rbairwell
commented
5 years ago You could try something like CharlesProxy or MITMProxy to man-in-the-middle attack the data transferred between the Chromes and Google.
Open ThatAnton opened 5 years ago
rbairwell
commented
5 years ago You could try something like CharlesProxy or MITMProxy to man-in-the-middle attack the data transferred between the Chromes and Google.
ThatAnton
commented
5 years ago Thanks @rbairwell. Unfortunately the data sent is obfuscated and will likely require lots of reverse engineering just to have to do it all over again when they change something in the near future. I'm mostly interested in how to make my app's webview look as much as possible like Google Chrome. I assume that those working on this project have spent some time looking at the differences via inspector.
Right now I'm checking all properties of window and trying to make them match. Though I'm sure there are some other areas I need to be looking.
Google's catpcha service seems to be able to detect when you're not visiting with a real browser using the methods in this repository/article and I'm wanting to research it further. By that I mean that using the same Google account on the same computer, you will get easy or no puzzle in a real browser but get hard puzzles when solving captchas in apps. I'd like to research this further but I'm not sure the best way to go about it. Are there recommended ways to inventory the differences in headless vs real browser? I'd like to find the differences and patch them.