[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-71251":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":22,"hasPages":24,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":43,"readmeContent":44,"aiSummary":45,"trendingCount":16,"starSnapshotCount":16,"syncStatus":46,"lastSyncTime":47,"discoverSource":48},71251,"browser-fingerprinting","niespodd\u002Fbrowser-fingerprinting","niespodd","Analysis of Bot Protection systems with available countermeasures 🚿. How to defeat anti-bot system 👻 and get around browser fingerprinting scripts 🕵️‍♂️ when scraping the web?","https:\u002F\u002Fniespodd.github.io\u002Fbrowser-fingerprinting\u002F",null,"JavaScript",5034,275,67,9,0,7,8,26,21,38.32,false,"main",true,[26,27,28,29,30,31,5,32,33,34,35,36,37,38,39,40,41,42],"abck","arkose","automation","aws-waf-token","bot","bot-detection","chromium-browser","crawler","detection","fingerprinting","perimeterx","recaptcha","reese84","scraper","stealth","webscraping","x-kpsdk-ct","2026-06-12 02:02:49","\u003Ctable>\n\u003Ctr>\n\u003Ctd width=\"50%\" colspan=2>\n\u003Csup>This repository's development would not have been possible without the support of many partners and sponsors.\u003C\u002Fsup>\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\u003Ctd colspan=2>\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd width=\"50%\">\n    \u003Ca href=\"https:\u002F\u002Fwww.scrapingbee.com\u002F?fpr=darius82\">\n        \u003Csup>\u003Cb>ScrapingBee - Sign up for a free trial and get -10% on the first invoice with code \"NIESPODD\"\u003C\u002Fb>\u003Cbr>\u003C\u002Fsup>\n        \u003Cimg src=\".\u002Fassets\u002Fscrapingbee.png\" height=80>\n    \u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd width=\"50%\">\n    \u003Ca href=\"https:\u002F\u002Fmultilogin.com\u002Fantidetect\u002Fantidetect-browser\u002F?utm_source=niespodd&utm_medium=partner&a_aid=niespodd&a_bid=f392e357\">\n        \u003Csup>\u003Cb>MultiLogin - undetectable automation with built-in, quality residential proxies. Test 3 days for €1.99.\u003C\u002Fb>\u003Cbr>\u003C\u002Fsup>\n        \u003Cimg src=\".\u002Fassets\u002Fml.png\" height=80>\n    \u003C\u002Fa>\n\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftable>\n\n# Avoiding bot detection: How to scrape the web without getting blocked? 👨‍🔧\n\nWhether you're just starting to build a web scraper from scratch and wondering what you're doing wrong because your solution isn't working, or you've already been working with crawlers for a while and are stuck on a page that gives you an error saying you're a bot, you can't go any further, keep reading.\n\nAnti-bot solutions have evolved in recent years. More and more websites are introducing security measures: from simple ones, such as filtering IP addresses according to their geolocation, to advanced ones based on in-depth analysis of browser parameters and behavioral analysis. All this makes web scraping content more difficult and costly than a few years ago. Nevertheless, it is still possible. Here I highlight a few tips that you may find helpful.\n\n## Where to begin building undetectable bot?\n\nBelow you can find list of curated services that I used to get around different anti-bot protections. Depending on your use-case you may need one of the following:\n\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Scenario\u002Fuse-case\u003C\u002Fth>\n\u003Cth>Solution\u003C\u002Fth>\n\u003Cth>Example\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>\u003Cb>Short-lived sessions without auth\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Pool of rotating IP addresses\u003C\u002Ftd>\n\u003Ctd>That comes handy when you scrape websites like Amazon, Walmart or public LinkedIn pages. That is any website where no sign-in is required. You plan to make a high number of short-lived sessions and can afford being blocked every now and then.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Cb>Geographically restricted websites\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Region-specific pool of IP addresses\u003C\u002Ftd>\n\u003Ctd>This is useful when the website uses a firewall similar to \u003Ca href=\"https:\u002F\u002Fcommunity.cloudflare.com\u002Ft\u002Fblocking-entire-countries\u002F24172\u002F8\">the one from Cloudflare to block entire geography\u003C\u002Fa> from accessing it.