-
-
Notifications
You must be signed in to change notification settings - Fork 811
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
web: Spoof prototypes to prevent false positive bot detections #18157
base: master
Are you sure you want to change the base?
Conversation
Thank you for this! Unfortunately it seems to break things, al of the tests are now failing with:
|
Thank you! Now things should work, and |
I want to look into this next week. |
writable: false, | ||
}); | ||
|
||
// bypass TypeError on Firefox |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, I guess this wouldn't be Firefox specific. By changing the prototype of the RufflePluginArray
all methods that we add to the prototype of course become inaccessible. If we want to go with this approach we should probably remove the RufflePluginArray class altogether, it's going to be more confusing than useful.
I have an alternative solution that still bypasses the somewhat weak BotD check using instanceof PluginArray
. We can simply add the original prototype to the prototype chain of our new object.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah sorry. This doesn't actually work for the MimeTypeArray
. I think because the plugins that we "install" aren't an instance of MimeType
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this wouldn't be Firefox specific.
Yeah that's the case.
We can simply add the original prototype to the prototype chain of our new object.
I tried that initially, but constructing the object seems to always give this error: typeerror: Illegal constructor
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using a lot Object.defineProperty
is indeed confusing. I can use this instead:
// bypass TypeError
for (const method of ["namedItem", "refresh", "item"]) {
// @ts-expect-error: We're adding a method to the object
navigator.plugins[method] = proto[method];
}
Some bot detection libraries will detect the prototypes for
navigator.plugins
.Current extension will cause false positives in such detections. (for example: by BotD)
This PR includes code that spoofs prototypes of related objects.