Merge pull request #282 from XrafACC/pr1

refactor: update stealth test bypass scripts

Author: Sytten

src/browser/config.rs

@@ -328,6 +328,9 @@ impl BrowserConfigBuilder {
 
     pub fn hide(mut self) -> Self {
         self.hidden = true;
+        if self.hidden && self.viewport == Some(Viewport::default()) {
+            self.viewport = None;
+        }
         self
     }
 

src/handler/viewport.rs

@@ -1,4 +1,4 @@
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, PartialEq)]
 pub struct Viewport {
     pub width: u32,
     pub height: u32,

src/page.rs

@@ -122,17 +122,66 @@ impl Page {
     async fn hide_plugins(&self) -> Result<(), CdpError> {
         self.execute(AddScriptToEvaluateOnNewDocumentParams {
             source: "
-                    Object.defineProperty(
-                        navigator,
-                        'plugins',
-                        {
-                            get: () => [
-                                { filename: 'internal-pdf-viewer' },
-                                { filename: 'adsfkjlkjhalkh' },
-                                { filename: 'internal-nacl-plugin '}
-                            ],
+                // Create a proper PluginArray-like object (NOT an Array!)
+                // Key insight: PluginArray is array-like but Array.isArray() returns false
+                const makePlugin = (name, filename, description) => {
+                    const plugin = Object.create(Plugin.prototype);
+
+                    Object.defineProperties(plugin, {
+                        name: { value: name, enumerable: true },
+                        filename: { value: filename, enumerable: true },
+                        description: { value: description, enumerable: true },
+                        length: { value: 1, enumerable: true },
+                        0: { value: { type: 'application/pdf', suffixes: 'pdf', description }, enumerable: true }
+                    });
+                    return plugin;
+                };
+
+                // Create the fake PluginArray using the real PluginArray prototype
+                const fakePlugins = Object.create(PluginArray.prototype);
+                const plugins = [
+                    makePlugin('PDF Viewer', 'internal-pdf-viewer', 'Portable Document Format'),
+                    makePlugin('Chrome PDF Viewer', 'internal-pdf-viewer', 'Portable Document Format'),
+                    makePlugin('Chromium PDF Viewer', 'internal-pdf-viewer', 'Portable Document Format'),
+                    makePlugin('Microsoft Edge PDF Viewer', 'internal-pdf-viewer', 'Portable Document Format'),
+                    makePlugin('WebKit built-in PDF', 'internal-pdf-viewer', 'Portable Document Format')
+                ];
+                // Add indexed access and length
+                plugins.forEach((p, i) => {
+                    Object.defineProperty(fakePlugins, i, { value: p, enumerable: true });
+                });
+                Object.defineProperty(fakePlugins, 'length', { value: plugins.length, enumerable: true });
+                // Add methods
+                Object.defineProperty(fakePlugins, 'item', { 
+                    value: function(index) { return this[index] || null; },
+                    enumerable: false
+                });
+                Object.defineProperty(fakePlugins, 'namedItem', { 
+                    value: function(name) { 
+                        for (let i = 0; i < this.length; i++) {
+                            if (this[i].name === name) return this[i];
                         }
-                    );
+                        return null;
+                    },
+                    enumerable: false
+                });
+
+                Object.defineProperty(fakePlugins, 'refresh', { 
+                    value: function() {},
+                    enumerable: false
+                });
+                // Make it iterable
+                Object.defineProperty(fakePlugins, Symbol.iterator, {
+                    value: function* () {
+                        for (let i = 0; i < this.length; i++) yield this[i];
+                    },
+                    enumerable: false
+                });
+
+                Object.defineProperty(Object.getPrototypeOf(navigator), 'plugins', {
+                    get: () => fakePlugins,
+                    configurable: true
+                });
                 "
             .to_string(),
             world_name: None,
@@ -163,14 +212,14 @@ impl Page {
         Ok(())
     }
 
-    /// Removes the `navigator.webdriver` property on frame creation
+    /// Sets the `navigator.webdriver` property to `false` on frame creation
     async fn hide_webdriver(&self) -> Result<(), CdpError> {
         self.execute(AddScriptToEvaluateOnNewDocumentParams {
             source: "
                     Object.defineProperty(
-                        navigator,
+                        Object.getPrototypeOf(navigator), //Fixes 'Object.getOwnPropertyNames(navigator) should return empty array'
                         'webdriver',
-                        { get: () => undefined }
+                        { get: () => false } //Fixes 'property should not be undefined'
                     );
                 "
             .to_string(),
@@ -1219,8 +1268,8 @@ impl Page {
     /// # async fn example(page: Page) -> Result<(), Box<dyn std::error::Error>> {
     /// // Hide webdriver property for stealth scraping
     /// page.evaluate_on_new_document(r#"
-    ///     Object.defineProperty(navigator, 'webdriver', {
-    ///         get: () => undefined
+    ///     Object.defineProperty(Object.getPrototypeOf(navigator), 'webdriver', {
+    ///         get: () => false
     ///     });
     /// "#).await?;
     /// # Ok(())

tests/lib.rs

@@ -6,6 +6,7 @@ use futures::{FutureExt, StreamExt};
 mod basic;
 mod config;
 mod page;
+mod stealth;
 
