Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spoof detection #33

Open
petuxodev opened this issue Jul 10, 2022 · 4 comments
Open

Spoof detection #33

petuxodev opened this issue Jul 10, 2022 · 4 comments
Assignees
@barjin
Labels
antibot Yet another antibot service is recognizing the injection bug Something isn't working. t-tooling Issues with this label are in the ownership of the tooling team.

Comments

@petuxodev
Copy link

petuxodev commented Jul 10, 2022
edited

Describe the bug

  1. Looks like botd detects OS spoof, when i set operatingSystems: ['windows'] it detects spoof, when i'm running browser with my Mac.

  2. Cloudflare JS Challenge detects, when userAgent set in browser.newContext, and os is not/is spoofed.

Proof
image

System information:

  • OS: MacOS
  • Node.js version: 18
@petuxodev petuxodev added the bug Something isn't working. label Jul 10, 2022
@barjin
Copy link
Collaborator

barjin commented Jul 10, 2022

Thank you for submitting this issue! Fingerprinting services can usually detect the machine's OS by performing font fingerprinting (different OSes provide different fonts), among others. These are usually some of the harder things to spoof.

Until we have that incorporated in the fingerprinting suite, always try matching your fingerprint's OS / browser (version) to the one you are actually using. The ML model generating the fingerprints has a plenty of samples for all the major operating systems - so it shouldn't cause any problems.

@petuxodev
Copy link
Author

Thank you for submitting this issue! Fingerprinting services can usually detect the machine's OS by performing font fingerprinting (different OSes provide different fonts), among others. These are usually some of the harder things to spoof.

Until we have that incorporated in the fingerprinting suite, always try matching your fingerprint's OS / browser (version) to the one you are actually using. The ML model generating the fingerprints has a plenty of samples for all the major operating systems - so it shouldn't cause any problems.

Botd does detection with os cpu, and etc others. it does not use font fingerprinting, it is open source, check it yourself.

@petuxodev
Copy link
Author

And, cloudflare detects, when you set useragent. lol.

@barjin barjin added the antibot Yet another antibot service is recognizing the injection label Jul 12, 2022
@TeitlerS
Copy link

any progress on this?

@barjin barjin self-assigned this Jul 21, 2023
@barjin barjin added the t-tooling Issues with this label are in the ownership of the tooling team. label Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barjin barjin

Labels
antibot Yet another antibot service is recognizing the injection bug Something isn't working. t-tooling Issues with this label are in the ownership of the tooling team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@barjin @TeitlerS @petuxodev