jumpy-lion 0.0.41 → 0.0.43

package/dist/fingerprinting/fingerprint-overrides/runtime-enable-bypass.js

@@ -1,84 +1,274 @@
 /**
- * Runtime.enable Bypass
- * Prevents CDP detection through console.log(Error) technique
+ * Runtime.enable Bypass Script
+ * Prevents CDP detection through console.log(Error) technique and stack trace analysis.
+ *
+ * IMPORTANT: This is now a SCRIPT to be injected via addScriptToEvaluateOnNewDocument,
+ * NOT via Runtime.evaluate (which would defeat the purpose since Runtime.evaluate IS detectable!)
+ *
+ * Enhanced 2024-2025: Comprehensive stack trace sanitization that removes ALL CDP markers
  */
-export const setupRuntimeEnableBypass = async (client) => {
-    // Intercept Runtime.enable calls to prevent detection
-    await client.send('Runtime.evaluate', {
-        expression: `
+/**
+ * Creates the runtime enable bypass script that should be bundled with other stealth scripts.
+ * This script runs BEFORE page JavaScript and patches Error/console to hide CDP markers.
+ */
+export const createRuntimeEnableBypassScript = () => `
 (() => {
-    // Store the original CDP send method if accessible
-    if (window.__CDP_CLIENT__) {
-        const originalSend = window.__CDP_CLIENT__.send;
-        window.__CDP_CLIENT__.send = function(method, params) {
-            // Block or modify Runtime.enable calls
-            if (method === 'Runtime.enable') {
-                console.log('Runtime.enable blocked');
-                return Promise.resolve({});
+    'use strict';
+    const DEBUG_PREFIX = '[RUNTIME-ENABLE-BYPASS]';
+    
+    try {
+        // =============================================================================
+        // PART 1: Comprehensive Error stack trace sanitization
+        // CDP detection often works by examining Error.stack for automation markers
+        // =============================================================================
+        
+        const originalError = Error;
+        const originalErrorToString = Error.prototype.toString;
+        const originalErrorStackDesc = Object.getOwnPropertyDescriptor(Error.prototype, 'stack');
+        
+        // Comprehensive patterns that reveal CDP/automation
+        const CDP_MARKER_PATTERNS = [
+            // Puppeteer/Playwright markers
+            /__puppeteer_evaluation_script__/g,
+            /__playwright_evaluation_script__/g,
+            /__driver_evaluate/g,
+            /__webdriver_evaluate/g,
+            /__selenium_evaluate/g,
+            /__fxdriver_evaluate/g,
+            
+            // CDP protocol markers
+            /CDP_[A-Z_]+/g,
+            /Runtime\\.evaluate/g,
+            /Runtime\\.callFunctionOn/g,
+            /Page\\.addScriptToEvaluateOnNewDocument/g,
+            
+            // DevTools markers
+            /devtools:\\/\\/[^\\s)]+/g,
+            /chrome-extension:\\/\\/[a-z]+\\/[^\\s)]+/g,
+            
+            // Puppeteer-specific patterns
+            /pptr:[^\\s)]+/g,
+            /\\(pptr:[^)]+\\)/g,
+            
+            // Anonymous script patterns that reveal CDP injection
+            /at <anonymous>:\\d+:\\d+/g,
+            /at Object\\.<anonymous> \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at Object\\.construct \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at Object\\.apply \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at Object\\.get \\(<anonymous>:\\d+:\\d+\\)/g,
+            /at newHandler\\.<computed>/g,
+            /\\(<anonymous>:\\d+:\\d+\\)/g,
+            
+            // Source URL comments
+            /\\/\\/# sourceURL=[^\\n]+/g,
+            /\\/\\/# sourceMappingURL=[^\\n]+/g,
+            /\\/\\/@sourceURL=[^\\n]+/g,
+        ];
+        
+        // Realistic replacement frames for different contexts
+        const REALISTIC_FRAMES = [
+            'at https://www.google.com/pagead/managed/js/gpt/m202412091001/pubads_impl_page_level_ads.js:1:100',
+            'at https://www.googletagmanager.com/gtm.js:1:234',
+            'at https://www.google-analytics.com/analytics.js:1:456',
+        ];
+        
+        /**
+         * Sanitize a single stack frame line
+         */
+        const sanitizeStackLine = (line) => {
+            if (!line || typeof line !== 'string') return line;
+            
+            // Check if this line contains CDP markers
+            let hasCDPMarker = false;
+            for (const pattern of CDP_MARKER_PATTERNS) {
+                pattern.lastIndex = 0; // Reset regex state
+                if (pattern.test(line)) {
+                    hasCDPMarker = true;
+                    break;
+                }
+            }
+            
+            // If line has CDP markers, replace the entire line with a realistic one
+            // or just the marker portion
+            if (hasCDPMarker) {
+                // If the line is mostly anonymous/CDP content, skip it entirely
+                if (line.includes('<anonymous>:') && !line.includes('http')) {
+                    return null; // Mark for removal
+                }
+                
+                // Otherwise, sanitize the markers
+                let sanitized = line;
+                for (const pattern of CDP_MARKER_PATTERNS) {
+                    pattern.lastIndex = 0;
+                    sanitized = sanitized.replace(pattern, '');
+                }
+                
+                // Clean up any double spaces or empty parentheses
+                sanitized = sanitized
+                    .replace(/\\(\\s*\\)/g, '')
+                    .replace(/\\s+/g, ' ')
+                    .trim();
+                
+                // If line is now too short to be meaningful, skip it
+                if (sanitized.length < 10 || sanitized === 'at') {
+                    return null;
+                }
+                
+                return sanitized;
             }
-            return originalSend.apply(this, arguments);
+            
+            return line;
         };
-    }
-    
-    // Additional protection against CDP detection
-    const originalError = Error;
-    let errorCounter = 0;
-    
-    window.Error = new Proxy(originalError, {
-        construct(target, args) {
-            const error = Reflect.construct(target, args);
+        
+        /**
+         * Comprehensively sanitize a stack trace
+         */
+        const sanitizeStack = (stack) => {
+            if (!stack || typeof stack !== 'string') return stack;
             
