search

kkapsner / CanvasBlocker

A Firefox extension to protect from being fingerprinted.
https://canvasblocker.kkapsner.de
Mozilla Public License 2.0
1.15k stars 86 forks source link

Cloudflare can detect fake fingerprints. #708

Open alpgul opened 4 months ago

alpgul commented 4 months ago

Description

If I set any option(chrome,edge,opera,safari) other than Firefox in the navigation options, Cloudflare CAPTCHA cannot be bypassed.

Expected Behaviour

Cloudflare is expected to solve the CAPTCHA and redirect to the page.

Current Behaviour

Cloudflare CAPTCHA is not being solved, and the CAPTCHA page is being opened again.

Steps to Reproduce (for bugs)

  1. create a fresh Firefox profile
  2. Install CanvasBLocker
  3. Open CanvasBLocker Setting
  4. Click Api
  5. Open CanvasBlocker navigator settings
  6. Click Chrome
  7. Open cloudflare link
  8. Click Checkbox

Your Environment

CanvasBlocker Version used: 1.10.1 Firefox version incl. 32- or 64-bit: 125.0.0 (64 bit) Operating System and version (desktop or mobile): Windows 10 Installed addons: in the new profile no other extensions are present

Your Settings

{
    "logLevel": 1,
    "urlSettings": [
        {
            "url": "mail.google.com",
            "protectDOMRect": false
        },
        {
            "url": "onedrive.live.com",
            "protectDOMRect": false
        },
        {
            "url": "paypal.com",
            "protectWindow": false
        },
        {
            "url": "dhl.de",
            "protectWindow": false
        },
        {
            "url": "www.youtube.com",
            "blockMode": "allowEverything"
        }
    ],
    "hiddenSettings": {
        "protectScreen": false,
        "protectedAPIFeatures": false,
        "displayAdvancedSettings": false
    },
    "expandStatus": {
        "screenSize": true,
        "protectScreen": true,
        "section_Canvas-API": true,
        "protectNavigator": true,
        "protectTextMetrics": false,
        "protectAudio": true,
        "fakeMinimalScreenSize": true,
        "useAudioCache": false,
        "historyLengthThreshold": false
    },
    "displayHiddenSettings": true,
    "whiteList": "",
    "sessionWhiteList": "",
    "blackList": "",
    "blockMode": "fake",
    "protectedCanvasPart": "input",
    "minFakeSize": 10,
    "maxFakeSize": 1000000,
    "rng": "persistent",
    "protectedAPIFeatures": {},
    "useCanvasCache": true,
    "ignoreFrequentColors": 3,
    "minColors": 3,
    "fakeAlphaChannel": true,
    "webGLVendor": "",
    "webGLRenderer": "",
    "webGLUnmaskedVendor": "",
    "webGLUnmaskedRenderer": "",
    "persistentRndStorage": "{\"shared://domain\":[124,39,57,100,157,55,138,143,11,38,143,212,252,41,158,147,13,147,167,39,21,55,129,116,50,248,178,108,88,122,245,147,144,92,131,141,43,77,145,219,28,182,158,251,169,194,63,13,254,202,221,51,155,186,57,23,22,57,13,230,101,76,2,122,109,20,14,226,106,107,68,31,253,144,136,191,223,130,72,206,224,195,214,164,226,132,71,87,145,221,134,208,246,60,150,156,207,85,187,140,173,71,81,83,170,16,29,72,18,173,55,222,241,117,64,51,144,196,5,55,179,107,184,144,121,137,136,194]}",
    "persistentIncognitoRndStorage": "",
    "storePersistentRnd": true,
    "persistentRndClearIntervalValue": 30,
    "persistentRndClearIntervalUnit": "days",
    "lastPersistentRndClearing": 1713521163822,
    "sharePersistentRndBetweenDomains": true,
    "askOnlyOnce": "combined",
    "askDenyMode": "block",
    "showCanvasWhileAsking": true,
    "showNotifications": true,
    "highlightPageAction": "color",
    "highlightBrowserAction": "color",
    "displayBadge": true,
    "storeNotificationData": false,
    "storeImageForInspection": false,
    "ignoreList": "",
    "ignoredAPIs": {},
    "showCallingFile": false,
    "showCompleteCallingStack": true,
    "enableStackList": false,
    "stackList": "",
    "protectAudio": true,
    "audioFakeRate": "10%",
    "audioNoiseLevel": "medium",
    "useAudioCache": true,
    "audioUseFixedIndices": true,
    "audioFixedIndices": "6",
    "historyLengthThreshold": 2,
    "protectWindow": true,
    "allowWindowNameInFrames": true,
    "protectDOMRect": true,
    "domRectIntegerFactor": 4,
    "protectSVG": true,
    "protectTextMetrics": true,
    "blockDataURLs": true,
    "protectNavigator": true,
    "navigatorDetails": {
        "browserPreset": "Chrome",
        "appVersion": "5.0 ({platformDetails}) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/{chromeVersion} Safari/537.36",
        "buildID": "{undefined}",
        "oscpu": "{undefined}",
        "productSub": "20030107",
        "userAgent": "Mozilla/{appVersion}",
        "osPreset": "Windows",
        "windowManager": "Windows",
        "platform": "Win32",
        "platformDetails": "Windows NT 10.0; Win64; x64",
        "chromeVersion": "111.0.0.0",
        "vendor": "Google Inc."
    },
    "protectScreen": true,
    "screenSize": "",
    "fakeMinimalScreenSize": false,
    "displayAdvancedSettings": true,
    "displayDescriptions": true,
    "theme": "default",
    "showPresetsOnInstallation": true,
    "dontShowOptionsOnUpdate": false,
    "disruptSessionOnUpdate": false,
    "updatePending": false,
    "isStillDefault": false,
    "storageVersion": 1
}
satoshinotdead commented 4 months ago

Workaround on #710 (and posible duplicate)

kkapsner commented 3 months ago

That's quite weird. I'm able to reproduce the problem in a normal window but not in private mode...

It is not related to the navigator protection itself as it works if you chose another OS. So I guess they are using some chrome specific feature and fail... nothing where I can change anything.

If you whitelist challenges.cloudflare.com for the navigator API it works. grafik

Pretending to use a different browser than you are can be detected very easily via feature testing.

JobcenterTycoon commented 2 months ago

For me it works fine now with default config + "hard to detect" mode without any exceptions.