@zorilla/puppeteer-extra-plugin-stealth 1.0.0

package/src/evasions/chrome.app/index.js

@@ -0,0 +1,97 @@
+import { PuppeteerExtraPlugin } from '@zorilla/puppeteer-extra-plugin';
+import withUtils from '../_utils/withUtils.js';
+
+/**
+ * Mock the `chrome.app` object if not available (e.g. when running headless).
+ */
+class Plugin extends PuppeteerExtraPlugin {
+  constructor(opts = {}) {
+    super(opts);
+  }
+
+  get name() {
+    return 'stealth/evasions/chrome.app';
+  }
+
+  async onPageCreated(page) {
+    await withUtils(page).evaluateOnNewDocument(utils => {
+      if (!window.chrome) {
+        // Use the exact property descriptor found in headful Chrome
+        // fetch it via `Object.getOwnPropertyDescriptor(window, 'chrome')`
+        Object.defineProperty(window, 'chrome', {
+          writable: true,
+          enumerable: true,
+          configurable: false, // note!
+          value: {}, // We'll extend that later
+        });
+      }
+
+      // That means we're running headful and don't need to mock anything
+      if ('app' in window.chrome) {
+        return; // Nothing to do here
+      }
+
+      const makeError = {
+        ErrorInInvocation: fn => {
+          const err = new TypeError(`Error in invocation of app.${fn}()`);
+          return utils.stripErrorWithAnchor(
+            err,
+            `at ${fn} (eval at <anonymous>`
+          );
+        },
+      };
+
+      // There's a some static data in that property which doesn't seem to change,
+      // we should periodically check for updates: `JSON.stringify(window.app, null, 2)`
+      const STATIC_DATA = JSON.parse(
+        `
+{
+  "isInstalled": false,
+  "InstallState": {
+    "DISABLED": "disabled",
+    "INSTALLED": "installed",
+    "NOT_INSTALLED": "not_installed"
+  },
+  "RunningState": {
+    "CANNOT_RUN": "cannot_run",
+    "READY_TO_RUN": "ready_to_run",
+    "RUNNING": "running"
+  }
+}
+        `.trim()
+      );
+
+      window.chrome.app = {
+        ...STATIC_DATA,
+
+        get isInstalled() {
+          return false;
+        },
+
+        getDetails: function getDetails() {
+          if (arguments.length) {
+            throw makeError.ErrorInInvocation(`getDetails`);
+          }
+          return null;
+        },
+        getIsInstalled: function getIsInstalled() {
+          if (arguments.length) {
+            throw makeError.ErrorInInvocation(`getIsInstalled`);
+          }
+          return false;
+        },
+        runningState: function runningState() {
+          if (arguments.length) {
+            throw makeError.ErrorInInvocation(`runningState`);
+          }
+          return 'cannot_run';
+        },
+      };
+      utils.patchToStringNested(window.chrome.app);
+    });
+  }
+}
+
+export default function (pluginConfig) {
+  return new Plugin(pluginConfig);
+}

package/src/evasions/chrome.app/package.json

@@ -0,0 +1,5 @@
+{
+  "private": true,
+  "type": "module",
+  "main": "index.js"
+}

package/src/evasions/chrome.csi/README.md

@@ -0,0 +1,29 @@
+## API
+
+
+#### Table of Contents
+
+- [class: Plugin](#class-plugin)
+
+### class: [Plugin](https://github.com/zorillajs/zorilla/blob/e6133619b051febed630ada35241664eba59b9fa/packages/puppeteer-extra-plugin-stealth/evasions/chrome.csi/index.js#L25-L70)
+
+- `opts` (optional, default `{}`)
+
+**Extends: PuppeteerExtraPlugin**
+
+Mock the `chrome.csi` function if not available (e.g. when running headless).
+It's a deprecated (but unfortunately still existing) chrome specific API to fetch browser timings.
+
+Internally chromium switched the implementation to use the WebPerformance API,
+so we can do the same to create a fully functional mock. :-)
+
+Note: We're using the deprecated PerformanceTiming API instead of the new Navigation Timing Level 2 API on purpopse.
+
+- **See: <https://bugs.chromium.org/p/chromium/issues/detail?id=113048>**
+- **See: <https://codereview.chromium.org/2456293003/>**
+- **See: <https://developers.google.com/web/updates/2017/12/chrome-loadtimes-deprecated>**
+- **See: <https://developer.mozilla.org/en-US/docs/Web/API/PerformanceTiming>**
+- **See: <https://source.chromium.org/chromium/chromium/src/+/master:chrome/renderer/loadtimes_extension_bindings.cc;l=124?q=loadtimes&ss=chromium>**
+- **See: `chrome.loadTimes` evasion**
+
+---

