Open ghost opened 9 years ago
I don't think there actually is, at least not using the approach we're currently taking to detect if devtools are open.
The fiddle ones are seriously genius pieces of insanely useful code,,,,
for this problem you can add this code:
var minimalUserResponseInMiliseconds = 100; var before = new Date().getTime(); debugger; var after = new Date().getTime(); if (after - before > minimalUserResponseInMiliseconds) { // user had to resume the script manually via opened dev tools // is opened }
The getter hack relied on a bug - browser DevTools should never automatically invoke getters as these may have side effects. Firefox (I tested in 57) and Chrome (65 - currently in canary) already patched it up. Only major browsers where it still works are Safari and Edge.
BTW I found another one that abuses the fact that many developers have cache disabled when DevTools are open:
http://jsbin.com/vanogec/edit?js,output
Works in all major browsers even if DevTools are undocked, but has a side effect of making a request.
Here's my idea for devtools detection: https://jsfiddle.net/eligrey/j4v270p4/
I think this solution is much more difficult to mitigate.
Apparently the method I posted isn't that accurate in Firefox, although it is pretty accurate in Chrome.
@kdzwinel Yup, this seems to be the Chrome bug report: https://bugs.chromium.org/p/chromium/issues/detail?id=795547
@ngyikp thanks! Quick look at the diff of the patch reveals that only some properties were patched while others are still vulnerable to the same getter hack. I opened another report: crbug.com/799791.
[EDIT] Patched in Canary
@mtx-z unfortunately your solution doesn' t work anymore :-(
I found myself discussing this and thinking about this again, so here goes a braindump.
There are four techniques that still can be used to detect DevTools (that I know of). Thankfully, all of them can be migrated:
If everything fails and code you are trying to debug is still detecting DevTools:
chrome://net-export/
).This guy did a good check somehow https://samy.pl/ try to open dev tools. I've been trying to get to the bottom of it for several hours now. Maybe one of you can? He hides everything very well.
Ok, guys, I figured it out. Thanks to the dude from samy.pl He's really cool. So try my solution https://content-protector-wordpress.42theme.com/ it detects undocked dev tools too. Here is the full code https://gist.github.com/drinkmaker/67c5dd6c83170a65517a595a5fa135d8 Pay attention to two points:
Hope this helps.
@drinkmaker I can still open the DevTools on the content-protector website. Was that intentional?
@dpw1 Oh, You're right, it's broken again. I need to look for a solution, again :(
Found another solution https://github.com/AEPKILL/devtools-detector, it works in summer 2022 and correctly detects undocked DevTools.
I'm also researching this problem recently, and I wrote a simple one today , devtools-detecter, but because I don't have enough equipment, I haven't done a detailed test. I know that it is effective in win10 chrome103.If you find a bug, you can send issues.
Found another solution https://github.com/AEPKILL/devtools-detector, it works in summer 2022 and correctly detects undocked DevTools.
Thank you very much you saved our life
Found another solution https://github.com/AEPKILL/devtools-detector, it works in summer 2022 and correctly detects undocked DevTools.
Thank you very much you saved our life
if you go to console you will notice there is a message "console was cleared" every x milliseconds. from the otehr hand bet365 does it without this message. Must be an other way and bet365 knows it
Check if console.log is a no-op like samy.pl
I there's a polyfill or an idea to fix when DevTools is undocked, it should be added to this thread.