Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
510 views
in Technique[技术] by (71.8m points)

javascript - 网站可以检测到您何时在chromedriver中使用硒吗?(Can a website detect when you are using selenium with chromedriver?)

I've been testing out Selenium with Chromedriver and I noticed that some pages can detect that you're using Selenium even though there's no automation at all.

(我一直在使用Chromedriver测试Selenium,但我注意到,即使根本没有自动化功能,某些页面也可以检测到您正在使用Selenium。)

Even when I'm just browsing manually just using chrome through Selenium and Xephyr I often get a page saying that suspicious activity was detected.

(即使当我只是通过Selenium和Xephyr使用chrome手动浏览时,我也经常得到一个页面,指出检测到可疑活动。)

I've checked my user agent, and my browser fingerprint, and they are all exactly identical to the normal chrome browser.

(我已经检查了用户代理和浏览器指纹,它们与普通的chrome浏览器完全相同。)

When I browse to these sites in normal chrome everything works fine, but the moment I use Selenium I'm detected.

(当我以普通的chrome浏览到这些站点时,一切正常,但是当我使用Selenium时,我被检测到。)

In theory chromedriver and chrome should look literally exactly the same to any webserver, but somehow they can detect it.

(从理论上讲,chromedriver和chrome在任何Web服务器上看起来都应该完全相同,但是它们可以通过某种方式检测到它。)

If you want some testcode try out this:

(如果您想要一些测试代码,请尝试以下方法:)

from pyvirtualdisplay import Display
from selenium import webdriver

display = Display(visible=1, size=(1600, 902))
display.start()
chrome_options = webdriver.ChromeOptions()
chrome_options.add_argument('--disable-extensions')
chrome_options.add_argument('--profile-directory=Default')
chrome_options.add_argument("--incognito")
chrome_options.add_argument("--disable-plugins-discovery");
chrome_options.add_argument("--start-maximized")
driver = webdriver.Chrome(chrome_options=chrome_options)
driver.delete_all_cookies()
driver.set_window_size(800,800)
driver.set_window_position(0,0)
print 'arguments done'
driver.get('http://stubhub.com')

If you browse around stubhub you'll get redirected and 'blocked' within one or two requests.

(如果浏览stubhub,您将在一个或两个请求中被重定向和“阻止”。)

I've been investigating this and I can't figure out how they can tell that a user is using Selenium.

(我一直在对此进行调查,无法弄清楚他们如何分辨用户正在使用Selenium。)

How do they do it?

(他们是如何做到的呢?)

EDIT UPDATE:

(编辑更新:)

I installed the Selenium IDE plugin in Firefox and I got banned when I went to stubhub.com in the normal firefox browser with only the additional plugin.

(我在Firefox中安装了Selenium IDE插件,当我在普通的Firefox浏览器中仅使用附加插件访问stubhub.com时就被禁止了。)

EDIT:

(编辑:)

When I use Fiddler to view the HTTP requests being sent back and forth I've noticed that the 'fake browser\'s' requests often have 'no-cache' in the response header.

(当我使用Fiddler查看来回发送的HTTP请求时,我注意到“假浏览器”的请求通常在响应标头中具有“ no-cache”。)

EDIT:

(编辑:)

results like this Is there a way to detect that I'm in a Selenium Webdriver page from Javascript suggest that there should be no way to detect when you are using a webdriver.

(像这样的结果是否有办法从Javascript检测到我在Selenium Webdriver页面中,这表明应该没有办法检测何时使用Webdriver。)

But this evidence suggests otherwise.

(但这证据表明并非如此。)

EDIT:

(编辑:)

The site uploads a fingerprint to their servers, but I checked and the fingerprint of selenium is identical to the fingerprint when using chrome.

(该站点将指纹上传到他们的服务器,但是我检查了一下,硒的指纹与使用chrome时的指纹相同。)

EDIT:

(编辑:)

This is one of the fingerprint payloads that they send to their servers

(这是它们发送到服务器的指纹有效载荷之一)

{"appName":"Netscape","platform":"Linuxx86_64","cookies":1,"syslang":"en-US","userlang":"en-US","cpu":"","productSub":"20030107","setTimeout":1,"setInterval":1,"plugins":{"0":"ChromePDFViewer","1":"ShockwaveFlash","2":"WidevineContentDecryptionModule","3":"NativeClient","4":"ChromePDFViewer"},"mimeTypes":{"0":"application/pdf","1":"ShockwaveFlashapplication/x-shockwave-flash","2":"FutureSplashPlayerapplication/futuresplash","3":"WidevineContentDecryptionModuleapplication/x-ppapi-widevine-cdm","4":"NativeClientExecutableapplication/x-nacl","5":"PortableNativeClientExecutableapplication/x-pnacl","6":"PortableDocumentFormatapplication/x-google-chrome-pdf"},"screen":{"width":1600,"height":900,"colorDepth":24},"fonts":{"0":"monospace","1":"DejaVuSerif","2":"Georgia","3":"DejaVuSans","4":"TrebuchetMS","5":"Verdana","6":"AndaleMono","7":"DejaVuSansMono","8":"LiberationMono","9":"NimbusMonoL","10":"CourierNew","11":"Courier"}}

Its identical in selenium and in chrome

(硒和铬相同)

EDIT:

(编辑:)

VPNs work for a single use but get detected after I load the first page.

