navigator.plugins/index.js#L10-L216)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/navigator.plugins/index.js#L10-L216)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/navigator.webdriver/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/navigator.webdriver/index.js#L9-L28)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/navigator.webdriver/index.js#L9-L28)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/user-agent/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/user-agent/index.js#L13-L25)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/user-agent/index.js#L13-L25)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/webgl.vendor/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/webgl.vendor/index.js#L8-L37)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/webgl.vendor/index.js#L8-L37)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

evasions/window.outerdimensions/index.js

@@ -38,2 +38,3 @@ 'use strict'
     }
+    return options
   }
@@ -40,0 +41,0 @@ }

evasions/window.outerdimensions/readme.md

@@ -9,3 +9,3 @@ ## API
 
-### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/evasions/window.outerdimensions/index.js#L9-L39)
+### class: [Plugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/evasions/window.outerdimensions/index.js#L9-L40)
 
@@ -12,0 +12,0 @@ - `opts` (optional, default `{}`)

index.d.ts

@@ -110,2 +110,3 @@ export = defaultExport;
     get enabledEvasions(): Set<string>;
+    onBrowser(browser: any): void;
 }

index.js

@@ -83,4 +83,7 @@ 'use strict'
     const availableEvasions = new Set([
+      'accept-language',
       'chrome.runtime',
       'console.debug',
+      'iframe.contentWindow',
+      'media.codecs',
       'navigator.languages',
@@ -151,2 +154,7 @@ 'navigator.permissions',
   }
+
+  onBrowser(browser) {
+    // Increase event emitter listeners to prevent MaxListenersExceededWarning
+    browser.setMaxListeners(30)
+  }
 }
@@ -153,0 +161,0 @@

index.test.js

@@ -30,3 +30,3 @@ 'use strict'
   t.true(childClassMembers.includes('enabledEvasions'))
-  t.true(childClassMembers.length === 6)
+  t.is(childClassMembers.length, 7)
 })
@@ -33,0 +33,0 @@

package.json

 {
   "name": "puppeteer-extra-plugin-stealth",
-  "version": "2.3.2",
+  "version": "2.4.0",
   "description": "Stealth mode: Applies various techniques to make detection of headless puppeteer harder.",
@@ -34,5 +34,12 @@ "main": "index.js",
   ],
+  "ava": {
+    "files": [
+      "!test/util.js"
+    ]
+  },
   "devDependencies": {
     "ava": "2.4.0",
     "documentation-markdown-themes": "^12.1.5",
+    "fpcollect": "^1.0.4",
+    "fpscanner": "^0.1.5",
     "loop": "^3.0.6",
@@ -44,5 +51,5 @@ "puppeteer": "^2.0.0"
     "puppeteer-extra-plugin": "^3.1.2",
-    "puppeteer-extra-plugin-anonymize-ua": "^2.2.2"
+    "puppeteer-extra-plugin-anonymize-ua": "^2.2.5"
   },
-  "gitHead": "b5d3faff1b601bd3929448f85ae73f40b0acdf78"
+  "gitHead": "c324041fb49871d3c171c5baea04178828a1fffe"
 }

readme.md

@@ -5,4 +5,6 @@ # puppeteer-extra-plugin-stealth [![Build Status](https://travis-ci.org/berstend/puppeteer-extra.svg?branch=master)](https://travis-ci.org/berstend/puppeteer-extra) [![npm](https://img.shields.io/npm/v/puppeteer-extra-plugin-stealth.svg)](https://www.npmjs.com/package/puppeteer-extra-plugin-stealth)
 
-### Install
+<p align="center"><img src="https://i.imgur.com/q2xBjqH.png" /></p>
 
+## Install
+
 ```bash
@@ -22,3 +24,3 @@ yarn add puppeteer-extra-plugin-stealth
 
-### Usage
+## Usage
 
@@ -31,9 +33,9 @@ ```js
 // add stealth plugin and use defaults (all evasion techniques)
-const pluginStealth = require('puppeteer-extra-plugin-stealth')
-puppeteer.use(pluginStealth())
+const StealthPlugin = require('puppeteer-extra-plugin-stealth')
+puppeteer.use(StealthPlugin())
 
 // puppeteer usage as normal
 puppeteer.launch({ headless: true }).then(async browser => {
+  console.log('Running tests..')
   const page = await browser.newPage()
-  await page.setViewport({ width: 800, height: 600 })
   await page.goto('https://bot.sannysoft.com')
@@ -43,7 +45,59 @@ await page.waitFor(5000)
   await browser.close()
+  console.log(`All done, check the screenshot. ✨`)
 })
 ```
 
