search

paulirish / headless-cat-n-mouse

Is headless chrome currently detectable? Let's pit the detections and detection evasions against eachother.
Apache License 2.0
640 stars 56 forks source link

Iframe detection #10

Closed FWeinb closed 6 years ago

FWeinb commented 6 years ago

This is a tricky detection. We can use an iframe to get a fresh window object and use that to potential rerun all the tests we did on the first window object.

I mocked the tests for this to show how it would go. The apply-evasion script should be injected into each JS context and not only the first one.

paulirish commented 6 years ago

Hah. this PR really sent me on a journey.

page.evaluateOnNewDocument uses Page.addScriptToEvaluateOnNewDocument , which says that it applies within iframes.. But that's not working here.

But note this iframe uses iframe.srcdoc = 'about:blank';. That actually doesn't make sense, as you set the content of the iframe with srcdoc. So it should be iframe.srcdoc = 'page intentionally left blank';. 😛

Anyhow, if you use the [src] attribute, like iframe.src = 'about:blank'; ... then the addScriptToEvaluateOnNewDocument succeeds.

I'm not sure why there's a difference here, but it at least seems related to this report: https://github.com/GoogleChrome/puppeteer/issues/1106

paulirish commented 6 years ago

I think i've found two chromium bugs, thanks to this PR. ;)

details in https://github.com/GoogleChrome/puppeteer/issues/1106#issuecomment-359313898