-            // Detect CDP serialization attempts
-            const stack = new originalError().stack;
-            if (stack && stack.includes('__puppeteer_evaluation_script__')) {
-                // This is likely a CDP evaluation, modify behavior
-                Object.defineProperty(error, 'stack', {
-                    get() {
-                        return 'Error\\n    at <anonymous>:1:1';
-                    },
-                    configurable: false
-                });
+            const lines = stack.split('\\n');
+            const sanitizedLines = [];
+            let removedCount = 0;
+            
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                const sanitized = sanitizeStackLine(line);
+                
+                if (sanitized === null) {
+                    removedCount++;
+                    // Don't add too many removed lines in a row
+                    if (removedCount > 3) continue;
+                } else {
+                    removedCount = 0;
+                    sanitizedLines.push(sanitized);
+                }
+            }
+            
+            // Ensure stack looks natural - should have at least error message + a few frames
+            if (sanitizedLines.length < 2) {
+                // Add some realistic frames if stack is too short
+                sanitizedLines.push('    at HTMLDocument.<anonymous> (https://www.example.com/:1:100)');
             }
             
-            return error;
+            return sanitizedLines.join('\\n');
+        };
+        
+        // Override Error.prepareStackTrace if it exists (V8 specific)
+        // This is called when stack property is first accessed
+        if (Error.prepareStackTrace !== undefined) {
+            const originalPrepareStackTrace = Error.prepareStackTrace;
+            Error.prepareStackTrace = function(error, structuredStackTrace) {
+                // If there's an original prepareStackTrace, use it first
+                let stack;
+                if (typeof originalPrepareStackTrace === 'function') {
+                    stack = originalPrepareStackTrace.call(this, error, structuredStackTrace);
+                } else {
+                    // Default V8 formatting
+                    stack = error.toString() + '\\n' + 
+                        structuredStackTrace.map(frame => {
+                            const fnName = frame.getFunctionName() || '<anonymous>';
+                            const fileName = frame.getFileName() || '<anonymous>';
+                            const lineNumber = frame.getLineNumber() || 0;
+                            const columnNumber = frame.getColumnNumber() || 0;
+                            return \`    at \${fnName} (\${fileName}:\${lineNumber}:\${columnNumber})\`;
+                        }).join('\\n');
+                }
+                return sanitizeStack(stack);
+            };
         }
-    });
-    
-    // Protect against console-based CDP detection
-    const protectedConsole = new Proxy(console, {
-        get(target, prop) {
-            const original = target[prop];
-            if (typeof original === 'function') {
-                return new Proxy(original, {
-                    apply(fn, thisArg, args) {
-                        // Filter out Error objects that might be used for CDP detection
-                        const filteredArgs = args.map(arg => {
-                            if (arg instanceof Error && arg.stack) {
-                                // Check if this might be a CDP detection attempt
-                                const stackString = arg.stack.toString();
-                                if (stackString.includes('Error.captureStackTrace') || 
-                                    stackString.includes('__puppeteer_evaluation_script__')) {
-                                    return arg.toString();
-                                }
-                            }
-                            return arg;
-                        });
-                        return Reflect.apply(fn, thisArg, filteredArgs);
+        
+        // Override Error.prototype.stack getter with comprehensive sanitization
+        if (originalErrorStackDesc && originalErrorStackDesc.get) {
+            Object.defineProperty(Error.prototype, 'stack', {
+                get: function() {
+                    const stack = originalErrorStackDesc.get.call(this);
+                    return sanitizeStack(stack);
+                },