(VPN只能使用一次,但是在加载第一页后会被检测到。)

Clearly some javascript is being run to detect Selenium.

(显然,正在运行一些JavaScript以检测Selenium。)

  ask by Ryan Weinstein translate from so

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Basically the way the selenium detection works, is that they test for pre-defined javascript variables which appear when running with selenium.

(基本上,硒检测的工作方式是它们测试与selenium一起运行时出现的预定义javascript变量。)

The bot detection scripts usually look anything containing word "selenium" / "webdriver" in any of the variables (on window object), and also document variables called $cdc_ and $wdc_ .

(僵尸程序检测脚本通常在任何变量中(在窗口对象上)看起来都包含单词“ selenium” /“ webdriver”,还记录了名为$cdc_$wdc_变量。)

Of course, all of this depends on which browser you are on.

(当然,所有这些取决于您所使用的浏览器。)

All the different browsers expose different things.

(所有不同的浏览器都公开不同的内容。)

For me, I used chrome, so, all that I had to do was to ensure that $cdc_ didn't exist anymore as document variable, and voila (download chromedriver source code, modify chromedriver and re-compile $cdc_ under different name.)

(对我来说,我使用了chrome,因此, 要做的就是确保$cdc_作为文档变量不再存在,然后瞧瞧(下载chromedriver源代码,修改chromedriver并以不同的名称重新编译$cdc_ 。 ))

this is the function I modified in chromedriver:

(这是我在chromedriver中修改的功能:)

call_function.js:

(call_function.js:)

function getPageCache(opt_doc) {
  var doc = opt_doc || document;
  //var key = '$cdc_asdjflasutopfhvcZLmcfl_';
  var key = 'randomblabla_';
  if (!(key in doc))
    doc[key] = new Cache();
  return doc[key];
}

(note the comment, all I did I turned $cdc_ to randomblabla_ .

((请注意,我将$cdc_randomblabla_所有注释。)

Here is a pseudo-code which demonstrates some of the techniques that bot networks might use:

(这是一个伪代码,演示了僵尸网络可能使用的一些技术:)

runBotDetection = function () {
    var documentDetectionKeys = [
        "__webdriver_evaluate",
        "__selenium_evaluate",
        "__webdriver_script_function",
        "__webdriver_script_func",
        "__webdriver_script_fn",
        "__fxdriver_evaluate",
        "__driver_unwrapped",
        "__webdriver_unwrapped",
        "__driver_evaluate",
        "__selenium_unwrapped",
        "__fxdriver_unwrapped",
    ];

    var windowDetectionKeys = [
        "_phantom",
        "__nightmare",
        "_selenium",
        "callPhantom",
        "callSelenium",
        "_Selenium_IDE_Recorder",
    ];

    for (const windowDetectionKey in windowDetectionKeys) {
        const windowDetectionKeyValue = windowDetectionKeys[windowDetectionKey];
        if (window[windowDetectionKeyValue]) {
            return true;
        }
    };
    for (const documentDetectionKey in documentDetectionKeys) {
        const documentDetectionKeyValue = documentDetectionKeys[documentDetectionKey];
        if (window['document'][documentDetectionKeyValue]) {
            return true;
        }
    };

    for (const documentKey in window['document']) {
        if (documentKey.match(/$[a-z]dc_/) && window['document'][documentKey]['cache_']) {
            return true;
        }
    }

    if (window['external'] && window['external'].toString() && (window['external'].toString()['indexOf']('Sequentum') != -1)) return true;

    if (window['document']['documentElement']['getAttribute']('selenium')) return true;
    if (window['document']['documentElement']['getAttribute']('webdriver')) return true;
    if (window['document']['documentElement']['getAttribute']('driver')) return true;

    return false;
};

according to user @szx, it is also possible to simply open chromedriver.exe in hex editor, and just do the replacement manually, without actually doing any compiling.

(根据用户@szx,还可以在十六进制编辑器中简单地打开chromedriver.exe,然后手动进行替换,而无需进行任何编译。)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...