Browser Automation Studio is undetected about creepjs HOT 18 OPEN

Okay, try now. In the analysis section, you see “bad” for the hidden fingerprint, but let me know if I missed the target. If you open a different or clean browser, it should go away.

Looks good now, also seems to be flagged with a changed fingerprint.

from creepjs.

also noticed that console.log() is not possible inside the custom chrome, it will only print "undefined"

from creepjs.

Could probably hook console.log and check the console outputs. Depending on how BAS has tampered with the function you might be able to detect it with the given types.

(function () {
    const _console = console.log.bind(console);
    let log_history = [];
    console.log = function () {
        log_history.push(arguments);
        _console.apply(this, arguments);
    }
    console.log("Hello World");
    for (let i = 0; i < log_history.length; i++) {
        if (log_history[i][0] !== "Hello World") {
            return false;
        }
    }
    //restore the hook
    console.log = _console;
    return true;
})();

from creepjs.

Do you have a copy of the BAS chromium binary? Want to try something.

Yes i do. want me to upload it or anything?

Yeah that would be great

Hey, you can either download the free version from BAS here: https://bablosoft.com/shop/BrowserAutomationStudio#download
or if you just want the custom compiled chrome: https://www.sendspace.com/file/5bha3p

from creepjs.

It appears that the fingerprint feature is a paid service. There is a lot of cool stealthy software out there.

We mostly give attention to FOSS-privacy tools. I will take a look, but will probably not make modifications to show it can be detected.

from creepjs.

It appears that the fingerprint feature is a paid service. There is a lot of cool stealthy software out there.

We mostly give attention to FOSS-privacy tools. I will take a look, but will probably not make modifications to show it can be detected.

Hey abraham, even the free version passes it.

from creepjs.

Nice. I will definitely check it out.

In the future, I may introduce some concepts showing that fingerprint and score are of little value compared to server-side fingerprints.

Everything that does not blend-in with normal traffic on the site can be detected. For example, you could generate 200 – 1000 requests in 24 hours, and usually, it can be traced. If you would like to try this out for fun, I can try to tag and name your browser in the analysis section. Make sure to generate many requests.

from creepjs.

Nice. I will definitely check it out.

In the future, I may introduce some concepts showing that fingerprint and score are of little value compared to server-side fingerprints.

Everything that does not blend-in with normal traffic on the site can be detected. For example, you could generate 200 – 1000 requests in 24 hours, and usually, it can be traced. If you would like to try this out for fun, I can try to tag and name your browser in the analysis section. Make sure to generate many requests.

should every regist be signed or just the first ?

from creepjs.

No need to sign, and randomizing fingerprints is optional, but not needed.

around 400 executions have been done.

from creepjs.

Okay, try now. In the analysis section, you see “bad” for the hidden fingerprint, but let me know if I missed the target. If you open a different or clean browser, it should go away.

from creepjs.

I'm just looking at last 2 hrs today, but can pick a different date.

from creepjs.

Could probably hook console.log and check the console outputs. Depending on how BAS has tampered with the function you might be able to detect it with the given types.

(function () {
    const _console = console.log.bind(console);
    let log_history = [];
    console.log = function () {
        log_history.push(arguments);
        _console.apply(this, arguments);
    }
    console.log("Hello World");
    for (let i = 0; i < log_history.length; i++) {
        if (log_history[i][0] !== "Hello World") {
            return false;
        }
    }
    //restore the hook
    console.log = _console;
    return true;
})();

sadly doesn't seem to work. thank you non the less.

from creepjs.

Do you have a copy of the BAS chromium binary? Want to try something.

from creepjs.

Do you have a copy of the BAS chromium binary? Want to try something.

Yes i do. want me to upload it or anything?

from creepjs.

Do you have a copy of the BAS chromium binary? Want to try something.

Yes i do. want me to upload it or anything?

Yeah that would be great

from creepjs.

Doesn't appear to run, can you check if there are any run parameters specified on the binary? Tried to get it running through selenium and puppeteer but neither worked. I assume its the worker.exe file?

https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program

from creepjs.

Doesn't appear to run, can you check if there are any run parameters specified on the binary? Tried to get it running through selenium and puppeteer but neither worked. I assume its the worker.exe file?

https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program

yes its worker.exe

full cli

"C:\Users\LTGT\AppData\Roaming\BrowserAutomationStudio\apps\25.4.1\Worker\chrome\worker.exe" --remote-debugging-port=16668 --unique-process-id=0pMhvMU2 --parent-process-id=25524 --no-proxy-server --no-sandbox --force-device-scale-factor=1 --noerrdialogs --window-position=0,0 --disable-smooth-scrolling --disable-auto-reload --disable-component-update --disable-features=GpuProcessHighPriorityWin,GpuUseDisplayThreadPriority --disable-gpu-program-cache --disable-gpu-shader-disk-cache --disk-cache-size=1 --enable-features=ViewportHeightClientHintHeader --lang=en --reduce-user-agent-minor-version --window-size=1040,688 --user-data-dir="C:\\Users\\LTGT\\AppData\\Roaming\\BrowserAutomationStudio\\apps\\25.4.1\\prof/kUjSYtdK" about:blank

from creepjs.

Doesn't appear to run, can you check if there are any run parameters specified on the binary? Tried to get it running through selenium and puppeteer but neither worked. I assume its the worker.exe file?
https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program

yes its worker.exe

full cli

"C:\Users\LTGT\AppData\Roaming\BrowserAutomationStudio\apps\25.4.1\Worker\chrome\worker.exe" --remote-debugging-port=16668 --unique-process-id=0pMhvMU2 --parent-process-id=25524 --no-proxy-server --no-sandbox --force-device-scale-factor=1 --noerrdialogs --window-position=0,0 --disable-smooth-scrolling --disable-auto-reload --disable-component-update --disable-features=GpuProcessHighPriorityWin,GpuUseDisplayThreadPriority --disable-gpu-program-cache --disable-gpu-shader-disk-cache --disk-cache-size=1 --enable-features=ViewportHeightClientHintHeader --lang=en --reduce-user-agent-minor-version --window-size=1040,688 --user-data-dir="C:\\Users\\LTGT\\AppData\\Roaming\\BrowserAutomationStudio\\apps\\25.4.1\\prof/kUjSYtdK" about:blank

It using JavaScript to fake fingerprint and it can detected and heavy

from creepjs.