package/src/evasions/chrome.csi/index.js

@@ -0,0 +1,69 @@
+import { PuppeteerExtraPlugin } from '@zorilla/puppeteer-extra-plugin';
+
+import withUtils from '../_utils/withUtils.js';
+
+/**
+ * Mock the `chrome.csi` function if not available (e.g. when running headless).
+ * It's a deprecated (but unfortunately still existing) chrome specific API to fetch browser timings.
+ *
+ * Internally chromium switched the implementation to use the WebPerformance API,
+ * so we can do the same to create a fully functional mock. :-)
+ *
+ * Note: We're using the deprecated PerformanceTiming API instead of the new Navigation Timing Level 2 API on purpopse.
+ *
+ * @see https://bugs.chromium.org/p/chromium/issues/detail?id=113048
+ * @see https://codereview.chromium.org/2456293003/
+ * @see https://developers.google.com/web/updates/2017/12/chrome-loadtimes-deprecated
+ * @see https://developer.mozilla.org/en-US/docs/Web/API/PerformanceTiming
+ * @see https://source.chromium.org/chromium/chromium/src/+/master:chrome/renderer/loadtimes_extension_bindings.cc;l=124?q=loadtimes&ss=chromium
+ * @see `chrome.loadTimes` evasion
+ *
+ */
+class Plugin extends PuppeteerExtraPlugin {
+  constructor(opts = {}) {
+    super(opts);
+  }
+
+  get name() {
+    return 'stealth/evasions/chrome.csi';
+  }
+
+  async onPageCreated(page) {
+    await withUtils(page).evaluateOnNewDocument(utils => {
+      if (!window.chrome) {
+        // Use the exact property descriptor found in headful Chrome
+        // fetch it via `Object.getOwnPropertyDescriptor(window, 'chrome')`
+        Object.defineProperty(window, 'chrome', {
+          writable: true,
+          enumerable: true,
+          configurable: false, // note!
+          value: {}, // We'll extend that later
+        });
+      }
+
+      // That means we're running headful and don't need to mock anything
+      if ('csi' in window.chrome) {
+        return; // Nothing to do here
+      }
+
+      // Check that the Navigation Timing API v1 is available, we need that
+      if (!window.performance || !window.performance.timing) {
+        return;
+      }
+
+      const { timing } = window.performance;
+
+      window.chrome.csi = () => ({
+        onloadT: timing.domContentLoadedEventEnd,
+        startE: timing.navigationStart,
+        pageT: Date.now() - timing.navigationStart,
+        tran: 15, // Transition type or something
+      });
+      utils.patchToString(window.chrome.csi);
+    });
+  }
+}
+
+export default function (pluginConfig) {
+  return new Plugin(pluginConfig);
+}

package/src/evasions/chrome.csi/package.json

@@ -0,0 +1,5 @@
+{
+  "private": true,
+  "type": "module",
+  "main": "index.js"
+}

package/src/evasions/chrome.loadTimes/README.md

@@ -0,0 +1,27 @@
+## API
+
+
+#### Table of Contents
+
+- [class: Plugin](#class-plugin)
+
+### class: [Plugin](https://github.com/zorillajs/zorilla/blob/e6133619b051febed630ada35241664eba59b9fa/packages/puppeteer-extra-plugin-stealth/evasions/chrome.loadTimes/index.js#L23-L164)
+
+- `opts` (optional, default `{}`)
+
+**Extends: PuppeteerExtraPlugin**
+
+Mock the `chrome.loadTimes` function if not available (e.g. when running headless).
+It's a deprecated (but unfortunately still existing) chrome specific API to fetch browser timings and connection info.
+
+Internally chromium switched the implementation to use the WebPerformance API,
+so we can do the same to create a fully functional mock. :-)
+
+Note: We're using the deprecated PerformanceTiming API instead of the new Navigation Timing Level 2 API on purpopse.
+
+- **See: <https://developers.google.com/web/updates/2017/12/chrome-loadtimes-deprecated>**
+- **See: <https://developer.mozilla.org/en-US/docs/Web/API/PerformanceTiming>**
+- **See: <https://source.chromium.org/chromium/chromium/src/+/master:chrome/renderer/loadtimes_extension_bindings.cc;l=124?q=loadtimes&ss=chromium>**
+- **See: `chrome.csi` evasion**
+
+---

