apify / fingerprint-suite

Browser fingerprinting tools for anonymizing your scrapers. Developed by Apify.
Apache License 2.0
948 stars 100 forks source link

Prevent webRTC leaks in the chrome browser #328

Open petrpatek opened 13 hours ago

petrpatek commented 13 hours ago

Describe the feature A feature to prevent WebRTC leaks in Chrome, specifically to secure real/local IP information.

Motivation For web scraping, preventing WebRTC leaks is essential. Blocking IP leaks through WebRTC helps maintain the scraper’s anonymity, even when using VPNs or proxies, reducing the risk of detection and IP exposure.

Constraints

Proposed solution for Chrome I have tested this one in Chrome in the unblocking project I am working on, and it worked. see the attached screenshot.

const script = `
const inject = () => {
    if (window.hasRunWebRTCControl) return;
    window.hasRunWebRTCControl = true;

    // Override RTCPeerConnection to prevent IP leaks
    const OriginalRTCPeerConnection = window.RTCPeerConnection;
    function RTCPeerConnectionModified(config, constraints) {
        if (config && config.iceServers) config.iceServers = [];
        return new OriginalRTCPeerConnection(config, constraints);
    }
    RTCPeerConnectionModified.prototype = OriginalRTCPeerConnection.prototype;
    window.RTCPeerConnection = RTCPeerConnectionModified;

    // Disable getUserMedia for camera/microphone access
    navigator.mediaDevices.getUserMedia = () => Promise.reject(new Error('getUserMedia is disabled.'));

    console.log("WebRTC protection injected");
};
inject();
`;

// Inject the script at page load
await page.addInitScript(script);

I am not sure if this is the right repository for this particular issue since I see there is already a code for it, but it is not used in any of our crawlers.

Before in default playwright crawler:

Screenshot 2024-10-31 at 12 18 46

After:

Screenshot 2024-10-30 at 15 37 53
B4nan commented 11 hours ago

I believe we already have something like this, its just not enabled by default, cc @barjin

https://github.com/apify/fingerprint-suite/blob/d8dbd211fd97e39606eb9cd3dee6ee794861fe76/packages/fingerprint-injector/src/utils.js#L487

barjin commented 11 hours ago

Yes, you can effectively disable WebRTC in the browser by generating a fingerprint with mockWebRTC: true (and injecting it). As far as I remember, the patch creates a Proxy object that catches all function calls and just immediately resolves with undefined (and does this recursively) - something like your patch for navigator.mediaDevices.getUserMedia.

Can you please verify that mockWebRTC works for you? If it broke in some cases, I'm more than happy to switch for your implementation - I always thought the current one was a little bit crude. Cheers!