jumpy-lion 0.1.1 → 0.1.3

package/dist/fingerprinting/fingerprint-overrides/cdp-detection-bypass.js

@@ -0,0 +1,763 @@
+/**
+ * CDP Detection Bypass
+ * Comprehensive CDP and automation detection bypass for 2024-2025
+ *
+ * Handles:
+ * - Iframe contentWindow access hiding
+ * - Puppeteer/Playwright evaluation script traces
+ * - Error.captureStackTrace patching
+ * - Storage access API spoofing
+ * - SourceURL/SourceMap hiding
+ * - Chrome DevTools property removal
+ */
+export const createCDPDetectionBypassScript = () => {
+    return `
+(() => {
+    'use strict';
+
+    // CDP Detection Bypass for 2025
+    const bypassCDPDetection = () => {
+        
+        // 1. Remove Chrome DevTools / Selenium / Puppeteer specific properties
+        const removeAutomationProperties = () => {
+            const cdcProperties = Object.getOwnPropertyNames(window).filter(prop => 
+                prop.startsWith('cdc_') || 
+                prop.startsWith('$cdc_') ||
+                prop.includes('webdriver') ||
+                prop.includes('selenium') ||
+                prop.includes('puppeteer') ||
+                prop.includes('playwright')
+            );
+            
+            cdcProperties.forEach(prop => {
+                try {
+                    delete window[prop];
+                } catch (e) {
+                    try {
+                        Object.defineProperty(window, prop, {
+                            get: () => undefined,
+                            configurable: true
+                        });
+                    } catch (e2) {}
+                }
+            });
+            
+            // Remove from document as well
+            const docProperties = Object.getOwnPropertyNames(document).filter(prop =>
+                prop.startsWith('$') || 
+                prop.includes('webdriver') ||
+                prop.includes('selenium')
+            );
+            
+            docProperties.forEach(prop => {
+                try {
+                    delete document[prop];
+                } catch (e) {}
+            });
+        };
+
+        // Cache parent window fingerprint values for cross-context consistency
+        const parentFingerprintCache = {
+            navigator: {
+                userAgent: navigator.userAgent,
+                platform: navigator.platform,
+                vendor: navigator.vendor,
+                language: navigator.language,
+                languages: navigator.languages ? [...navigator.languages] : ['en-US'],
+                hardwareConcurrency: navigator.hardwareConcurrency,
+                deviceMemory: navigator.deviceMemory,
+                maxTouchPoints: navigator.maxTouchPoints,
+                cookieEnabled: navigator.cookieEnabled,
+                onLine: navigator.onLine,
+                appVersion: navigator.appVersion,
+                appName: navigator.appName,
+                appCodeName: navigator.appCodeName,
+                product: navigator.product,
+                productSub: navigator.productSub,
+                vendorSub: navigator.vendorSub,
+                webdriver: false, // Always false
+            },
+            screen: {
+                width: screen.width,
+                height: screen.height,
+                availWidth: screen.availWidth,
+                availHeight: screen.availHeight,
+                colorDepth: screen.colorDepth,
+                pixelDepth: screen.pixelDepth,
+            }
+        };
+
+        // 2. Override HTMLIFrameElement.prototype.contentWindow to hide CDP access AND ensure consistency
+        const protectIframeContentWindow = () => {
+            const originalContentWindowDescriptor = Object.getOwnPropertyDescriptor(
+                HTMLIFrameElement.prototype, 
+                'contentWindow'
+            );
+            
+            if (originalContentWindowDescriptor) {
+                Object.defineProperty(HTMLIFrameElement.prototype, 'contentWindow', {
+                    get() {
+                        const contentWindow = originalContentWindowDescriptor.get.call(this);
+                        
+                        if (!contentWindow) return contentWindow;
+                        
+                        // Check if the iframe is same-origin
+                        try {
+                            // Access a property to check if we have access
+                            const _ = contentWindow.document;
+                            
+                            // Create a navigator proxy that returns parent values for consistency
+                            const createConsistentNavigatorProxy = (iframeNavigator) => {
+                                return new Proxy(iframeNavigator, {
+                                    get(target, prop) {
+                                        // Return parent window values for fingerprint-sensitive properties
+                                        if (prop in parentFingerprintCache.navigator) {
+                                            return parentFingerprintCache.navigator[prop];
+                                        }
+                                        const value = target[prop];
+                                        if (typeof value === 'function') {
+                                            return value.bind(target);
+                                        }
+                                        return value;
