Open lars-berger opened 5 years ago
I'm pretty sure I found a way to mock contentWindow
in iframes without breaking certain iframes (like the inline reCAPTCHA popup) after some tinkering. 😄
I've released it as v2.4 of puppeteer-extra-plugin-stealth, please ping me over there in case you should still encounter issues. :)
FWIW in my tests the only iframes that caused headaches were the ones using srcdoc
, due to a chromium bug.
I'm pretty sure I found a way to mock
contentWindow
in iframes without breaking certain iframes (like the inline reCAPTCHA popup) after some tinkering. 😄I've released it as v2.4 of puppeteer-extra-plugin-stealth, please ping me over there in case you should still encounter issues. :)
FWIW in my tests the only iframes that caused headaches were the ones using
srcdoc
, due to a chromium bug.
does the issue means one could detect headless using iframe + srcdoc ?
what i mean is if page.evaluateOnNewDocument fails, then we can also use by example :
iframe.contentWindow.webdriver
to detect headless ?
There's something weird about srcdoc
frames in chromium/puppeteer - it's not only that page.evaluateOnNewDocument
will not be executed in them but the corresponding iframe.contentWindow
object in general felt funky (?) to use while playing around with it.
My "solution" is to hook into element creation events to sniff out iframes to then hook into potential set events of the srcdoc
property to then (and only then) overload the contentWindow
property with a "smart" proxy to the main page window
object (that will intercept and modify calls that would reveal that it's the main window object). 😅
I had to be super surgical as the reCAPTCHA iframes are extremely sensitive to any iframe modifications.
The cool thing is that with the latest code stuff like this works correctly:
iframe.contentWindow.self === window.top // must be false
iframe.contentWindow.frameElement === iframe // must be true
Definitely among the most crazy detection + evasion games so far. :)
ok did you saw my questions there ? https://github.com/berstend/puppeteer-extra/commit/17a42c3302ba1e7b446097b9aa2dd886ea6c8ef6
The overriden
HTMLIFrameElement.prototype.contentWindow
causes issues for sites and libraries that use the method. Annoyingly, Google is using this in their reCAPTCHA v2 script.Although it's perhaps outside of the scope of this package, is there a way to preserve the original functionality of
iframe.contentWindow
while still passing the test?