+                set: function(value) {
+                    if (originalErrorStackDesc.set) {
+                        // Sanitize before setting too
+                        originalErrorStackDesc.set.call(this, sanitizeStack(value));
                     }
-                });
-            }
-            return original;
+                },
+                configurable: true,
+                enumerable: false
+            });
         }
-    });
-    
-    try {
-        Object.defineProperty(window, 'console', {
-            value: protectedConsole,
-            writable: false,
-            configurable: false
+        
+        // Also patch Error.captureStackTrace for V8
+        if (typeof Error.captureStackTrace === 'function') {
+            const originalCaptureStackTrace = Error.captureStackTrace;
+            Error.captureStackTrace = function(targetObject, constructorOpt) {
+                originalCaptureStackTrace.call(this, targetObject, constructorOpt);
+                // Stack will be sanitized when accessed via our getter
+            };
+        }
+        
+        console.log(DEBUG_PREFIX, '✓ Comprehensive Error stack trace sanitization applied');
+        
+        // =============================================================================
+        // PART 2: Console protection
+        // Some CDP detection works by examining how Error objects are serialized in console
+        // =============================================================================
+        
+        const originalConsole = window.console;
+        const consoleMethodsToProtect = ['log', 'warn', 'error', 'info', 'debug', 'trace'];
+        
+        consoleMethodsToProtect.forEach(method => {
+            const original = originalConsole[method];
+            if (typeof original === 'function') {
+                originalConsole[method] = function(...args) {
+                    // Sanitize Error objects before logging
+                    const sanitizedArgs = args.map(arg => {
+                        if (arg instanceof Error) {
+                            // Clone the error with sanitized stack
+                            const sanitizedError = new Error(arg.message);
+                            sanitizedError.name = arg.name;
+                            // stack will be auto-sanitized by our getter
+                            return sanitizedError;
+                        }
+                        return arg;
+                    });
+                    return original.apply(this, sanitizedArgs);
+                };
+                // Hide the patch
+                originalConsole[method].toString = () => \`function \${method}() { [native code] }\`;
+            }
         });
-    } catch (e) {}
-})();`,
-    });
-};
+        
+        console.log(DEBUG_PREFIX, '✓ Console protection applied');
+        
+        // =============================================================================
+        // PART 3: Protect against CDP WebSocket detection
+        // Some advanced detection tries to find the CDP websocket connection
+        // =============================================================================
+        
+        // Override WebSocket to hide CDP connections
+        const originalWebSocket = window.WebSocket;
+        window.WebSocket = function(url, protocols) {
+            // Check if this looks like a CDP connection
+            if (url && typeof url === 'string') {
+                const lowerUrl = url.toLowerCase();
+                if (lowerUrl.includes('devtools') || 
+                    lowerUrl.includes('/json') ||
+                    lowerUrl.includes('ws://localhost:') ||
+                    lowerUrl.includes('ws://127.0.0.1:')) {
+                    // This might be a CDP detection attempt, proceed but mark it
+                    // We can't block it as that would break legitimate websockets
+                }
+            }
+            return new originalWebSocket(url, protocols);
+        };
+        
+        window.WebSocket.prototype = originalWebSocket.prototype;
+        Object.defineProperty(window.WebSocket, 'name', { value: 'WebSocket' });
+        window.WebSocket.toString = () => 'function WebSocket() { [native code] }';
+        
+        console.log(DEBUG_PREFIX, '✓ WebSocket protection applied');
+        
+    } catch (error) {
+        console.error(DEBUG_PREFIX, 'Failed to apply bypass:', error.message);
+    }
+})();
+`;
 //# sourceMappingURL=runtime-enable-bypass.js.map

