npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

hello-world-stealth

v2.6.3

Published

Stealth mode: Applies various techniques to make detection of headless puppeteer harder.

Downloads

12

Readme

puppeteer-extra-plugin-stealth Build Status npm

A plugin for puppeteer-extra to prevent detection.

Install

yarn add puppeteer-extra-plugin-stealth
# - or -
npm install puppeteer-extra-plugin-stealth

If this is your first puppeteer-extra plugin here's everything you need:

yarn add puppeteer puppeteer-extra puppeteer-extra-plugin-stealth
# - or -
npm install puppeteer puppeteer-extra puppeteer-extra-plugin-stealth

Usage

// puppeteer-extra is a drop-in replacement for puppeteer,
// it augments the installed puppeteer with plugin functionality
const puppeteer = require('puppeteer-extra')

// add stealth plugin and use defaults (all evasion techniques)
const StealthPlugin = require('hello-world-stealth')
puppeteer.use(StealthPlugin())

// puppeteer usage as normal
puppeteer.launch({ headless: true }).then(async browser => {
  console.log('Running tests..')
  const page = await browser.newPage()
  await page.goto('https://bot.sannysoft.com')
  await page.waitFor(5000)
  await page.screenshot({ path: 'testresult.png', fullPage: true })
  await browser.close()
  console.log(`All done, check the screenshot. ✨`)
})

puppeteer-extra and most plugins are written in TS, so you get perfect type support out of the box. :)

import puppeteer from 'puppeteer-extra'
import StealthPlugin from 'hello-world-stealth'

puppeteer
  .use(StealthPlugin())
  .launch({ headless: true })
  .then(async browser => {
    const page = await browser.newPage()
    await page.goto('https://bot.sannysoft.com')
    await page.waitFor(5000)
    await page.screenshot({ path: 'stealth.png', fullPage: true })
    await browser.close()
  })

Please check this wiki entry in case you have TypeScript related import issues.

Please check out the main documentation to learn more about puppeteer-extra (Firefox usage, other Plugins, etc).

Status

  • puppeeteer-extra with stealth passes all public bot tests.

Please note: I consider this a friendly competition in a rather interesting cat and mouse game. If the other team (👋) wants to detect headless chromium there are still ways to do that (at least I noticed a few, which I'll tackle in future updates).

It's probably impossible to prevent all ways to detect headless chromium, but it should be possible to make it so difficult that it becomes cost-prohibitive or triggers too many false-positives to be feasible.

If something new comes up or you experience a problem, please do your homework and create a PR in a respectful way (this is Github, not reddit) or I might not be motivated to help. :)

Changelog

🎁 Note: Until we've automated changelog updates in markdown files please follow the #announcements channel in our discord server for the latest updates and changelog info.

Older changelog:

v2.4.7

  • New: user-agent-override - Used to set a stealthy UA string, language & platform. This also fixes issues with the prior method of setting the Accept-Language header through request interception (#104, kudos to @Niek)
  • New: navigator.vendor - Makes it possible to optionally override navigator.vendor (#110, thanks @Niek)
  • Improved: navigator.webdriver: Now uses ES6 Proxies to pass instanceof tests (#117, thanks @aabbccsmith)
  • Removed: user-agent, accept-language (now obsolete)

v2.4.2 / v2.4.1

  • Improved: iframe.contentWindow - We now proxy the original window object and smartly redirect calls that might reveal it's true identity, as opposed to mocking it like peasants :)
  • Improved: accept-language - More robust and it's now possible to set a custom locale if needed.
  • ⭐️ Passes the headless-cat-n-mouse test

v2.4.0

Let's ring the bell for round 2 in this cat and mouse fight 😄

  • New: All evasions now have a specific before and after test to make make this whole topic less voodoo
  • New: media.codecs - we spoof the presence of proprietary codecs in Chromium now
  • New & improved: iframe.contentWindow - Found a way to fix srcdoc frame based detection without breaking recaptcha inline popup & other iframes (please report any issues)
  • New: accept-language - Adds a missing Accept-Language header in headless (capitalized correctly, page.setExtraHTTPHeaders is all lowercase which can be detected)
  • Improved: chrome.runtime - More extensive mocking of the chrome object
  • ⭐️ All fpscanner tests are now green, as well as all intoli tests and the areyouheadless test
  • Improved: navigator.plugins - we fully emulate plugins/mimetypes in headless now 🎉
  • New: webgl.vendor - is otherwise set to "Google" in headless
  • New: window.outerdimensions - fix missing window.outerWidth/outerHeight and viewport
  • Fixed: navigator.webdriver now returns undefined instead of false

Test results (red is bad)

Vanilla puppeteer without stealth 😢

Puppeteer with stealth plugin 💯

Note: The MQ_SCREEN test is broken on their page (will fail in regular Chrome as well).

