Brotector

An advanced antibot for webdriver such as

• driverless
  • with cdp-patches
• selenium
  • undetected-chromedriver
  • seleniumbase
• puppeteer (not test yet)
  • puppeteer-extra-stealth (not test yet)
  • pyppeteer
    • pyppeteer-stealth
• playwright
  • undetected-playwright (buggy)
    • with cdp-patches (no test yet)
  • botright
    • with cdp-patches (no test yet)
    • with uc-playwright (buggy)
• nodriver

For the tests, each driver

• has to perform at least one mouse event (such as click, mousemove, ...)
• is running headfull
• running on Google-Chrome if possible

detections

navigator.webdriver

navigator.webdriver (JavaScript) is set to true

---

runtime.enabled

Runtime is enabled
score here refers to the certainty of the occurs when:

• Runtime.enable or Console.enable (CDP) has been called (most libraries do that, type=webdriver)
• the user opens the devtools (type=devtools)

---

Input.cordinatesLeak

occurs due to crbug#1477537
CDP-Patches can be used to bypass this

---

window.cdc

a leak specific to chromedriver (selenium)
see stackoverflow-answer

---

"Input.untrusted"

Mouse event not dispatched by a user detected see Event.isTrusted property

---

canvasMouseVisualizer

CanvasRenderingContext2D.arc has been called with

• cordinates +-5px at current mouse position
• canvas +-1px covers the whole page
• canvas passes pointerEvents through

---

Headless

• navigator.userAgentData.getHighEntropyValues has empty data
  (type=HighEntropyValues.empty)

Contribution

feel free to

• open [feature request]s for driver detections
• open PRs
• use the discussions

Licence

see LICENSE

Author & Copyright

Aurin Aegerter (aka Steve, kaliiiiiiiiii)

Thanks // References

• selenium-detector
• jdetects
• thanks @ProseccoRider - some further Runtime.enable detection insights