package/src/evasions/chrome.loadTimes/index.js

@@ -0,0 +1,163 @@
+import { PuppeteerExtraPlugin } from '@zorilla/puppeteer-extra-plugin';
+
+import withUtils from '../_utils/withUtils.js';
+
+/**
+ * Mock the `chrome.loadTimes` function if not available (e.g. when running headless).
+ * It's a deprecated (but unfortunately still existing) chrome specific API to fetch browser timings and connection info.
+ *
+ * Internally chromium switched the implementation to use the WebPerformance API,
+ * so we can do the same to create a fully functional mock. :-)
+ *
+ * Note: We're using the deprecated PerformanceTiming API instead of the new Navigation Timing Level 2 API on purpopse.
+ *
+ * @see https://developers.google.com/web/updates/2017/12/chrome-loadtimes-deprecated
+ * @see https://developer.mozilla.org/en-US/docs/Web/API/PerformanceTiming
+ * @see https://source.chromium.org/chromium/chromium/src/+/master:chrome/renderer/loadtimes_extension_bindings.cc;l=124?q=loadtimes&ss=chromium
+ * @see `chrome.csi` evasion
+ *
+ */
+class Plugin extends PuppeteerExtraPlugin {
+  constructor(opts = {}) {
+    super(opts);
+  }
+
+  get name() {
+    return 'stealth/evasions/chrome.loadTimes';
+  }
+
+  async onPageCreated(page) {
+    await withUtils(page).evaluateOnNewDocument(
+      (utils, { opts }) => {
+        if (!window.chrome) {
+          // Use the exact property descriptor found in headful Chrome
+          // fetch it via `Object.getOwnPropertyDescriptor(window, 'chrome')`
+          Object.defineProperty(window, 'chrome', {
+            writable: true,
+            enumerable: true,
+            configurable: false, // note!
+            value: {}, // We'll extend that later
+          });
+        }
+
+        // That means we're running headful and don't need to mock anything
+        if ('loadTimes' in window.chrome) {
+          return; // Nothing to do here
+        }
+
+        // Check that the Navigation Timing API v1 + v2 is available, we need that
+        if (
+          !window.performance ||
+          !window.performance.timing ||
+          !window.PerformancePaintTiming
+        ) {
+          return;
+        }
+
+        const { performance } = window;
+
+        // Some stuff is not available on about:blank as it requires a navigation to occur,
+        // let's harden the code to not fail then:
+        const ntEntryFallback = {
+          nextHopProtocol: 'h2',
+          type: 'other',
+        };
+
+        // The API exposes some funky info regarding the connection
+        const protocolInfo = {
+          get connectionInfo() {
+            const ntEntry =
+              performance.getEntriesByType('navigation')[0] || ntEntryFallback;
+            return ntEntry.nextHopProtocol;
+          },
+          get npnNegotiatedProtocol() {
+            // NPN is deprecated in favor of ALPN, but this implementation returns the
+            // HTTP/2 or HTTP2+QUIC/39 requests negotiated via ALPN.
+            const ntEntry =
+              performance.getEntriesByType('navigation')[0] || ntEntryFallback;
+            return ['h2', 'hq'].includes(ntEntry.nextHopProtocol)
+              ? ntEntry.nextHopProtocol
+              : 'unknown';
+          },
+          get navigationType() {
+            const ntEntry =
+              performance.getEntriesByType('navigation')[0] || ntEntryFallback;
+            return ntEntry.type;
+          },
+          get wasAlternateProtocolAvailable() {
+            // The Alternate-Protocol header is deprecated in favor of Alt-Svc
+            // (https://www.mnot.net/blog/2016/03/09/alt-svc), so technically this
+            // should always return false.
+            return false;
+          },
+          get wasFetchedViaSpdy() {
+            // SPDY is deprecated in favor of HTTP/2, but this implementation returns
+            // true for HTTP/2 or HTTP2+QUIC/39 as well.
+            const ntEntry =
+              performance.getEntriesByType('navigation')[0] || ntEntryFallback;
+            return ['h2', 'hq'].includes(ntEntry.nextHopProtocol);
+          },
+          get wasNpnNegotiated() {
+            // NPN is deprecated in favor of ALPN, but this implementation returns true
+            // for HTTP/2 or HTTP2+QUIC/39 requests negotiated via ALPN.
+            const ntEntry =
+              performance.getEntriesByType('navigation')[0] || ntEntryFallback;
+            return ['h2', 'hq'].includes(ntEntry.nextHopProtocol);
+          },
+        };
+
+        const { timing } = window.performance;
+
+        // Truncate number to specific number of decimals, most of the `loadTimes` stuff has 3
+        function toFixed(num, fixed) {
+          var re = new RegExp('^-?\\d+(?:.\\d{0,' + (fixed || -1) + '})?');
+          return num.toString().match(re)[0];
+        }
+
+        const timingInfo = {
+          get firstPaintAfterLoadTime() {
+            // This was never actually implemented and always returns 0.
+            return 0;
+          },
+          get requestTime() {
+            return timing.navigationStart / 1000;
+          },
+          get startLoadTime() {
+            return timing.navigationStart / 1000;
+          },
+          get commitLoadTime() {
+            return timing.responseStart / 1000;
+          },
+          get finishDocumentLoadTime() {
+            return timing.domContentLoadedEventEnd / 1000;
+          },
+          get finishLoadTime() {
+            return timing.loadEventEnd / 1000;
+          },
+          get firstPaintTime() {
+            const fpEntry = performance.getEntriesByType('paint')[0] || {
+              startTime: timing.loadEventEnd / 1000, // Fallback if no navigation occured (`about:blank`)
+            };
+            return toFixed(
+              (fpEntry.startTime + performance.timeOrigin) / 1000,
+              3
+            );
+          },
+        };
+
+        window.chrome.loadTimes = () => ({
+          ...protocolInfo,
+          ...timingInfo,
+        });
+        utils.patchToString(window.chrome.loadTimes);
+      },
+      {
+        opts: this.opts,
+      }
+    );
+  }
+}
+
+export default function (pluginConfig) {
+  return new Plugin(pluginConfig);
+}

