Thoughts on MasqueradeJS?

Gogol

Jr. VIP
Jr. VIP
Joined
Sep 10, 2010
Messages
9,818
Reaction score
16,964
Website
twitter.com
Looks interesting. I have been using request and cheerios and even just simple puppeteer directly. These work just fine. You can always switch to something else, but are you willing to take the learning curve ahead? That’s a good question to ask sometimes. :D
 

lucky.sparks

Jr. Executive VIP
Jr. VIP
Marketplace seller
Premium Member
Joined
Oct 6, 2020
Messages
1,721
Reaction score
4,897
The guy behind this project is super skilled and knows what he is doing. And he is a cool guy in general.

But the project itself is abandoned in favor of other projects he is probably working on.

You should join that discord group they have for news and updates regarding stealth browser automation industry.
 
Last edited:

noellarkin

Power Member
Joined
Mar 14, 2021
Messages
677
Reaction score
1,022
Looks interesting. I have been using request and cheerios and even just simple puppeteer directly. These work just fine. You can always switch to something else, but are you willing to take the learning curve ahead? That’s a good question to ask sometimes. :D
yep I agree. I just happened to come across it when I was looking through some github gists for better webGL and fingerprint spoofing. Was curious why it hasn't been mentioned on this forum.
 

noellarkin

Power Member
Joined
Mar 14, 2021
Messages
677
Reaction score
1,022
The guy behind this project is super skilled and knows what he is doing. And he is a cool guy in general.

But the project itself is abandoned in favor of other projects he is probably working on.

You should join that discord group they have for news and updates regarding stealth browser automation industry.
Yes, will definitely do that. I learned a lot from the articles he posted here: https://github.com/prescience-data/dark-knowledge
 

lucky.sparks

Jr. Executive VIP
Jr. VIP
Marketplace seller
Premium Member
Joined
Oct 6, 2020
Messages
1,721
Reaction score
4,897
yep I agree. I just happened to come across it when I was looking through some github gists for better webGL and fingerprint spoofing. Was curious why it hasn't been mentioned on this forum.
The project isn't finished and it's based on puppetere+puppeteer-extra. I would recommend starting with basics and only then looking for frameworks.

You actually cant easily spoof WebGL fingerprints, tempering can be detected.

Well, there are ways how to do it, but it will require a lot of engineering skills and actual data from real devices(e.g. another computer with different hardware).

You have the following options:

a) Disable WebGL in the browser, e.g. firefox privacy now I think does this by default, if I recall - so does opera, so you can do it in chrome as well.

b) Try to spoof your fingerprints, but it will be most likely just adding random noise to it and can be easily detected.

c) Use mobile devices for running your operation. Mobile devices use the same hardware, thus the same fingerprints, you will get higher trust scores in general when using mobile.

d) Use stealth browsers like Multilogin, but I don't know how they handle fingerprinting now, some time ago they just added noise.

e) You could intercept the calls and methods of javascript that gets used to render the WebGL output and replace the output by a data that is rendered on another device thus making your output spoofed correctly but as I said at the beginning of this post, that will be a complicated task.

f) Keep digging. There is a solution available, but it's too good to be shared on forums, thus keep searching and you will find it too.
 

noellarkin

Power Member
Joined
Mar 14, 2021
Messages
677
Reaction score
1,022
The project isn't finished and it's based on puppetere+puppeteer-extra. I would recommend starting with basics and only then looking for frameworks.

You actually cant easily spoof WebGL fingerprints, tempering can be detected.

Well, there are ways how to do it, but it will require a lot of engineering skills and actual data from real devices(e.g. another computer with different hardware).

You have the following options:

a) Disable WebGL in the browser, e.g. firefox privacy now I think does this by default, if I recall - so does opera, so you can do it in chrome as well.

b) Try to spoof your fingerprints, but it will be most likely just adding random noise to it and can be easily detected.

c) Use mobile devices for running your operation. Mobile devices use the same hardware, thus the same fingerprints, you will get higher trust scores in general when using mobile.

d) Use stealth browsers like Multilogin, but I don't know how they handle fingerprinting now, some time ago they just added noise.

e) You could intercept the calls and methods of javascript that gets used to render the WebGL output and replace the output by a data that is rendered on another device thus making your output spoofed correctly but as I said at the beginning of this post, that will be a complicated task.

f) Keep digging. There is a solution available, but it's too good to be shared on forums, thus keep searching and you will find it too.
Thanks.

I used a) for a while, but wanted to be able to work with tougher sites that fingerprint more aggressively, so started learning more.

I didn't use b) because most options that use b) are browser plugins and I want to move away from that.

I haven't considered c) because of the difficulty of scaling it.