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Cb>Long-lived sessions after sign-in\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Repeatable pool of IP addresses and stable set of browser fingerprints\u003C\u002Ftd>\n\u003Ctd>The most common scenario here is social media automation e.g. you build a tool to automate social media accounts to manage ads more efficiently.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Cb>Javascript-based detection\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Use of popular evasion libraries, similar to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fberstend\u002Fpuppeteer-extra\u002Ftree\u002Fmaster\u002Fpackages\u002Fpuppeteer-extra-plugin-stealth\">puppeteer-extra-plugin-stealth\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>There is a number of websites utilizing \u003Ca href=\"https:\u002F\u002Ffingerprintjs.com\u002F\">FingerprintJS\u003C\u002Fa> that can be easily bypassed when you employ open-source plugins such as the aforementioned puppeteer stealth plugin to work with your existing software.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Cb>Detection with browser fingerprinting techniques\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Natural looking browser fingerprints. That is, having covered the whole surface that is being validated by the installed Javascript solution on the target website.\u003C\u002Ftd>\n\u003Ctd>These are one of the most advanced cases. Mainstream examples are credit card processors such as Adyen or Stripe. A very sophisticated browser fingerprint is being created to detect credit fraud, or prompt additional authorization from the user.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Cb>Unique set of detection techniques\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Specialized bot software that targets the unique detection surface of the target website.\u003C\u002Ftd>\n\u003Ctd>Good examples are \u003Ca href=\"https:\u002F\u002Fwww.businessinsider.com\u002Fsneaker-bots-how-to-buy-make-and-run-the-tech-2021-1\">sneakers marketplace websites and e-commerce shops, reportedly being under heavy attack from custom made bot software\u003C\u002Fa>.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Cb>Simple custom-made detection techniques\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>Before diving into any of the above, if you are targeting a smaller website, it is very likely that all you need is a \u003Ca href=\"https:\u002F\u002Fwww.zyte.com\u002Fblog\u002Fhow-to-scrape-the-web-without-getting-blocked\u002F\">Scrapy script with tweaks\u003C\u002Fa>, a cheap data-center proxy, and you are good to go.\u003C\u002Ftd>\n\u003Ctd>-\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\nOnce you have decided on what type of evasion is going to be needed in your project, you can use the list below to pick the best provider for your project:\n\n### Helpful services\n\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Type\u003C\u002Fth>\n\u003Cth width=50%>Service\u003C\u002Fth>\n\u003Cth>Note\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd rowspan=2>\u003Cb>Proxy\u003C\u002Fb>\u003C\u002Ftd>\n\u003Ctd>\n    \u003Cb>BrightData (formerly Luminati Networks)\u003C\u002Fb>\u003Cbr>\n    \u003Ca href=\"#\">\u003Cimg src=\".\u002Fassets\u002Fbrightdata.png\">\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n    One of the most popular, but probably as well the most expensive, proxy provider. The IP pool is mainly sourced from users of HolaVPN and an app monetization SDK. \n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\n\u003Ctr>\n\u003Ctd>\n    \u003Cb>Oxylabs\u003C\u002Fb>\u003Cbr>\n    \u003Ca href=\"#\">\u003Cimg src=\".\u002Fassets\u002Foxylabs.png\">\u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n    Competitor to BrightData with more no-code\u002Flow-code scraping products.\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\n\u003Ctr>\n\u003Ctd rowspan=2>\n    \u003Cb>Scraping as a service\u003C\u002Fb>\n\u003C\u002Ftd>\n\u003Ctd>\n    \u003Ca href=\"https:\u002F\u002Fcutt.ly\u002FVRkHvnL\">\n        \u003Cb>ScrapingBee\u003C\u002Fb>\u003Cbr>\n        \u003Cimg src=\".\u002Fassets\u002Fscrapingbee.png\">\n    \u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n    \u003Cu>\u003Cstrong>Highly recommended 👍\u003C\u002Fstrong>\u003C\u002Fu>\u003Cbr \u002F>\n    One of the most advanced stealthy scraping as a service. At times it may be cheaper than building a dedicated scraping solution - they do not charge for the amount of traffic used.