apify / fingerprint-suite

Browser fingerprinting tools for anonymizing your scrapers. Developed by Apify.
Apache License 2.0
1.01k stars 105 forks source link

Prevent webRTC leaks in the chrome browser #328

Open petrpatek opened 4 weeks ago

petrpatek commented 4 weeks ago

Describe the feature A feature to prevent WebRTC leaks in Chrome, specifically to secure real/local IP information.

Motivation For web scraping, preventing WebRTC leaks is essential. Blocking IP leaks through WebRTC helps maintain the scraper’s anonymity, even when using VPNs or proxies, reducing the risk of detection and IP exposure.

Constraints

Proposed solution for Chrome I have tested this one in Chrome in the unblocking project I am working on, and it worked. see the attached screenshot.

const script = `
const inject = () => {
    if (window.hasRunWebRTCControl) return;
    window.hasRunWebRTCControl = true;

    // Override RTCPeerConnection to prevent IP leaks
    const OriginalRTCPeerConnection = window.RTCPeerConnection;
    function RTCPeerConnectionModified(config, constraints) {
        if (config && config.iceServers) config.iceServers = [];
        return new OriginalRTCPeerConnection(config, constraints);
    }
    RTCPeerConnectionModified.prototype = OriginalRTCPeerConnection.prototype;
    window.RTCPeerConnection = RTCPeerConnectionModified;

    // Disable getUserMedia for camera/microphone access
    navigator.mediaDevices.getUserMedia = () => Promise.reject(new Error('getUserMedia is disabled.'));

    console.log("WebRTC protection injected");
};
inject();
`;

// Inject the script at page load
await page.addInitScript(script);

I am not sure if this is the right repository for this particular issue since I see there is already a code for it, but it is not used in any of our crawlers.

Before in default playwright crawler:

Screenshot 2024-10-31 at 12 18 46

After:

Screenshot 2024-10-30 at 15 37 53
B4nan commented 4 weeks ago

I believe we already have something like this, its just not enabled by default, cc @barjin

https://github.com/apify/fingerprint-suite/blob/d8dbd211fd97e39606eb9cd3dee6ee794861fe76/packages/fingerprint-injector/src/utils.js#L487

barjin commented 4 weeks ago

Yes, you can effectively disable WebRTC in the browser by generating a fingerprint with mockWebRTC: true (and injecting it). As far as I remember, the patch creates a Proxy object that catches all function calls and just immediately resolves with undefined (and does this recursively) - something like your patch for navigator.mediaDevices.getUserMedia.

Can you please verify that mockWebRTC works for you? If it broke in some cases, I'm more than happy to switch for your implementation - I always thought the current one was a little bit crude. Cheers!