Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detected by datadome in headless mode #26

Closed
aniketpradhann opened this issue Oct 6, 2024 · 8 comments
Closed

Detected by datadome in headless mode #26

aniketpradhann opened this issue Oct 6, 2024 · 8 comments

Comments

@aniketpradhann
Copy link

aniketpradhann commented Oct 6, 2024
edited
Loading

Its getting detected by datadome captcha in headless mode.

datadome

async def main():
    async with AsyncCamoufox(headless=True,
                             humanize=True,
                             block_images=False,
                             #proxy={},
                             block_webrtc=True) as browser:
        context = await browser.new_context()
        page = await context.new_page()
        user_agent = await page.evaluate("navigator.userAgent") 
        async with page.expect_response('https://geo.captcha-delivery.com/interstitial/') as response_info:
            await page.goto('https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAAHiYXWB1H3wAZ19SyA==&hash=14D062F60A4BDE8CE8647DFC720349&cid=zRY6jGoAt4X66kpIInPBRqvNGPci6M4vSc70JnH2aIRRfeKisDRTvlG7DLnVau1fA9yYn6YE0mk1YY0KIXMalv9jcJGSyDiAO57tuCoW9SZEycETrL3JfQGtdcRBJRx1&referer=https://datadome.co/&s=44330&b=1157165&dm=cd', wait_until="commit")
            response = await response_info.value
            response_body = await response.json()
            print(response_body)
        await context.close()
        await browser.close()
        print("Closed Browser")
asyncio.run(main())

its works fine in headful by returning the 'cookie': 'datadome=zRY6jGo...;', 'view': 'redirect', but in headless it always returns 'view': 'captcha',.
@daijro
Copy link
Owner

daijro commented Oct 6, 2024
edited
Loading

Hello, thank you for reporting this.

Do you have a testing site? I'm having trouble reproducing this locally with other high security Datadome testing sites. I'd love to look into this.

@aniketpradhann
Copy link
Author

aniketpradhann commented Oct 6, 2024
edited
Loading

im using https://datadome.co/ for testing. they issue is only reproducible in headless mode.
https://geo.captcha-delivery.com/interstitial/ the response from this url decides whether to throw a captcha or not and in headless mode it always throws a captcha but works flawlessly in headful mode.

async def main():
    async with AsyncCamoufox(headless=True,
                             humanize=True,
                             block_images=False,
                             screen=Screen(max_width=1920, max_height=1080),
                             block_webrtc=True,) as browser:
        context = await browser.new_context()
        page = await context.new_page()
        async with page.expect_response('https://geo.captcha-delivery.com/interstitial/') as response_info:
            await page.goto('https://datadome.co/', wait_until="commit")
            response = await response_info.value
            response_body = await response.json()
            print(response_body)
            await asyncio.sleep(10)
            await page.screenshot(path='datadome.png', full_page=True)
        await context.close()
        await browser.close()
asyncio.run(main())

i'm able to reproduce the issue with the code above. look for the 'view': '...' in response body as it will always return captcha in headless mode

daijro added a commit that referenced this issue Oct 7, 2024
@daijro
pythonlib: Add headless detection warning #26 0.2.7
4a1cd7e 
Raises a warning when headless mode is enabled in Camoufox.
This will be reverted once #26 is resolved.
@aniketpradhann
Copy link
Author

For datadome temporary solution is to use Xvfb virtual display.

daijro added a commit that referenced this issue Oct 8, 2024
@daijro
pythonlib: Add Xvfb integration #26 0.2.9
bd59304 
- Automatically uses virtual displays on Linux
- Update documentation on README
@daijro
Copy link
Owner

daijro commented Oct 8, 2024

I've added a minimal implementation of Xvfb (similar to PyVirtualDisplay) into the latest update that temporarily works around the issue.

@daijro
Copy link
Owner

daijro commented Oct 8, 2024
edited
Loading

I've been able to reproduce the issue. However, Datadome has not been reliably flagging it anymore, and often passes while I'm attempting to debug. I could be wrong, but I believe the issue has something to do with the behavior of Firefox's viewport when using headless mode. I'll be keeping a watch on this/looking out for similar headless detection on other sites.

@aniketpradhann
Copy link
Author

https://bounty-nodejs.datashield.co/ use this for testing

@daijro
Copy link
Owner

daijro commented Oct 9, 2024

https://bounty-nodejs.datashield.co/ use this for testing

Thanks.

From my local testing, the leak does not appear to be from the detection of an automation library. The leak is in Firefox's headless feature itself. Datadome continues to flag when launching unmodified Firefox in headless: firefox --headless https://bounty-nodejs.datashield.co/

I've also discovered that enabling the privacy.resistFingerprinting user preference bypasses the detection of headless Firefox, which narrows down the list of possible leaks to this: https://wiki.mozilla.org/Security/Fingerprinting. I'll be running trial/error with these to figure out the leak.

daijro added a commit that referenced this issue Oct 9, 2024
@daijro
Fix headless leak #26 beta.11
49cea6e 
Forces the default pointer value to a mouse-type pointer, fixing the detection issues on headless browsers.
@daijro
Copy link
Owner

daijro commented Oct 9, 2024

Leak has been fixed in beta.11.

The issue was that the pointer value on headless mode is set to none by default in Firefox:

> window.matchMedia('(pointer: fine)').matches;
This returns true on headful browsers and false on headless.
> window.matchMedia('(pointer: none)').matches;
This returns false on headful browsers and true on headless.

@daijro daijro closed this as completed Oct 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daijro @aniketpradhann