+<details>
+ <summary><strong>TypeScript usage</strong></summary><br/>
+
+> `puppeteer-extra` and most plugins are written in TS,
+> so you get perfect type support out of the box. :)
+
+```ts
+import puppeteer from 'puppeteer-extra'
+import StealthPlugin from 'puppeteer-extra-plugin-stealth'
+
+puppeteer
+  .use(StealthPlugin())
+  .launch({ headless: true })
+  .then(async browser => {
+    const page = await browser.newPage()
+    await page.goto('https://bot.sannysoft.com')
+    await page.waitFor(5000)
+    await page.screenshot({ path: 'stealth.png', fullPage: true })
+    await browser.close()
+  })
+```
+
+> Please check this [wiki](https://github.com/berstend/puppeteer-extra/wiki/TypeScript-usage) entry in case you have TypeScript related import issues.
+
+</details><br>
+
+Please check out the [main documentation](https://github.com/berstend/puppeteer-extra/tree/master/packages/puppeteer-extra) to learn more about `puppeteer-extra` (Firefox usage, other Plugins, etc).
+
+## Status
+
+_December 2019_
+
+- ✅ **`puppeeteer-extra` with stealth passes all public bot tests.**
+
+Please note: I consider this a friendly competition in a rather interesting cat and mouse game. If the other team (👋) wants to detect headless chromium there are still ways to do that (at least I noticed a few, which I'll tackle in future updates).
+
+It's probably impossible to prevent all ways to detect headless chromium, but it should be possible to make it so difficult that it becomes cost-prohibitive or triggers too many false-positives to be feasible.
+
+If something new comes up or you experience a problem, please do your homework and create a PR in a respectful way (this is Github, not reddit) or I might not be motivated to help. :)
+
 ## Changelog
 
+### `v2.4.0`
+
+Let's ring the bell for round 2 in this cat and mouse fight :)
+
+- New: All evasions now have a specific before and after test to make make this whole topic less voodoo
+- New: `media.codecs` - we spoof the presence of proprietary codecs in Chromium now
+- New & improved: `iframe.contentWindow` - Found a way to fix `srcdoc` frame based detection without breaking recaptcha inline popup & other iframes (please report any issues)
+- New: `accept-language` - Adds a missing `Accept-Language` header in headless (capitalized correctly, `page.setExtraHTTPHeaders` is all lowercase which can be detected)
+- Improved: `chrome.runtime` - More extensive mocking of the chrome object
+- Feat: All [fpscanner](https://antoinevastel.com/bots/) tests are now being passed, All [intoli](https://bot.sannysoft.com) tests are being passed, [`areyouheadless`](https://arh.antoinevastel.com/bots/areyouheadless) is now being passed
+
 ### `v2.1.2`
@@ -84,3 +138,3 @@
 
-Tests have been done using [this test site](https://bot.sannysoft.com/) and [these scripts](./stealthtests/).
+Tests have been done using [this test site](https://bot.sannysoft.com/) and [these scripts](./stealthtests/). Note: The `MQ_SCREEN` test is broken on their page (will fail in regular Chrome as well).
 
@@ -119,3 +173,3 @@ #### Improved reCAPTCHA v3 scores
 
-### class: [StealthPlugin](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/index.js#L72-L150)
+### class: [StealthPlugin](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/index.js#L72-L158)
 
@@ -198,3 +252,3 @@ - `opts` **[Object](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object)?** Options (optional, default `{}`)
 
-#### .[availableEvasions](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/index.js#L123-L125)
+#### .[availableEvasions](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/index.js#L126-L128)
 
@@ -217,3 +271,3 @@ Type: **[Set](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Set)&lt;[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)>**
 
-#### .[enabledEvasions](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/index.js#L140-L142)
+#### .[enabledEvasions](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/index.js#L143-L145)
 
@@ -237,3 +291,3 @@ Type: **[Set](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Set)&lt;[string](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String)>**
 
-### [defaultExport(opts?)](https://github.com/berstend/puppeteer-extra/blob/fa3ecf77b786a97a4415812fc31ae5d97b71abe0/packages/puppeteer-extra-plugin-stealth/index.js#L158-L158)
+### [defaultExport(opts?)](https://github.com/berstend/puppeteer-extra/blob/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6/packages/puppeteer-extra-plugin-stealth/index.js#L166-L166)
 
@@ -240,0 +294,0 @@ - `opts` **[Object](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object)?** Options

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

552348

increased by831.48%

Number of package files

62

increased by51.22%

Lines of code

1571

increased by74.94%

Number of lines in readme file

295

increased by22.41%

Worsened metrics

Dev dependency count

6

increased by50%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• Updatedpuppeteer-extra-plugin-anonymize-ua@^2.2.5