\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n    \n\u003Ctr>\n\u003Ctd>\n    \u003Ca href=\"https:\u002F\u002Fcutt.ly\u002F8RkGETc\">\n        \u003Cb>Apify.com\u003C\u002Fb>\u003Cbr>\n        \u003Cimg src=\".\u002Fassets\u002Fapify.png\">\n    \u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n    Apify has evolved into a complete scraping and automation SaaS platform, with ready-made tools, an integrated proxy, and custom solutions for scraping at any scale. Developers can also create scrapers on the platform and rent them to other users.\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\n\u003Ctr>\n\u003Ctd>\n    \u003Cb>De-captcha as a service\u003C\u002Fb>\n\u003C\u002Ftd>\n\u003Ctd>\n    \u003Ca href=\"https:\u002F\u002Fcutt.ly\u002FNRkGtmo\">\n        \u003Cb>Anti Captcha: Captcha Solving Service. Bypass reCAPTCHA, FunCaptcha (...)\u003C\u002Fb>\u003Cbr>\n        \u003Cimg src=\".\u002Fassets\u002Fanticaptcha.png\">\n    \u003C\u002Fa>\n\u003C\u002Ftd>\n\u003Ctd>\n    Self-explanatory. Bitcoin accepted ❤️.\n\u003C\u002Ftd>\n\u003C\u002Ftr>\n\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\n## List of anti-bot software providers\n\nThis is a non-exhaustive list of companies that provide the most advanced anti-bot solutions for businesses ranging from smaller e-commerce sites to Fortune 500 companies:\n\n- [Akamai Bot Manager by Akamai](https:\u002F\u002Fwww.akamai.com\u002Fuk\u002Fen\u002Fproducts\u002Fsecurity\u002Fbot-manager.jsp)\n- [Advanced Bot Protection by Imperva](https:\u002F\u002Fwww.imperva.com\u002Fproducts\u002Fadvanced-bot-protection-management\u002F) (former Distil Networks)\n- [DataDome Bot Protection](https:\u002F\u002Fdatadome.co\u002Fbot-protection\u002F)\n- [PerimeterX](https:\u002F\u002Fwww.perimeterx.com\u002F) (acquired by HUMAN)\n- [Shape Security](https:\u002F\u002Fwww.shapesecurity.com\u002F) (acquired by F5)\n- [Cloudflare Bot Management](https:\u002F\u002Fwww.cloudflare.com\u002Fen-gb\u002Fproducts\u002Fbot-management\u002F)\n- [Barracuda Advanced Bot Protection](https:\u002F\u002Fwww.barracuda.com\u002Fproducts\u002Fadvanced-bot-protection)\n- [HUMAN](https:\u002F\u002Fwww.humansecurity.com\u002Fproducts\u002Fplatform)\n- [Kasada](https:\u002F\u002Fwww.kasada.io\u002F)\n- [Alibaba Cloud Anti-Bot Service](https:\u002F\u002Fwww.alibabacloud.com\u002Fproducts\u002Fantibot)\n- [Travatar](https:\u002F\u002Ftravatar.ai\u002F)\n- [Ocule](https:\u002F\u002Focule.io\u002F)\n- [Sift](https:\u002F\u002Fsiftscience.com)\n- [Forter](https:\u002F\u002Fwww.forter.com\u002F)\n- [Reblaze](https:\u002F\u002Fwww.reblaze.com\u002F)\n- [Arkose Labs](https:\u002F\u002Fwww.arkoselabs.com\u002F)\n- [LexisNexis® ThreatMetrix®](https:\u002F\u002Frisk.lexisnexis.com\u002Fproducts\u002Fthreatmetrix)\n\n### How do you know who is getting you blocked?\n\n\u003Cimg src=\".\u002Fassets\u002Fbotty_mcbotface.png\">\n\nJoin [extra.community](https:\u002F\u002Fextra.community\u002F). There runs an automated tester **Botty McBotface** that uses several complicated techniques to determine what exact protection a tested website uses (credits to [berstend](https:\u002F\u002Fgithub.com\u002Fberstend) and others from #insiders).\n\n### Available stealth browsers with automation features\n\n**Important** You use this software at your own risk. Some of them contain malwares just fyi. **Use with caution.**\n\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Stealth Browser\u003C\u002Fth>\n\u003Cth>Puppeteer\u003C\u002Fth>\n\u003Cth>Selenium\u003C\u002Fth>\n\u003Cth>Evasions\u003C\u002Fth>\n\u003Cth>SDK\u002FTooling\u003C\u002Fth>\n\u003Cth>Origin\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fgologinapp.com\">GoLogin\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🤮\u003C\u002Ftd>\n\u003Ctd>👍\u003C\u002Ftd>\n\u003Ctd>🇺🇸 + 🇷🇺\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fincogniton.com\">Incogniton\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🤮\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🇳🇱 ❓\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwww.clonbrowser.com\u002F\">ClonBrowser\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🤮\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🇸🇬\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fmultilogin.com\">MultiLogin\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🤮\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🇪🇪 + 🇷🇺\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Findigobrowser.com\">Indigo Browser\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🤮\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🇪🇪\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fghostbrowser.com\">GhostBrowser\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>👍\u003C\u002Ftd>\n\u003Ctd>🇺🇸\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fkameleo.io\u002F?ref=10697\">Kameleo\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🤮\u003C\u002Ftd>\n\u003Ctd>✔️\u003C\u002Ftd>\n\u003Ctd>🇭🇺\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fantbrowser.pro\">AntBrowser\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>🇷🇺\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fv03.chebrowser.site\u002F\">CheBrowser\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>❌\u003C\u002Ftd>\n\u003Ctd>🤮\u002F✔️\u003C\u002Ftd>\n\u003Ctd>👍\u003C\u002Ftd>\n\u003Ctd>🇷🇺\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\n**Legend:** 🤮 - Evasion based on noise. ❌ - No. ✔️ - Acceptable (with support libraries or not). 👍 - Very nice.\n\n---\n\nA ⭐ on this repo will be **appreciated**!\n\n---\n\n# Technical insights into bypassing bot detection\n\nHere I study various aspects of evasion techniques used to get around bot detection systems used by major online websites. I cover both technical and non-technical matters, including recommendations, references to scientific papers and more.\n\nThe technical findings that I am sharing below are based on observations of running web scraping scripts for a few months against websites protected by [the major anti-bot solution vendors](#list-of-anti-bot-firewall-vendors).\n\n_I constantly add stuff to this section. Over time I will try to make it look&feel more structured._\n\n## Random, maybe useful\n\n- [Cap FPS for Chromium with software rendering --use-gl=swiftshader](https:\u002F\u002Fgist.github.com\u002Fniespodd\u002Fc7fd14e0e58652e74c0f1fdbd819112d) - Limit CPU usage from SwiftShader by redraw freq. of Chromium in AVD\n- Unlike some public comments on that matter **chrome devtools protocol actually works** on AVD-s with puppeteer\n- [Abusing GPU cache to create persistent tracking identifiers](https:\u002F\u002Fniespodd.github.io\u002Fpersistent-tracking-shader-cache\u002F)\n- [Data WhiteOps (now HUMAN) collects (2020)](https:\u002F\u002Fsmitop.com\u002Fpost\u002Fwhiteops-data\u002F)\n\n## [puppeteer-extra-plugin-stealth 😈](https:\u002F\u002Fgithub.com\u002Fberstend\u002Fpuppeteer-extra\u002Ftree\u002Fmaster\u002Fpackages\u002Fpuppeteer-extra-plugin-stealth)\n\n✔️ Win \u002F ❌ Fail \u002F 🤷 Tie :\n\n- ✔️ **Client Hints** - [Shipped recently](https:\u002F\u002Fgithub.com\u002Fberstend\u002Fpuppeteer-extra\u002Fpull\u002F413). In line with Chromium cpp implementation.\n- ✔️ **General `navigator` and `window` properties**\n- ✔️ **Chrome plugins and native extensions** - This includes both Widevine DRM extension, as well as Google Hangouts, safe-browsing etc.\n- [🤷 p0f - detect host OS from TCP struct](https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FP0f) - Not possible to fix via Puppeteer APIs. Used in [Akamai Bot Manager](https:\u002F\u002Fwww.akamai.com\u002Fuk\u002Fen\u002Fproducts\u002Fsecurity\u002Fbot-manager.jsp) to match against JS and browser headers (Client Hints and `User-Agent`). There is a [detailed explaination of the issue](https:\u002F\u002Fnmap.org\u002Fmisc\u002Fdefeat-nmap-osdetect.html). The most reliable evasion seems to be not spoofing host OS at all, or using [OSfooler-ng](https:\u002F\u002Fgithub.com\u002Fsegofensiva\u002FOSfooler-ng).\n- 🤷 **Browser dimensions** - Although [stealth plugin provides `window.outerdimensions` evasion](https:\u002F\u002Fgithub.com\u002Fberstend\u002Fpuppeteer-extra\u002Fblob\u002Fmaster\u002Fpackages\u002Fpuppeteer-extra-plugin-stealth\u002Fevasions\u002Fwindow.outerdimensions\u002Findex.js#L25), it won't work without correct config on non-default OS in headless mode; almost always fails when `viewport size >= screen resolution` (low screen resolution display on the host).