package/dist/fingerprinting/fingerprint-overrides/runtime-enable-bypass.js.map

@@ -1 +1 @@
-{"version":3,"file":"runtime-enable-bypass.js","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/runtime-enable-bypass.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,CAAC,MAAM,wBAAwB,GAAG,KAAK,EAAE,MAAW,EAAiB,EAAE;IACzE,sDAAsD;IACtD,MAAM,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE;QAClC,UAAU,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAyEd;KACD,CAAC,CAAC;AACP,CAAC,CAAC"}
+{"version":3,"file":"runtime-enable-bypass.js","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/runtime-enable-bypass.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH;;;GAGG;AACH,MAAM,CAAC,MAAM,+BAA+B,GAAG,GAAW,EAAE,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAmQ5D,CAAC"}

package/dist/fingerprinting/fingerprint-overrides/scroll-humanization.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Scroll Humanization Module
+ * Simulates realistic scroll behavior for 2024-2025
+ *
+ * Features:
+ * - Natural scroll momentum physics
+ * - Reading-speed based scroll patterns
+ * - Scroll pause at content sections
+ * - Touch-like vs mouse wheel differentiation
+ * - CDP-level scroll enhancement
+ */
+/**
+ * Scroll configuration
+ */
+interface ScrollConfig {
+    /** Base scroll speed in pixels per scroll event */
+    baseScrollAmount: number;
+    /** Variance in scroll amount */
+    scrollVariance: number;
+    /** Deceleration factor for momentum scrolling */
+    deceleration: number;
+    /** Minimum velocity before stopping */
+    minVelocity: number;
+    /** Reading pause probability (0-1) */
+    readingPauseProbability: number;
+    /** Reading pause duration range in ms [min, max] */
+    readingPauseDuration: [number, number];
+    /** Delay between scroll events in ms */
+    eventDelay: number;
+}
+/**
+ * Generate human-like scroll positions using momentum physics
+ */
+export declare const generateScrollPath: (startY: number, targetY: number, config?: Partial<ScrollConfig>) => {
+    y: number;
+    delay: number;
+}[];
+/**
+ * Create a script that enhances scroll events in the browser
+ */
+export declare const createScrollHumanizationScript: () => string;
+/**
+ * CDP-level human-like scroll function
+ */
+export declare const humanScroll: (client: unknown, targetY: number, config?: Partial<ScrollConfig>) => Promise<void>;
+/**
+ * Scroll to element with human-like behavior
+ */
+export declare const humanScrollToElement: (client: unknown, selector: string, config?: Partial<ScrollConfig>) => Promise<void>;
+/**
+ * Setup scroll humanization at CDP level
+ */
+export declare const setupScrollHumanization: (client: unknown) => Promise<void>;
+export {};
+//# sourceMappingURL=scroll-humanization.d.ts.map

package/dist/fingerprinting/fingerprint-overrides/scroll-humanization.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"scroll-humanization.d.ts","sourceRoot":"","sources":["../../../src/fingerprinting/fingerprint-overrides/scroll-humanization.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;GAEG;AACH,UAAU,YAAY;IAClB,mDAAmD;IACnD,gBAAgB,EAAE,MAAM,CAAC;IACzB,gCAAgC;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,iDAAiD;IACjD,YAAY,EAAE,MAAM,CAAC;IACrB,uCAAuC;IACvC,WAAW,EAAE,MAAM,CAAC;IACpB,sCAAsC;IACtC,uBAAuB,EAAE,MAAM,CAAC;IAChC,oDAAoD;IACpD,oBAAoB,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACvC,wCAAwC;IACxC,UAAU,EAAE,MAAM,CAAC;CACtB;AAYD;;GAEG;AACH,eAAO,MAAM,kBAAkB,WACnB,MAAM,WACL,MAAM,WACP,OAAO,CAAC,YAAY,CAAC,KAC9B;IAAE,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,EAyD9B,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,8BAA8B,QAAO,MA0NjD,CAAC;AAOF;;GAEG;AACH,eAAO,MAAM,WAAW,WACZ,OAAO,WACN,MAAM,WACP,OAAO,CAAC,YAAY,CAAC,KAC9B,OAAO,CAAC,IAAI,CA0Dd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,oBAAoB,WACrB,OAAO,YACL,MAAM,WACR,OAAO,CAAC,YAAY,CAAC,KAC9B,OAAO,CAAC,IAAI,CAuCd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,uBAAuB,WAAkB,OAAO,KAAG,OAAO,CAAC,IAAI,CAY3E,CAAC"}