tobwen
commented
1 month ago - Add a donation link.
Open cessy395 opened 1 month ago
tobwen
commented
1 month ago 
daijro
commented
1 month ago Hello, thanks for the suggestions! Here's a couple notes:
Random starting point and random end point for clicking the elements
I had this idea as well, but I held off on it because of the way Playwright handles clicking elements. On the browser side, I only receive the coordinates of where to click, not the element to click itself. The Playwright client library determines the mouse coordinates on it's own without telling the browser which element it's clicking. In other words, I would need to patch the Playwright client library itself, which is something I want to avoid to keep support for other languages with Playwright/remotely accessing Camoufox from the official Playwright library.
A workaround for this could be to lie about the element's width/height and position to fool Playwright into clicking at a random point besides the center, but this will require more testing to see if it breaks anything else.
Auto click for cloudflare turnstile
I could possibly add a autoclick property for automatically clicking elements as they appear.
Random sleeps while key press down and up
I'm planning on adding this soon, but I was wondering how I wanted to implement it. I think I'll add a humanize:wpm and humanize:wpm:sd to set a custom typing WPM/standard deviation.
Adding noise to canvas and webgl fingerprinting
This is actually implemented into Firefox itself. You can enable Canvas randomization and WebGL fingerprint protection like this:
with Camoufox(
firefox_user_prefs={
"privacy.fingerprintingProtection": True,
"privacy.fingerprintingProtection.overrides": "+CanvasRandomization,+WebGLRenderCapability,+WebGLRenderInfo"
}):
...But I would HIGHLY suggest not doing this, because Canvas randomization is extremely detectable (demonstrated by tools like CreepJS), and will hurt your stealth more than it helps. Furthermore, it's better to not enable WebGL—I haven't seen any WAF that flags from having WebGL disabled.
I do have an idea for a theoretical workaround by spoofing the GPU behavior through software rendering, but I don't have a GPU dataset to generate WebGL fingerprints to implement this.
tobwen
commented
1 month ago I do have an idea for a theoretical workaround by spoofing the GPU behavior through software rendering, but I don't have a GPU dataset to generate WebGL fingerprints to implement this.
Can't we buy them from one of the thousands of tracking providers? Some websites have 400 data processing companies. Surely someone is tracking GPU information.
We maybe could do some community fundraising?
daijro
commented
1 month ago I do have an idea for a theoretical workaround by spoofing the GPU behavior through software rendering, but I don't have a GPU dataset to generate WebGL fingerprints to implement this.
Can't we buy them from one of the thousands of tracking providers? Some websites have 400 data processing companies. Surely someone is tracking GPU information.
We maybe could do some community fundraising?
While there might be a data collection company with GPU information, I don't think they would have as much data on WebGL as we're looking for. WAF companies may only need to keep track of just enough WebGL information to distinguish users apart, but Camoufox needs to spoof every possible WebGL value to match an associated vendor/renderer to avoid any potential leaks.
The Camoufox docs has anonymous WebGL analytics that can be opted into when first loading the site. Here is an automatically generated report of the vendor/renderer combinations that Camoufox currently has sufficient analytics on, thanks to the community:
https://camoufox.com/webgl-research
As more users visit the site and opt into helping Camoufox's WebGL research, we will eventually have a solid profile of each vendor and renderer to implement automatic WebGL data rotation. :+1:
Describe the feature:
That would make it complete solution imo.