search

kaliiiiiiiiii / brotector

An advanced antibot for webdrivers
https://kaliiiiiiiiii.github.io/brotector/
MIT License
96 stars 4 forks source link

[feature request] PDF detection #5

Closed kaliiiiiiiiii closed 4 weeks ago

kaliiiiiiiiii commented 1 month ago 
var script = document.createElement('script');
script.src =
  'https://cdnjs.cloudflare.com/ajax/libs/jspdf/2.5.1/jspdf.umd.min.js';
script.onload = function () {
  const { jsPDF } = window.jspdf;
  const doc = new jsPDF();
  doc.text('test', 10, 20);
  const pdfURL = URL.createObjectURL(doc.output('blob'));
  const iframe = document.createElement('iframe');
  iframe.src = pdfURL;
  document.body.appendChild(iframe);
  iframe.onload = () => console.log(iframe.contentDocument.querySelector('style')?.textContent||'nothing');

};
document.head.appendChild(script)
      body {
        height: 100%;
        width: 100%;
        overflow: hidden;
        margin: 0;
        background-color: rgb(38, 38, 38);
      }

Discovered by @anonymous, thanks a lot!

dalilamma commented 4 weeks ago

what's happening here?!

vince166 commented 3 weeks ago

Is this test really accurate? My desktop chrome got flagged for this pdfStyle check.

kaliiiiiiiiii commented 3 weeks ago

Is this test really accurate? My desktop chrome got flagged for this pdfStyle check.

What platform & chrome version?

vince166 commented 3 weeks ago

Windows 10 + Chrome Version 129.0.6668.71 (Official Build) (64-bit)

{ "style": "\n body {\n height: 100%;\n width: 100%;\n overflow: hidden;\n margin: 0;\n background-color: rgb(82, 86, 89);\n }\n " }
kaliiiiiiiiii commented 3 weeks ago

@vince166 any chance you could provide a zip of your default user-data-dir? Would suspect that it's some kind of specific setting in chrome But no idea what Oh and maybe send it privately or strip it from your browser history, cookies and etc. (cookie values & passwords are encrypted anyway - but still)

And (or) in addition the command line used to start chrome (see chrome://version)

vince166 commented 3 weeks ago 
<html>
<body>
<!--StartFragment-->
Google Chrome | 129.0.6668.71 (Official Build) (64-bit) (cohort: Stable Installs & Version Pins)
-- | --
Revision | 755228feba24b744c1ae9ffc68368c7a0ccb72b9-refs/branch-heads/6668@{#1421}
OS | Windows 10 Version 22H2 (Build 19045.4894)
JavaScript | V8 12.9.202.22
User Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Command Line | "C:\Program Files\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end
Executable Path | C:\Program Files\Google\Chrome\Application\chrome.exe
Profile Path | C:\Users\username\AppData\Local\Google\Chrome\User Data\Profile 1

<!--EndFragment-->
</body>
</html>

I only have two extensions installed:

kaliiiiiiiiii commented 3 weeks ago 
<html>
<body>
<!--StartFragment-->
Google Chrome | 129.0.6668.71 (Official Build) (64-bit) (cohort: Stable Installs & Version Pins)
-- | --
Revision | 755228feba24b744c1ae9ffc68368c7a0ccb72b9-refs/branch-heads/6668@{#1421}
OS | Windows 10 Version 22H2 (Build 19045.4894)
JavaScript | V8 12.9.202.22
User Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Command Line | "C:\Program Files\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end
Executable Path | C:\Program Files\Google\Chrome\Application\chrome.exe
Profile Path | C:\Users\username\AppData\Local\Google\Chrome\User Data\Profile 1

<!--EndFragment-->
</body>
</html>

I only have two extensions installed:

  • Adobe Acrobat (I don't want to remove this, because I don't know how to install it back)
  • Google Docs Offline

hmm nah can't reproduce this at all even on that exact version + Win10 + google docs offline extension installed