package/src/evasions/chrome.loadTimes/package.json

@@ -0,0 +1,5 @@
+{
+  "private": true,
+  "type": "module",
+  "main": "index.js"
+}

package/src/evasions/chrome.runtime/README.md

@@ -0,0 +1,32 @@
+## API
+
+
+#### Table of Contents
+
+- [class: Plugin](#class-plugin)
+- [sendMessageHandler()](#sendmessagehandler)
+- [connectHandler()](#connecthandler)
+
+### class: [Plugin](https://github.com/zorillajs/zorilla/blob/e6133619b051febed630ada35241664eba59b9fa/packages/puppeteer-extra-plugin-stealth/evasions/chrome.runtime/index.js#L13-L251)
+
+- `opts` (optional, default `{}`)
+
+**Extends: PuppeteerExtraPlugin**
+
+Mock the `chrome.runtime` object if not available (e.g. when running headless) and on a secure site.
+
+---
+
+### [sendMessageHandler()](https://github.com/zorillajs/zorilla/blob/e6133619b051febed630ada35241664eba59b9fa/packages/puppeteer-extra-plugin-stealth/evasions/chrome.runtime/index.js#L80-L123)
+
+Mock `chrome.runtime.sendMessage`
+
+---
+
+### [connectHandler()](https://github.com/zorillajs/zorilla/blob/e6133619b051febed630ada35241664eba59b9fa/packages/puppeteer-extra-plugin-stealth/evasions/chrome.runtime/index.js#L136-L210)
+
+Mock `chrome.runtime.connect`
+
+- **See: <https://developer.chrome.com/apps/runtime#method-connect>**
+
+---