 pub async fn test<T>(test: T)
 where

tests/stealth/incolumitas.rs

@@ -0,0 +1,69 @@
+use std::time::Duration;
+
+use crate::test;
+use chromiumoxide::browser::Browser;
+use serde_json::Value;
+use tokio::time::sleep;
+
+#[tokio::test]
+async fn bot_detection() {
+    test(async |browser: &mut Browser| {
+        let page = browser.new_page("about:blank").await.unwrap();
+        page.enable_stealth_mode().await.unwrap();
+
+        page.goto("https://bot.incolumitas.com").await.unwrap();
+
+        sleep(Duration::from_secs(1)).await; //Wait 1 second to finish the tests
+
+        let new_test_raw = page
+        .find_element("#new-tests")
+        .await
+        .unwrap()
+        .inner_text()
+        .await
+        .unwrap()
+        .unwrap_or_else(|| "{}".to_string());
+
+        let new_test_json: Value = serde_json::from_str(&new_test_raw).unwrap();
+
+        let old_test_raw = page
+        .find_element("#detection-tests")
+        .await
+        .unwrap()
+        .inner_text()
+        .await
+        .unwrap()
+        .unwrap_or_else(|| "{}".to_string());
+        let old_test_json: Value = serde_json::from_str(&old_test_raw).unwrap();
+
+        let new_failed: Vec<String> = new_test_json
+        .as_object()
+        .unwrap()
+        .iter()
+        .filter_map(|(k, v)| if v == "FAIL" { Some(k.clone()) } else { None })
+        .collect();
+        assert!(
+            new_failed.is_empty(),
+                "New test FAIL: {}",
+                new_failed.join(", ")
+        );
+
+        let mut old_failed = Vec::new();
+        for (group, checks) in old_test_json.as_object().unwrap() {
+            for (key, value) in checks.as_object().unwrap() {
+                if group == "fpscanner" && key == "WEBDRIVER" {
+                    continue;
+                } //false alarm
+                if value == "FAIL" {
+                    old_failed.push(format!("{}.{}", group, key));
+                }
+            }
+        }
+        assert!(
+            old_failed.is_empty(),
+                "Old test FAIL: {}",
+                old_failed.join(", ")
+        );
+    })
+    .await;
+}

tests/stealth/mod.rs

@@ -0,0 +1,2 @@
+pub mod incolumitas;
+pub mod rebrowser;

tests/stealth/rebrowser.rs

@@ -0,0 +1,111 @@
+use std::time::Duration;
+
+use chromiumoxide::{BrowserConfig, Page};
+use serde::Deserialize;
+use tokio::time::sleep;
+
+use crate::test_config;
+
+#[derive(Debug, Deserialize)]
+struct DetectionRow {
+    #[serde(rename = "type")]
+    kind: String,
+
+    rating: f64,
+    note: String,
+}
+
+#[tokio::test]
+async fn bot_detection() {
+    let config = BrowserConfig::builder().hide().build().unwrap(); //needed .hide()
+    test_config(config, async |browser| {
+        let page = browser.new_page("about:blank").await.unwrap();
+        page.enable_stealth_mode().await.unwrap();
+
+        page.goto("https://bot-detector.rebrowser.net/")
+            .await
+            .unwrap();
+        test_dummyfn(&page).await;
+        test_sourceurlleak(&page).await;
+        //skip mainWorldExecution, because i'm noob
+        test_runtimeenableleak(&page).await;
+        test_exposefnleak(&page).await;
+        test_navigator_webdriver(&page).await;
+        test_viewport(&page).await;
+        test_initscripts(&page).await;
+        test_csp(&page).await;
+    })
+    .await;
+}
+
+async fn test_csp(page: &Page) {
+    let result = get_result(page, "bypassCsp").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+async fn test_initscripts(page: &Page) {
+    let result = get_result(page, "pwInitScripts").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+async fn test_viewport(page: &Page) {
+    let result = get_result(page, "viewport").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+
+async fn test_navigator_webdriver(page: &Page) { //Can easliy be broken (because extensions may override)
+    let result = get_result(page, "navigatorWebdriver").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+
+async fn test_exposefnleak(page: &Page) { //Has issue, can be skipped
+    page.expose_function("exposedFn", "() => { console.log('exposedFn call') }")
+        .await
+        .unwrap();
+    let result = get_result(page, "exposeFunctionLeak").await.unwrap();
+    assert!(result.rating <= 0.0, "{}", result.note)
+}
+
+async fn test_runtimeenableleak(page: &Page) {
+    let result = get_result(page, "runtimeEnableLeak").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+async fn test_sourceurlleak(page: &Page) {
+    page.evaluate("document.getElementById('detections-json')")
+        .await
+        .unwrap();
+    let result = get_result(page, "sourceUrlLeak").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+
+async fn test_dummyfn(page: &Page) {
+    page.evaluate("window.dummyFn()").await.unwrap();
+    let result = get_result(page, "dummyFn").await.unwrap();
+    assert!(result.rating < 0.0, "{}", result.note)
+}
+
+async fn get_result(page: &Page, target_kind: &str) -> Option<DetectionRow> { //maybe doesnt needed that much effort
+    let timeout_secs = 15;
+    let interval = Duration::from_millis(500);
+    let mut elapsed = Duration::from_secs(0);
+
+    loop {
+        let script = "document.querySelector('#detections-json') ? document.querySelector('#detections-json').value : ''";
+        if let Ok(Some(js_value)) = page.evaluate(script).await.map(|v| v.into_value::<String>().ok()) {
+            
+            if !js_value.trim().is_empty() && js_value.starts_with('[') {
+                if let Ok(list) = serde_json::from_str::<Vec<DetectionRow>>(&js_value) {
+                    if let Some(found) = list.into_iter().find(|p| p.kind == target_kind) {
+                            return Some(found);
+                    }
+                }
+            }
+        }
+
+        if elapsed >= Duration::from_secs(timeout_secs) {
+            println!("DEBUG: {} timed out!", target_kind);
+            return None;
+        }
+
+        sleep(interval).await;
+        elapsed += interval;
+    }
+}