noellarkin
Power Member
- Joined
- Mar 14, 2021
- Messages
- 677
- Reaction score
- 1,022
Anyone here using it?
Thoughts on MasqueradeJS?
- Thread starter noellarkin
- Start date
-
- Tags
- automation bots botting
Looks interesting. I have been using request and cheerios and even just simple puppeteer directly. These work just fine. You can always switch to something else, but are you willing to take the learning curve ahead? That’s a good question to ask sometimes. 
- Joined
- Oct 6, 2020
- Messages
- 1,721
- Reaction score
- 4,897
The guy behind this project is super skilled and knows what he is doing. And he is a cool guy in general.
But the project itself is abandoned in favor of other projects he is probably working on.
You should join that discord group they have for news and updates regarding stealth browser automation industry.
But the project itself is abandoned in favor of other projects he is probably working on.
You should join that discord group they have for news and updates regarding stealth browser automation industry.
Last edited:
noellarkin
Power Member
- Joined
- Mar 14, 2021
- Messages
- 677
- Reaction score
- 1,022
yep I agree. I just happened to come across it when I was looking through some github gists for better webGL and fingerprint spoofing. Was curious why it hasn't been mentioned on this forum.Looks interesting. I have been using request and cheerios and even just simple puppeteer directly. These work just fine. You can always switch to something else, but are you willing to take the learning curve ahead? That’s a good question to ask sometimes.
noellarkin
Power Member
- Joined
- Mar 14, 2021
- Messages
- 677
- Reaction score
- 1,022
Yes, will definitely do that. I learned a lot from the articles he posted here: https://github.com/prescience-data/dark-knowledge
- Joined
- Oct 6, 2020
- Messages
- 1,721
- Reaction score
- 4,897
The project isn't finished and it's based on puppetere+puppeteer-extra. I would recommend starting with basics and only then looking for frameworks.
You actually cant easily spoof WebGL fingerprints, tempering can be detected.
Well, there are ways how to do it, but it will require a lot of engineering skills and actual data from real devices(e.g. another computer with different hardware).
You have the following options:
a) Disable WebGL in the browser, e.g. firefox privacy now I think does this by default, if I recall - so does opera, so you can do it in chrome as well.
b) Try to spoof your fingerprints, but it will be most likely just adding random noise to it and can be easily detected.
c) Use mobile devices for running your operation. Mobile devices use the same hardware, thus the same fingerprints, you will get higher trust scores in general when using mobile.
d) Use stealth browsers like Multilogin, but I don't know how they handle fingerprinting now, some time ago they just added noise.
e) You could intercept the calls and methods of javascript that gets used to render the WebGL output and replace the output by a data that is rendered on another device thus making your output spoofed correctly but as I said at the beginning of this post, that will be a complicated task.
f) Keep digging. There is a solution available, but it's too good to be shared on forums, thus keep searching and you will find it too.
noellarkin
Power Member
- Joined
- Mar 14, 2021
- Messages
- 677
- Reaction score
- 1,022
Thanks.
I used a) for a while, but wanted to be able to work with tougher sites that fingerprint more aggressively, so started learning more.
I didn't use b) because most options that use b) are browser plugins and I want to move away from that.
I haven't considered c) because of the difficulty of scaling it.
Not considering using d) since using Multilogin would be no different from using my current setup (I'm using a multi-profile UXP browser + mozrepl/telnet to inject JS into sessions: https://github.com/bard/mozrepl/wiki )
So I did a variant of e) - - I ran browserleaks.com/webgl on multiple systems (borrowed from friends etc, got a mix of NVIDIA, ATI and INTEL GPUs) and tabulated the values. Have a list of WebGL data that's definitely "real", but it's somewhat limited.
At present I'm implementing some fingerprint elements using Object.defineProperty() and using {get: (() => value).bind(null)}) to prevent the site from detecting me with a get.toString() - - and others (like webGL unmasked vendor and renderer) through about:config in the browser.
Now I'm looking into that puppeteer extra minJS you shared to see how they're doing things.
Magic
noellarkin
Power Member
- Joined
- Mar 14, 2021
- Messages
- 677
- Reaction score
- 1,022
Just a quick update for anyone who wants to try this: Don't. Setting navigator object values like this doesn't match worker scope (example: in case of hardwareConcurrency), and it doesn't return the same value in iFrames. Refer https://github.com/berstend/puppeteer-extra/tree/master/packages/extract-stealth-evasions and https://github.com/abrahamjuliot/creepjs/tree/master/modules for the correct way to edit it.
Spoof safely, guys
AlexAkimbo
Regular Member
- Joined
- Nov 16, 2021
- Messages
- 248
- Reaction score
- 228
I'm using Playwright in production for about two months and everything is fine. Before that I've used Puppeteer and Cherios but with mixed results.
You should give it a try as everything can be automated directly from your IDE. This approach may not be suitable for you but for mine scenario where I have to emulate different browsers and make interaction to look as much as organic/human it is possible. Yeah, I switch a lot between Python/NodeJS/Ruby/Go/etc because same solution will give you better results on different websites if written in another language
You should give it a try as everything can be automated directly from your IDE. This approach may not be suitable for you but for mine scenario where I have to emulate different browsers and make interaction to look as much as organic/human it is possible. Yeah, I switch a lot between Python/NodeJS/Ruby/Go/etc because same solution will give you better results on different websites if written in another language
You have same fingerprint when you are browsing using firefox/chrome or only when using the app. For example twitter or reddit app?
Isn't it harder to go stealth with Playwright? Puppeteer has puppeteer-extra-plugin-stealth which helps a lot to by pass detection.
AlexAkimbo
Regular Member
- Joined
- Nov 16, 2021
- Messages
- 248
- Reaction score
- 228
Not for me and my use case. I had hard time with detection of Puppeteer instances. I was getting detected in a matter of minutes as Headless.
Like I said - you should try and experiment what is best for you and particular use case. Try different libs, different programming languages and approaches, etc. This way you will get better in what you doing and also better results. There is no one solution for everything that's why I want to convert my bot to be pluggable with modules either written by me or 3rd party and all of that in several different languages covering several architectures like intel, arm, Mac, etc.