Headless browser detection
Do you know any webapps/online tests/online firewalls that are trying to detect if user is using selenium/puppeteer/phantomJS or any other headless browser?
I've created my puppeteer online crawler. I've changed many different stuff like window.navigator object (user-agent, ~.webdriver etc.).
Now I want to make sure that it is undetectable.
Answer
There is a headless browser detection test which tests for the following:
- Does the User-Agent contain the string "HeadlessChrome"?
- Is
navigator.webdriverset? - Is
window.chromeunset? - Does the browser skip asking for permissions (like notifications)?
- Are browser plugins unavailable?
- Is
navigator.languagesunset?
If your browser answers any of these questions with yes, then you fail the test. For more information on the test, check out this post, which is a reply to a post called "Detecting Chrome headless, new techniques".
The author of the latter post also published another test test (code), which claims to be able to detect bots and crawlers. It performs various tests on browser attributes and generates a fingerprint of your browser.
Other "soft" tests done by websites, might include the mouse movement, scrolling behavior, IP address, etc. I doubt you will find many tests regarding these information as this is basically a cat-and-mouse game.