\n- [❌ core-estimator](https:\u002F\u002Fgithub.com\u002Foftn-oswg\u002Fcore-estimator\u002Fblob\u002Fmaster\u002Fcore-estimator.js) - This can detect mismatch between navigator.hardwareConcurrency and SW\u002FWW execution profile. Not possible to limit\u002Fbump the `ServiceWorker`\u002F`WebWorker` thread limit via existng Puppeteer APIs.\n- ❌ **WebGL extensions profiling** - desc. tbd\n- ❌ **RTCPeerConnection when behind a proxy** - Applies to both SOCKS and HTTP(S) proxies.\n- ❌ **Performance.now** - desc. tbd (red pill)\n- ❌ **WebGL profiling** - desc. tbd\n- ❌ **Behavior Detection** - desc. tbd (events, params, ML+AI buzz)\n- ❌ **Font fingerprinting** - desc. tbd (list+version+renderer via HTML&canvas)\n- ❌ **Network Latency** - desc. tbd (integrity check: proxy det., JS networkinfo, dns resolv profiling&timing)\n- ❌ **Battery API** - desc. tbd\n- ❌ **Gyroscope and other (mostly mobile) device sensors** - desc. tbd\n\n## Stealth alternatives 🩹\n\nWhere `puppeteer-extra-plugin-stealth` falls short, there are attempts to go deeper and patch at lower levels. `Runtime.Enable` events, `navigator.webdriver`, and other attributes can't be reliably masked for JS in JS (`Object.defineProperty`). Below are some projects patching at either the automation library level, the CDP transport, or the browser binary itself:\n\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Repo\u003C\u002Fth>\n\u003Cth>Updated\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fultrafunkamsterdam\u002Fnodriver\">nodriver\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002Fultrafunkamsterdam\u002Fnodriver?style=flat-square&label=\" alt=\"last commit\">\u003C\u002Ftd>\n\u003Ctd>Successor to undetected-chromedriver. Skips Selenium\u002FChromedriver and drives Chrome over CDP directly, so the WebDriver-flavored leaks are gone.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Frebrowser\u002Frebrowser-patches\">rebrowser-patches\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002Frebrowser\u002Frebrowser-patches?style=flat-square&label=\" alt=\"last commit\">\u003C\u002Ftd>\n\u003Ctd>Drop-in patches for Puppeteer\u002FPlaywright that fix the \u003Ccode>Runtime.Enable\u003C\u002Fcode> leak and other CDP giveaways most stealth plugins still miss.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FKaliiiiiiiiii-Vinyzu\u002Fpatchright\">patchright\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002FKaliiiiiiiiii-Vinyzu\u002Fpatchright?style=flat-square&label=\" alt=\"last commit\">\u003C\u002Ftd>\n\u003Ctd>Patched Playwright fork in the same spirit as rebrowser-patches.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fdaijro\u002Fcamoufox\">camoufox\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002Fdaijro\u002Fcamoufox?style=flat-square&label=\" alt=\"last commit\">\u003C\u002Ftd>\n\u003Ctd>Custom Firefox build with fingerprinting tweaks at the C++ level — refreshing change from JS-layer monkey patching.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fberstend\u002Fpuppeteer-extra\u002Ftree\u002Fmaster\u002Fpackages\u002Fplaywright-extra\">playwright-extra\u003C\u002Fa>\u003C\u002Ftd>\n\u003Ctd>\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flast-commit\u002Fberstend\u002Fpuppeteer-extra?style=flat-square&label=\" alt=\"last commit\">\u003C\u002Ftd>\n\u003Ctd>Same plugin pipeline as puppeteer-extra, but for Playwright.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\n## [Multilogin](https:\u002F\u002Fmultilogin.com), [Kameleo](https:\u002F\u002Fkameleo.io\u002F?ref=10697) and others 💰🤠\n\n- ❌ **General `navigator` and `window` properties** - As per [Multilogin documentation](https:\u002F\u002Fdocs.multilogin.com\u002Fl\u002Fen\u002Farticle\u002Fchvo34br5c-global-browser-profile-preferences) custom browser builds typically lag behind the latest additions added by browser vendors. In this case modified Chromium M7X is used (almost 10 versions behind when writing this).\n- 🤷 **Font masking** - Font fingerprinting still leaks host OS due to use of [different font rendering backends on Win\u002FLin\u002FMac](https:\u002F\u002Fblog.typekit.com\u002F2010\u002F10\u002F15\u002Ftype-rendering-operating-systems\u002F). However, the basic \"font whitelisting\" technique can help to slightly rotate browser fingerprint.\n- ❌ **Inconsistencies** - Profile misconfiguration leads to early property\u002Fbehavior inconsitency detection.\n- ❌ **Native extensions** - Unlike `puppeteer-extra-plugin-stealth` custom Chromium builds such as ML and Kameleo provide at most an override for native plugins and extensions shipped with Google Chrome.