-
-
Notifications
You must be signed in to change notification settings - Fork 739
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iframe.contentWindow evasion can leak Object.apply in stack traces #318
Comments
careful to not remove all Object.apply, which could be detected by purposely creating a stack containing Object.apply |
Sample test code: try {
document["createElement"](0);
} catch (e) {
console.log(e.stack)
} |
Sample code including the observed detection: var detection;
var stack;
try {
document.createElement(0);
} catch (err) {
try {
stack = err.stack.split('\n');
detection = (stack.length >= 2) ? !!stack[1].match(/Ob[cej]{3}t\.a[lp]{3}y[\(< ]{3}an[oynm]{5}us>/) : 'Normal stack trace.';
} catch (errOfErr) {
detection = 'Stack trace hijacked.';
}
} |
This is leveraging the ancient/shitty puppeteer-extra/packages/puppeteer-extra-plugin-stealth/evasions/iframe.contentWindow/index.js Line 95 in 12fe3af
|
Workaround for the time being: Disabling the |
Fixed in |
Similar to #209 there is instances in the wild searching for:
Object.apply (<anonymous>
in thrown error stack traces.Real browser:
Puppeteer with Extra Stealth 2.6.1
Second case fails the vendor detection test.
The text was updated successfully, but these errors were encountered: