-
Notifications
You must be signed in to change notification settings - Fork 26
Bypassing Anti Bots
Modern anti-bot engines (Cloudflare Turnstile, DataDome, Akamai, PerimeterX/HUMAN, Kasada) analyze multiple layers of the client browser environment. To remain undetected, Damru coordinates OS, network, driver, and protocol spoofing in a cohesive way.
Traditional stealth tools intercept JavaScript WebGL calls (like gl.getParameter()) and return static mock strings. Anti-bot scripts detect this easily by:
- Hash Checks: Rendering complex 3D patterns on offscreen canvas elements and hashing the pixel results. Overridden JS values often mismatch the actual GPU rendering capabilities.
- Context Integrity: Checking the prototype chain of WebGLRenderingContext properties to detect monkey-patched getter functions.
Damru does not touch the JS rendering context. Instead:
-
Driver Spoofing: It preloads a custom native library wrapper (
libVkLayer_damru.soandlibfakemem.c) that hooks directly into Android's GLES/Vulkan driver calls. - Consistent Extensions: The hardware info, shader precision levels, and GPU extension list returned to Chrome matches a real physical GPU driver (e.g. Qualcomm Adreno or ARM Mali) rather than the generic virtualized SwiftShader driver.
An automated browser's proxy can be easily unmasked if WebRTC UDP leakage reveals the host's actual local or external IP address. Many frameworks simply disable WebRTC, which is a major red flag (real mobile devices always have WebRTC active).
- Proxy Matching: When a proxy is configured, WebRTC is routed through the proxy tunnel.
- Kernel/Interface spoofing: Instead of hard drop rules that disable WebRTC entirely, Damru routes interfaces dynamically so WebRTC queries successfully discover the proxy's exit IP, mirroring authentic mobile user behavior.
CreepJS is the gold standard for testing browser fingerprinting. It specifically checks:
-
Prototype pollution: Overwriting properties like
navigator.webdriver. - Worker leaks: Script running inside Dedicated Workers or Service Workers bypassing page overrides and executing raw client-hints or UA queries.
- Audio/Speech Synthesis: Validating supported speech voices and speech rates.
-
Zero JS Overrides: Because Damru spoofs CPU count, device memory, and User-Agents before Chrome launches (via
--user-agentcmdline flags and native wrapper overrides), the settings are consistent across the main window, iframe contexts, and background workers. -
Secure Context APIs: APIs like
navigator.deviceMemory,navigator.connection, and secure audio/credential interfaces return consistent values across all secure HTTPS contexts.
Damru achieves consistent passes across top benchmarks:
| Target | Detection Focus | Damru Stealth Strategy | Status |
|---|---|---|---|
| Sannysoft Bot Detector | WebDriver, Chrome flags, Chrome Plugins | Native flags + zero JS webdriver override | PASS (100% Clean) |
| CreepJS | Context/Prototype leakage, workers, voices | Native Bionic libc wrappers + WebRTC proxy | PASS (Trust Score: 100%) |
| DataDome | Fingerprinting, JS worker behavior | Thread/Memory native hooks + WebView hardening | PASS |
| Cloudflare Turnstile | TLS Fingerprint + Canvas/WebGL hashes | Custom cipher suite parameters + GLES layer | PASS |