\n- ❌ **AudioContext APIs and WebGL property override** - Manipulation of original canvas and audio waveform can be detected with custom JS.\n- ✔️ **Audio and GL noise**\n\ntbd (if you have an active subscription in any of these services and don't mind sharing an account drop me an email ❤️)\n\n### Fingerprint test pages\n\nThese websites may be useful to test fingerprinting techniques against a web scraping software\n\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>Test page\u003C\u002Fth>\n\u003Cth>Notes\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fbot.incolumitas.com\u002F\">https:\u002F\u002Fbot.incolumitas.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Very helpful and useful collection of tests\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fplaperdr.github.io\u002Fmorellian-canvas\u002FPrototype\u002Fwebpage\u002Fpicassauth.html\">https:\u002F\u002Fplaperdr.github.io\u002Fmorellian-canvas\u002FPrototype\u002Fwebpage\u002Fpicassauth.html\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>canvas fingerprinting on steroids\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fpixelscan.net\u002F\">https:\u002F\u002Fpixelscan.net\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Not 100% realiable as it often displays \"inconsistent\" to Chrome after a new update, but worth checking as the author adds new interesting detection features every now and then\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fbrowserleaks.com\u002F\">https:\u002F\u002Fbrowserleaks.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Doesn't need introduction 😉\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Ff.vision\u002F\">https:\u002F\u002Ff.vision\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Good quality test page from some 🇷🇺 guys\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwww.ipqualityscore.com\u002Fip-reputation-check\">https:\u002F\u002Fwww.ipqualityscore.com\u002Fip-reputation-check\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Commercial service with free reputation check against popular blacklists\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fantcpt.com\u002Feng\u002Finformation\u002Fdemo-form\u002Frecaptcha-3-test-score.html\">https:\u002F\u002Fantcpt.com\u002Feng\u002Finformation\u002Fdemo-form\u002Frecaptcha-3-test-score.html\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>ReCaptcha score as well as some interesting notes on how to optimize captcha solving costs\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fja3er.com\u002F\">https:\u002F\u002Fja3er.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>💀 dead since ~2022 — SSL\u002FTLS fingerprint, kept here for historical reference\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Ftls.peet.ws\u002F\">https:\u002F\u002Ftls.peet.ws\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>TLS fingerprint (JA3, JA4, HTTP2 frames, Akamai fingerprint) — pretty much replacement for ja3er\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Ffingerprintjs.com\u002Fdemo\u002F\">https:\u002F\u002Ffingerprintjs.com\u002Fdemo\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Good for basic tests - from people who believe and claim can create unique fingerprints \"99.5%\" of the time\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fcoveryourtracks.eff.org\u002F\">https:\u002F\u002Fcoveryourtracks.eff.org\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwww.deviceinfo.me\u002F\">https:\u002F\u002Fwww.deviceinfo.me\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Famiunique.org\u002F\">https:\u002F\u002Famiunique.org\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"http:\u002F\u002Funiquemachine.org\u002F\">http:\u002F\u002Funiquemachine.org\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"http:\u002F\u002Fdnscookie.com\u002F\">http:\u002F\u002Fdnscookie.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwhatleaks.com\u002F\">https:\u002F\u002Fwhatleaks.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fantcpt.com\u002Feng\u002Finformation\u002Fdemo-form\u002Frecaptcha-3-test-score.html\">https:\u002F\u002Fantcpt.com\u002Feng\u002Finformation\u002Fdemo-form\u002Frecaptcha-3-test-score.html\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Check your reCaptcha score\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fantoinevastel.com\u002Fbots\u002F\">https:\u002F\u002Fantoinevastel.com\u002Fbots\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fantoinevastel.com\u002Fbots\u002Fdatadome\">https:\u002F\u002Fantoinevastel.com\u002Fbots\u002Fdatadome\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fiphey.com\u002F\">https:\u002F\u002Fiphey.