Tests have been done using this test site and these scripts.

Improved reCAPTCHA v3 scores

Using stealth also seems to help with maintaining a normal reCAPTCHA v3 score.

Note: The official test is to be taken with a grain of salt, as the score is calculated individually per site and multiple other factors (past behaviour, IP address, etc). Based on anecdotal observations it still seems to work as a rough indicator.

Tip: Have a look at the recaptcha plugin if you have issues with reCAPTCHAs.

API

Table of Contents

class: StealthPlugin

  • opts Object? Options (optional, default {})
    • opts.enabledEvasions Set<string>? Specify which evasions to use (by default all)

Extends: PuppeteerExtraPlugin

Stealth mode: Applies various techniques to make detection of headless puppeteer harder. 💯

Purpose

There are a couple of ways the use of puppeteer can easily be detected by a target website. The addition of HeadlessChrome to the user-agent being only the most obvious one.

The goal of this plugin is to be the definite companion to puppeteer to avoid detection, applying new techniques as they surface.

As this cat & mouse game is in it's infancy and fast-paced the plugin is kept as flexibile as possible, to support quick testing and iterations.

Modularity

This plugin uses puppeteer-extra's dependency system to only require code mods for evasions that have been enabled, to keep things modular and efficient.

The stealth plugin is a convenience wrapper that requires multiple evasion techniques automatically and comes with defaults. You could also bypass the main module and require specific evasion plugins yourself, if you whish to do so (as they're standalone puppeteer-extra plugins):

// bypass main module and require a specific stealth plugin directly:
puppeteer.use(
  require('puppeteer-extra-plugin-stealth/evasions/console.debug')()
)

Contributing

PRs are welcome, if you want to add a new evasion technique I suggest you look at the template to kickstart things.

Kudos

Thanks to Evan Sangaline and Paul Irish for kickstarting the discussion!


Example:

const puppeteer = require('puppeteer-extra')
// Enable stealth plugin with all evasions
puppeteer.use(require('hello-world-stealth')())
;(async () => {
  // Launch the browser in headless mode and set up a page.
  const browser = await puppeteer.launch({
    args: ['--no-sandbox'],
    headless: true
  })
  const page = await browser.newPage()

  // Navigate to the page that will perform the tests.
  const testUrl =
    'https://intoli.com/blog/' +
    'not-possible-to-block-chrome-headless/chrome-headless-test.html'
  await page.goto(testUrl)

  // Save a screenshot of the results.
  const screenshotPath = '/tmp/headless-test-result.png'
  await page.screenshot({ path: screenshotPath })
  console.log('have a look at the screenshot:', screenshotPath)

  await browser.close()
})()

.availableEvasions

Type: Set<string>

Get all available evasions.

Please look into the evasions directory for an up to date list.

Example:

const pluginStealth = require('hello-world-stealth')()
console.log(pluginStealth.availableEvasions) // => Set { 'user-agent', 'console.debug' }
puppeteer.use(pluginStealth)

.enabledEvasions

Type: Set<string>

Get all enabled evasions.

Enabled evasions can be configured either through opts or by modifying this property.

Example:

// Remove specific evasion from enabled ones dynamically
const pluginStealth = require('hello-world-stealth')()
pluginStealth.enabledEvasions.delete('console.debug')
puppeteer.use(pluginStealth)

defaultExport(opts?)

  • opts Object? Options
    • opts.enabledEvasions Set<string>? Specify which evasions to use (by default all)

Default export, PuppeteerExtraStealthPlugin


License

Copyright © 2020, berstend̡̲̫̹̠̖͚͓̔̄̓̐̄͛̀͘. Released under the MIT License.