Closed Somberor closed 3 years ago
prescience-data
commented
3 years ago There are many leaks from an emulated phone, too many to list.
Even executing through a proper emulator such as BlueStacks is fairly easy to detect by a sufficiently motivated adversary.
Somberor
commented
3 years ago There are many leaks from an emulated phone, too many to list.
Even executing through a proper emulator such as BlueStacks is fairly easy to detect by a sufficiently motivated adversary.
How can I learn about those leaks? Is it also possible to modify any leak via puppeteer?
prescience-data
commented
3 years ago Here's a couple of papers on the topic, but the problems are so broad that it's hard to capture in a single paper:
For example, the first thing a detection script will do is check something like your expected device touchpoints... which obviously won't be there in the example you provided.
Somberor
commented
3 years ago Thank you @prescience-data
evading-bot-detection
commented
3 years ago There are many leaks from an emulated phone, too many to list.
Even executing through a proper emulator such as BlueStacks is fairly easy to detect by a sufficiently motivated adversary.
the official Apple emulator passes the Pixelscan test.
berstend
commented
3 years ago Emulating a different browser engine (e.g. iPhone which uses WebKit) is a lost cause, there are too many differences in the JS VM/API alone.
Once #303 as landed we could check how different the iPhone Safari is in comparison to desktop webkit and if it's possible to patch the JS APIs to mask the differences.
Successfully emulating a mobile Chrome through desktop Chrome should be possible (ignoring fingerprinting/canvas hashes for a moment, this topic requires a dedicated solution in general).
It'd be nice if someone would compare a real and emulated mobile Chrome and list the differences here (also curious if there are emulation differences with playwright/pptr).
prescience-data
commented
3 years ago There are many leaks from an emulated phone, too many to list. Even executing through a proper emulator such as BlueStacks is fairly easy to detect by a sufficiently motivated adversary.
the official Apple emulator passes the Pixelscan test.
Would be interested to see the differences between the canvas hashes of an emulated iPhone and a real iPhone of the same model.
berstend
commented
3 years ago Closing this for now, discussions like this might be better suited for our discord.
Summaw
commented
9 months ago Here's a couple of papers on the topic, but the problems are so broad that it's hard to capture in a single paper:
For example, the first thing a detection script will do is check something like your expected device touchpoints... which obviously won't be there in the example you provided.
This could be a dumb question of sorts but is it not possible to imitate or create some sort of package in which we could spoof users movements? Could be something like ghost-cursor? Obviously it wouldn't be like ghost-cursor but the idea and concept behind ghost-cursor package? Ghost-Cursor uses Bezier curves to act human like... is that not possible for us to create for mobile?
Hey guys , I've tried to emulate phone while using the stealth plugin, but it seems like most of the sites can easily detect that its phone: http://prntscr.com/ujz2js http://prntscr.com/ujz2z0
I think this makes 0 sense and might be a big reason for the detection as how can I be using nvidia and chromium on iphone :D http://prntscr.com/ujz3wg
The code is used to open the browser: `const puppeteer = require('puppeteer-extra');