A patch to modify some core Puppeteer files to decrease detection rates by switching execution to an isolated world.
More about isolated worlds here: https://developer.chrome.com/extensions/content_scripts
There is a more flexible patch for the srcdoc
leak issue located in ./src
.
Linux / Mac
$ ./src/bin/run
Windows
PS > ./src/bin/run
*package.json
{
"scripts": {
"patch-puppeteer": "./patch/bin/run"
}
}
Note: Other versions can apply manually, following the changes in the patch diff files.
-
1.19.0
-
2.1.1
-
5.2.1
-
5.3.1
-
7.0.1
-
5.3.1
-
7.0.1
- Install Patch-Package https://github.com/ds300/patch-package
- Copy the
patches
folder to your project directory - Run
npx patch-package
to apply the changes - Run
npx patch-package --reverse
to remove
To avoid maintaining a fork of vanilla Puppeteer, the patch makes a few edits to core Puppeteer files within your node_modules
folder.
The goal is to strip strings that reference Puppeteer which are exposed via throwing a new Error()
and checking the trace and switch pretty much every call to run in an isolated world (apart from waitForFunction
).
The patch modifies Puppeteer's FrameManager
class to automatically create a new Isolated World and use this as the context rather than the default one.
- Removes sourceURL from
Error
stack inspection. - There is an evasion in
puppeteer-extra
for this which is worth implementing as well as it is likely more robust.
- Remove the reference to puppeteer in the utility world name.
- Overwrite basically every call to the unprotected
_mainWorld
with_secondaryWorld
except forevaluate()
,$eval()
,waitForFunction()
.
- Remove reference to puppeteer in the Chrome profile name.
- Remove reference to puppeteer in the Firefox profile name.
If using Patch-Package running patch-package --reverse
should work.
$ npx patch-package --reverse;
If manually editing your files, just delete your node_modules
folder and run npm install
again.
$ rm -rf ./node_modules; npm install;
If you'd like to create a test to check if your code is detectable, there is a basic starting point here:
- Puppeteer Test: https://github.com/prescience-data/puppeteer-botcheck/blob/b6848845b8b5887608784caa2fe7a078db866e9b/Botcheck.js#L45
- Host Monitoring Execution: https://github.com/prescience-data/prescience-data.github.io/blob/master/execution-monitor.html
- URL of the live test: https://prescience-data.github.io/execution-monitor.html
Here's the differences between unpatched and patched:
The patched version still runs any scripts injected via page.evaluateOnNewDocument()
in the _mainWorld
so watch for that.
However, everything else is running in the _isolatedWorld
and outside the security scope of detection scripts monitoring execution.
The existing page scripts will continue to run as normal in the Main World and will appear to function as normal (which is good), but you will no longer be able to interact with on-page scripts (which might be bad, depending on your use-case).
Naturally, they would be able to observe changes you make to the DOM, but only the outcome, not how the execution is occurring. Consider the implications of this before using.