UNPKG

puppeteer-extra-plugin-stealth

Version:

Stealth mode: Applies various techniques to make detection of headless puppeteer harder.

github.com/berstend/puppeteer-extra/tree/master/packages/puppeteer-extra-plugin-stealth

berstend/puppeteer-extra

168 lines (152 loc) 6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
'use strict' const { PuppeteerExtraPlugin } = require('puppeteer-extra-plugin') const withUtils = require('../_utils/withUtils') /** * Mock the `chrome.loadTimes` function if not available (e.g. when running headless). * It's a deprecated (but unfortunately still existing) chrome specific API to fetch browser timings and connection info. * * Internally chromium switched the implementation to use the WebPerformance API, * so we can do the same to create a fully functional mock. :-) * * Note: We're using the deprecated PerformanceTiming API instead of the new Navigation Timing Level 2 API on purpopse. * * @see https://developers.google.com/web/updates/2017/12/chrome-loadtimes-deprecated * @see https://developer.mozilla.org/en-US/docs/Web/API/PerformanceTiming * @see https://source.chromium.org/chromium/chromium/src/+/master:chrome/renderer/loadtimes_extension_bindings.cc;l=124?q=loadtimes&ss=chromium * @see `chrome.csi` evasion * */ class Plugin extends PuppeteerExtraPlugin { constructor(opts = {}) { super(opts) } get name() { return 'stealth/evasions/chrome.loadTimes' } async onPageCreated(page) { await withUtils(page).evaluateOnNewDocument( (utils, { opts }) => { if (!window.chrome) { // Use the exact property descriptor found in headful Chrome // fetch it via `Object.getOwnPropertyDescriptor(window, 'chrome')` Object.defineProperty(window, 'chrome', { writable: true, enumerable: true, configurable: false, // note! value: {} // We'll extend that later }) } // That means we're running headful and don't need to mock anything if ('loadTimes' in window.chrome) { return // Nothing to do here } // Check that the Navigation Timing API v1 + v2 is available, we need that if ( !window.performance || !window.performance.timing || !window.PerformancePaintTiming ) { return } const { performance } = window // Some stuff is not available on about:blank as it requires a navigation to occur, // let's harden the code to not fail then: const ntEntryFallback = { nextHopProtocol: 'h2', type: 'other' } // The API exposes some funky info regarding the connection const protocolInfo = { get connectionInfo() { const ntEntry = performance.getEntriesByType('navigation')[0] || ntEntryFallback return ntEntry.nextHopProtocol }, get npnNegotiatedProtocol() { // NPN is deprecated in favor of ALPN, but this implementation returns the // HTTP/2 or HTTP2+QUIC/39 requests negotiated via ALPN. const ntEntry = performance.getEntriesByType('navigation')[0] || ntEntryFallback return ['h2', 'hq'].includes(ntEntry.nextHopProtocol) ? ntEntry.nextHopProtocol : 'unknown' }, get navigationType() { const ntEntry = performance.getEntriesByType('navigation')[0] || ntEntryFallback return ntEntry.type }, get wasAlternateProtocolAvailable() { // The Alternate-Protocol header is deprecated in favor of Alt-Svc // (https://www.mnot.net/blog/2016/03/09/alt-svc), so technically this // should always return false. return false }, get wasFetchedViaSpdy() { // SPDY is deprecated in favor of HTTP/2, but this implementation returns // true for HTTP/2 or HTTP2+QUIC/39 as well. const ntEntry = performance.getEntriesByType('navigation')[0] || ntEntryFallback return ['h2', 'hq'].includes(ntEntry.nextHopProtocol) }, get wasNpnNegotiated() { // NPN is deprecated in favor of ALPN, but this implementation returns true // for HTTP/2 or HTTP2+QUIC/39 requests negotiated via ALPN. const ntEntry = performance.getEntriesByType('navigation')[0] || ntEntryFallback return ['h2', 'hq'].includes(ntEntry.nextHopProtocol) } } const { timing } = window.performance // Truncate number to specific number of decimals, most of the `loadTimes` stuff has 3 function toFixed(num, fixed) { var re = new RegExp('^-?\\d+(?:.\\d{0,' + (fixed || -1) + '})?') return num.toString().match(re)[0] } const timingInfo = { get firstPaintAfterLoadTime() { // This was never actually implemented and always returns 0. return 0 }, get requestTime() { return timing.navigationStart / 1000 }, get startLoadTime() { return timing.navigationStart / 1000 }, get commitLoadTime() { return timing.responseStart / 1000 }, get finishDocumentLoadTime() { return timing.domContentLoadedEventEnd / 1000 }, get finishLoadTime() { return timing.loadEventEnd / 1000 }, get firstPaintTime() { const fpEntry = performance.getEntriesByType('paint')[0] || { startTime: timing.loadEventEnd / 1000 // Fallback if no navigation occured (`about:blank`) } return toFixed( (fpEntry.startTime + performance.timeOrigin) / 1000, 3 ) } } window.chrome.loadTimes = function() { return { ...protocolInfo, ...timingInfo } } utils.patchToString(window.chrome.loadTimes) }, { opts: this.opts } ) } } module.exports = function(pluginConfig) { return new Plugin(pluginConfig) }