search

berstend / puppeteer-extra

💯 Teach puppeteer new tricks through plugins.
https://extra.community
MIT License
6.26k stars 733 forks source link

Permissions #100

Closed momala454 closed 4 years ago

momala454 commented 4 years ago

Hi, you deny the permission, but according to https://amiunique.org/fp it's common by only 0.08% While by default it seems like chrome is returning this :

accelerometer : granted camera : prompt clipboard-read : prompt clipboard-write : granted geolocation : prompt background-sync : granted magnetometer : granted microphone : prompt midi : granted notifications : prompt payment-handler : granted persistent-storage : prompt

for 20%

What do you think if we return the same ? It may need to emulate the funtionnalities which are "granted" however

berstend commented 4 years ago

Yeah, currently we're only handling notifications permission (if that chrome launch arg is present).

Code of this evasion plugin for reference: here

This ties into a bigger idea of more fully emulation missing capabilities in headless (including the window.chrome object). I've already did something similar with the navigator.plugins evasion and the mime types.

Right now the evasions are a mix of simplistic ones (copy pasted from the web in the early days of this project) and more sophisticated custom written ones.

I'm thinking about streamlining this and maybe add "anti-fingerprint" functionality as well.

momala454 commented 4 years ago

i think it's more than just anti fingerprinting, as on default chrome all of the permissions are shown as i wrote in the previous post (without having any popup), so i think we can conclude that if it's just denied like on your plugin, it's a bot ?

or do you know how to reproduce the same behaviour on legit chrome by changing a parameter?

berstend commented 4 years ago

Are you using chromium or regular chrome right now? It seems like your use-case would benefit from using regular Chrome, if necessary running in a virtualized Windows container/VM. :)

berstend commented 4 years ago

If stealth behaviour is paramount the only viable option is to run regular Google Chrome headful (!) in a Container or VM.

momala454 commented 4 years ago

regular chrome

berstend commented 4 years ago

As I just learned you cannot run Windows in a docker container so your options would be a VM like virtualbox or using a Windows server provider (Azure, AWS?)

berstend commented 4 years ago

But it all depends on what you're trying to achieve, don't forget that most sites are not extremely sophisticated about their stealth detection ;)

berstend commented 4 years ago

Stuff like datacenter IP issues or rate limits are probably things you run into long before the site complains about missing window taskbar pixels in your viewport dimensions.

momala454 commented 4 years ago

i don't know exactly what they do, but i used this plugin to show what functions they use : https://chrome.google.com/webstore/detail/dont-fingerprint-me/nhbedikkbkakbjipijipejfojanppbfg

and the result :

navigator get self.navigator.userAgent navigator get self.navigator.userAgent navigator get self.navigator.platform screen get self.screen.width screen get self.screen.height screen get self.screen.colorDepth navigator get self.navigator.plugins navigator get self.navigator.javaEnabled navigator get self.navigator.language navigator get self.navigator.loadPurpose navigator get self.navigator.sendBeacon navigator get self.navigator.cookieEnabled navigator get self.navigator.connection navigator get self.navigator.connection.downlinkMax navigator get self.navigator.connection.type navigator get self.navigator.connection.effectiveType navigator get self.navigator.connection.rtt navigator get self.navigator.connection.downlink navigator get self.navigator.userAgent navigator get self.navigator.plugins navigator get self.navigator.mimeTypes screen get self.screen.height screen get self.screen.width screen get self.screen.availHeight screen get self.screen.availWidth screen get self.screen.pixelDepth screen get self.screen.colorDepth navigator get self.navigator.appCodeName navigator get self.navigator.appName navigator get self.navigator.appVersion navigator get self.navigator.hardwareConcurrency navigator get self.navigator.maxTouchPoints navigator get self.navigator.platform navigator get self.navigator.product navigator get self.navigator.productSub navigator get self.navigator.vendor navigator get self.navigator.vendorSub navigator get self.navigator.doNotTrack navigator get self.navigator.webdriver canvas apply self.CanvasRenderingContext2D.prototype.fillText canvas apply self.HTMLCanvasElement.prototype.toDataURL canvas apply self.CanvasRenderingContext2D.prototype.getImageData navigator get self.navigator.javaEnabled webgl apply self.WebGLRenderingContext.prototype.getParameter(ALIASED_LINE_WIDTH_RANGE) webgl apply self.WebGLRenderingContext.prototype.getParameter(ALIASED_POINT_SIZE_RANGE) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_VIEWPORT_DIMS) webgl apply self.WebGLRenderingContext.prototype.getParameter(ALPHA_BITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(BLUE_BITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(GREEN_BITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(RED_BITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(DEPTH_BITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_COMBINED_TEXTURE_IMAGE_UNITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_CUBE_MAP_TEXTURE_SIZE) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_FRAGMENT_UNIFORM_VECTORS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_RENDERBUFFER_SIZE) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_TEXTURE_IMAGE_UNITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_TEXTURE_SIZE) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_VARYING_VECTORS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_VERTEX_ATTRIBS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_VERTEX_TEXTURE_IMAGE_UNITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(MAX_VERTEX_UNIFORM_VECTORS) webgl apply self.WebGLRenderingContext.prototype.getParameter(RENDERER) webgl apply self.WebGLRenderingContext.prototype.getParameter(SHADING_LANGUAGE_VERSION) webgl apply self.WebGLRenderingContext.prototype.getParameter(STENCIL_BITS) webgl apply self.WebGLRenderingContext.prototype.getParameter(VENDOR) webgl apply self.WebGLRenderingContext.prototype.getParameter(VERSION) webgl apply self.WebGLRenderingContext.prototype.getExtension(WEBGL_debug_renderer_info) webgl apply self.WebGLRenderingContext.prototype.getParameter(37445) webgl apply self.WebGLRenderingContext.prototype.getParameter(37446) webgl apply self.WebGLRenderingContext.prototype.getContextAttributes webgl apply self.WebGLRenderingContext.prototype.getExtension(EXT_texture_filter_anisotropic) webgl apply self.WebGLRenderingContext.prototype.getParameter(34047) webgl apply self.WebGLRenderingContext.prototype.getShaderPrecisionFormat webgl apply self.WebGLRenderingContext.prototype.getSupportedExtensions navigator get self.navigator.connection navigator get self.navigator.connection.downlinkMax navigator get self.navigator.connection.type navigator get self.navigator.connection.effectiveType navigator get self.navigator.connection.rtt navigator get self.navigator.connection.downlink

berstend commented 4 years ago

Fingerprinting is (currently) not in the scope of the stealth plugin but I make a note in the umbrella ticket for this.

Closing in favor of #101