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fbot.sannysoft.com\u002F\">https:\u002F\u002Fbot.sannysoft.com\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwebbrowsertools.com\u002Fcanvas-fingerprint\u002F\">https:\u002F\u002Fwebbrowsertools.com\u002Fcanvas-fingerprint\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fwebbrowsertools.com\u002Fwebgl-fingerprint\u002F\">https:\u002F\u002Fwebbrowsertools.com\u002Fwebgl-fingerprint\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Ffingerprint.com\u002Fproducts\u002Fbot-detection\u002F\">https:\u002F\u002Ffingerprint.com\u002Fproducts\u002Fbot-detection\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>-\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Fabrahamjuliot.github.io\u002Fcreepjs\u002F\">https:\u002F\u002Fabrahamjuliot.github.io\u002Fcreepjs\u002F\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Really creepy, the strongest of all\u003C\u002Ftd>\u003C\u002Ftr>\n\u003Ctr>\u003Ctd>\u003Ca href=\"https:\u002F\u002Ffingerprint-scan.com\u002Fbrowser_extensions\">https:\u002F\u002Ffingerprint-scan.com\u002Fbrowser_extensions\u003C\u002Fa>\u003C\u002Ftd>\u003Ctd>Probes installed browser extensions against a database of known web-accessible extension resources\u003C\u002Ftd>\u003C\u002Ftr>\n\u003C\u002Ftbody>\n\u003C\u002Ftable>\n\n# Non-technical notes\n\nI need to make a general remark to people who are evaluating (and\u002For) planning to introduce anti-bot software on their websites. **Anti-bot software is nonsense.** Its snake oil sold to people without technical knowledge for heavy bucks.\n\nBlocking bot traffic is based on the premise that you (or your technology provider) can **distinguish bots from real users**. To make this happen various privacy-invasive techniques are applied. To date none of them has been proved to be successful against specialized web scraping tools. **Anti-bot software is all about reducing cheap bot traffic.** It makes the process of scraping more expensive and complicated, but **does not make it entirely impossible**.\n\nAnti-bot software vendors use detection techniques that fall into one of these two categories:\n\n### Binary detection\n\nNo specialized web scraping software is used. Vendor can detect the bad traffic based on information openly disclosed by the scraper e.g. `User-Agent` header, connection parameters etc.\n\nAs a result **only bots that are not targeted to scrape specific website are blocked**. This will make most of the managers happy, because the overall number of _bad traffic_ goes down and it may almost look like there is no more bot traffic on the website. **Wrong.**\n\n### Traffic clustering\n\nMore advanced web scrapers make use of residential proxies and implement complex evasion techniques to fool anti-bot software to think that the web scraper is a real user. No detection mechanism exists to get around this due to technical limitation of web browsers.\n\nIn this case, most of the time the vendor will be only able to **cluster the bad traffic** by finding patterns in bot traffic and behavior. This is where browser fingerprinting comes into play. The problem with banning the traffic here is that it may turn out to be a risky operation when bots are successfully mimicking real users. There is a chance that **by blocking bots the website will become unavailable to real visitors**.\n\n### _Gateways, captchas & co_\n\nIf you think this is a way to go [google \"captcha resolve api\"](https:\u002F\u002Fletmegooglethat.com\u002F?q=captcha+resolve+api).\n\n## Support\n\nIf you have problems with scraping specific website, write me a short email at `dniespodziany@gmail.com` — happy to chat 😊.\n\nHave I mentioned a ⭐ would be appreciated? :-)\n\n➡️ Ethereum address `0x380a4b41fB5e0e1EB8c616eBD56f62f8F934Bab6`\n","该项目旨在分析反爬虫系统并提供应对措施，帮助用户绕过网站的浏览器指纹识别等反爬机制。其核心功能包括了多种技术手段来规避自动化检测，如利用动态IP池、调整浏览器参数以模拟真实用户行为等。项目使用JavaScript编写，适合需要进行网页抓取但遭遇反爬虫保护机制阻拦的场景，例如数据采集、市场研究或自动化测试等领域。通过该项目提供的策略和技术，开发者能够更有效地获取所需信息，同时减少被目标网站封锁的风险。",2,"2026-06-11 03:36:49","high_star"]