search

fingerprintjs / BotD

Bot detection library that runs in the browser. Detects automation tools and frameworks. No server required, runs 100% on the client. MIT license, no usage restrictions.
https://fingerprintjs.github.io/BotD/main/
MIT License
957 stars 77 forks source link

headed playwright chrome with --disable-blink-features=AutomationControlled not detected #112

Closed Le0Developer closed 1 year ago

Le0Developer commented 1 year ago

Headed chromium is only detected by navigator.webdriver, which can be disabled with the --disable-blink-features=AutomationControlled launch option.

Technically this also applies to Webkit, as there only navigator.webdriver is detected too, but I haven't found a launch option to do that yet. (It can still be done with stealth scripts but those are easier to detect)

Reproduction code:

from playwright.sync_api import sync_playwright, TimeoutError

with sync_playwright() as p:
    print("Testing chromium")
    # disable headless & navigator.webdriver
    browser = p.chromium.launch(headless=False, args=["--disable-blink-features=AutomationControlled"])
    page = browser.new_page()
    page.goto('https://fingerprintjs.github.io/BotD/main/')
    try:
        handle = page.wait_for_selector("#result.result-detected", timeout=1_000)
    except TimeoutError:
        print("Chromium is undetected.")
    else:
        print("Chromium is detected.")

    # input("press enter to continue> ")  # just incase you want to see the site yk
    browser.close()
xnerhu commented 1 year ago

Hi @Le0Developer.

You are right, that detecting webdriver can be bypassed using flags. We won't fix it, because it's not the scope of BotD OSS. If you want more sophisticated bot detection, see our BotD Pro https://fingerprint.com/products/bot-detection/. However, it cannot detect this particular flag.

I'm closing for now, if you have any other questions, lmk.