Not considering using d) since using Multilogin would be no different from using my current setup (I'm using a multi-profile UXP browser + mozrepl/telnet to inject JS into sessions: https://github.com/bard/mozrepl/wiki )

So I did a variant of e) - - I ran browserleaks.com/webgl on multiple systems (borrowed from friends etc, got a mix of NVIDIA, ATI and INTEL GPUs) and tabulated the values. Have a list of WebGL data that's definitely "real", but it's somewhat limited.

At present I'm implementing some fingerprint elements using Object.defineProperty() and using {get: (() => value).bind(null)}) to prevent the site from detecting me with a get.toString() - - and others (like webGL unmasked vendor and renderer) through about:config in the browser.

Now I'm looking into that puppeteer extra minJS you shared to see how they're doing things.
 

Scorpion Ghost

Jr. Executive VIP
Jr. VIP
Joined
Mar 22, 2013
Messages
7,795
Reaction score
8,899
Website
smmorigins.com
Thanks.

I used a) for a while, but wanted to be able to work with tougher sites that fingerprint more aggressively, so started learning more.

I didn't use b) because most options that use b) are browser plugins and I want to move away from that.

I haven't considered c) because of the difficulty of scaling it.

Not considering using d) since using Multilogin would be no different from using my current setup (I'm using a multi-profile UXP browser + mozrepl/telnet to inject JS into sessions: https://github.com/bard/mozrepl/wiki )

So I did a variant of e) - - I ran browserleaks.com/webgl on multiple systems (borrowed from friends etc, got a mix of NVIDIA, ATI and INTEL GPUs) and tabulated the values. Have a list of WebGL data that's definitely "real", but it's somewhat limited.

At present I'm implementing some fingerprint elements using Object.defineProperty() and using {get: (() => value).bind(null)}) to prevent the site from detecting me with a get.toString() - - and others (like webGL unmasked vendor and renderer) through about:config in the browser.

Now I'm looking into that puppeteer extra minJS you shared to see how they're doing things.

Magic
 

noellarkin

Power Member
Joined
Mar 14, 2021
Messages
677
Reaction score
1,022
At present I'm implementing some fingerprint elements using Object.defineProperty() and using {get: (() => value).bind(null)}) to prevent the site from detecting me with a get.toString() - - and others (like webGL unmasked vendor and renderer) through about:config in the browser.

Now I'm looking into that puppeteer extra minJS you shared to see how they're doing things.
Just a quick update for anyone who wants to try this: Don't. Setting navigator object values like this doesn't match worker scope (example: in case of hardwareConcurrency), and it doesn't return the same value in iFrames. Refer https://github.com/berstend/puppeteer-extra/tree/master/packages/extract-stealth-evasions and https://github.com/abrahamjuliot/creepjs/tree/master/modules for the correct way to edit it.
Spoof safely, guys :)
 

AlexAkimbo

Regular Member
Joined
Nov 16, 2021
Messages
248
Reaction score
228
I'm using Playwright in production for about two months and everything is fine. Before that I've used Puppeteer and Cherios but with mixed results.

You should give it a try as everything can be automated directly from your IDE. This approach may not be suitable for you but for mine scenario where I have to emulate different browsers and make interaction to look as much as organic/human it is possible. Yeah, I switch a lot between Python/NodeJS/Ruby/Go/etc because same solution will give you better results on different websites if written in another language
 

kurus

Registered Member
Joined
Aug 17, 2020
Messages
97
Reaction score
98
c) Use mobile devices for running your operation. Mobile devices use the same hardware, thus the same fingerprints, you will get higher trust scores in general when using mobile.
You have same fingerprint when you are browsing using firefox/chrome or only when using the app. For example twitter or reddit app?

I'm using Playwright in production for about two months and everything is fine. Before that I've used Puppeteer and Cherios but with mixed results.

You should give it a try as everything can be automated directly from your IDE. This approach may not be suitable for you but for mine scenario where I have to emulate different browsers and make interaction to look as much as organic/human it is possible. Yeah, I switch a lot between Python/NodeJS/Ruby/Go/etc because same solution will give you better results on different websites if written in another language
Isn't it harder to go stealth with Playwright? Puppeteer has puppeteer-extra-plugin-stealth which helps a lot to by pass detection.
 

AlexAkimbo

Regular Member
Joined
Nov 16, 2021
Messages
248
Reaction score
228
You have same fingerprint when you are browsing using firefox/chrome or only when using the app. For example twitter or reddit app?


Isn't it harder to go stealth with Playwright? Puppeteer has puppeteer-extra-plugin-stealth which helps a lot to by pass detection.
Not for me and my use case. I had hard time with detection of Puppeteer instances. I was getting detected in a matter of minutes as Headless.

Like I said - you should try and experiment what is best for you and particular use case. Try different libs, different programming languages and approaches, etc. This way you will get better in what you doing and also better results. There is no one solution for everything that's why I want to convert my bot to be pluggable with modules either written by me or 3rd party and all of that in several different languages covering several architectures like intel, arm, Mac, etc.
 
Top