UNPKG

client-trace

Version:

A comprehensive client-side security and telemetry library. Features device fingerprinting, bot detection, network tampering analysis, and secure transport.

client-trace-demo-production.up.railway.app

deepsingh245/client-trace

47 lines (39 loc) 1.51 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
/** * Network API Tampering Detection * Detects if fetch, XMLHttpRequest, or other network APIs have been monkey-patched. */ /** * Checks if a function has been tampered with by inspecting its toString() output. * @param {Function} func - The function to check. * @returns {boolean} - True if tampered (does not contain "[native code]"), false otherwise. */ function isNative(func) { return func.toString().includes('[native code]'); } /** * Detects if network APIs (fetch, XHR) have been tampered with. * @param {function} [onTamperDetected] - Optional callback fired if tampering is found. * @returns {{ tampered: boolean, tamperedFunctions: string[] }} */ export function detectNetworkAPITampering(onTamperDetected) { const tamperedFunctions = []; if (typeof window.fetch !== 'undefined' && !isNative(window.fetch)) { tamperedFunctions.push('fetch'); } if (typeof window.XMLHttpRequest !== 'undefined') { if (!isNative(window.XMLHttpRequest.prototype.open)) { tamperedFunctions.push('XMLHttpRequest.prototype.open'); } if (!isNative(window.XMLHttpRequest.prototype.send)) { tamperedFunctions.push('XMLHttpRequest.prototype.send'); } } const tampered = tamperedFunctions.length > 0; if (tampered && onTamperDetected) { onTamperDetected({ tampered, tamperedFunctions }); } return { tampered, tamperedFunctions }; }