+                                    }
+                                });
+                            };
+                            
+                            // Create a screen proxy that returns parent values
+                            const createConsistentScreenProxy = (iframeScreen) => {
+                                return new Proxy(iframeScreen, {
+                                    get(target, prop) {
+                                        if (prop in parentFingerprintCache.screen) {
+                                            return parentFingerprintCache.screen[prop];
+                                        }
+                                        const value = target[prop];
+                                        if (typeof value === 'function') {
+                                            return value.bind(target);
+                                        }
+                                        return value;
+                                    }
+                                });
+                            };
+                            
+                            // If accessible, wrap it to hide automation traces AND ensure consistency
+                            return new Proxy(contentWindow, {
+                                get(target, prop) {
+                                    // Hide automation-related properties
+                                    if (prop === 'webdriver' || 
+                                        prop === '__webdriver_evaluate' ||
+                                        prop === '__selenium_evaluate' ||
+                                        prop === '__driver_evaluate' ||
+                                        prop === '__webdriver_script_function' ||
+                                        prop === '__webdriver_script_fn' ||
+                                        prop === '__fxdriver_evaluate' ||
+                                        prop === '__webdriver_unwrapped' ||
+                                        String(prop).startsWith('cdc_') ||
+                                        String(prop).startsWith('$cdc_')) {
+                                        return undefined;
+                                    }
+                                    
+                                    // Return consistent navigator
+                                    if (prop === 'navigator') {
+                                        return createConsistentNavigatorProxy(target.navigator);
+                                    }
+                                    
+                                    // Return consistent screen
+                                    if (prop === 'screen') {
+                                        return createConsistentScreenProxy(target.screen);
+                                    }
+                                    
+                                    const value = target[prop];
+                                    if (typeof value === 'function') {
+                                        return value.bind(target);
+                                    }
+                                    return value;
+                                },
+                                has(target, prop) {
+                                    if (String(prop).startsWith('cdc_') || 
+                                        String(prop).startsWith('$cdc_') ||
+                                        prop === 'webdriver') {
+                                        return false;
+                                    }
+                                    return prop in target;
+                                }
+                            });
+                        } catch (e) {
+                            // Cross-origin, return as-is
+                            return contentWindow;
+                        }
+                    },
+                    configurable: true,
+                    enumerable: true
+                });
+            }
+        };
+        
+        // 2b. Intercept iframe creation to ensure overrides apply to dynamically created iframes
+        const interceptIframeCreation = () => {
+            const originalCreateElement = document.createElement.bind(document);
+            
+            document.createElement = function(tagName, options) {
+                const element = originalCreateElement(tagName, options);
+                
+                if (tagName.toLowerCase() === 'iframe') {
+                    // Monitor iframe load to apply overrides
+                    element.addEventListener('load', function iframeLoadHandler() {
+                        try {
+                            const iframeWindow = element.contentWindow;
+                            if (iframeWindow) {
+                                // Apply automation property removal to iframe
+                                const cdcProps = Object.getOwnPropertyNames(iframeWindow).filter(p => 
+                                    p.startsWith('cdc_') || p.startsWith('$cdc_') ||
+                                    p.includes('webdriver') || p.includes('selenium')
+                                );
+                                cdcProps.forEach(prop => {
+                                    try { delete iframeWindow[prop]; } catch (e) {}
+                                });
+                                
+                                // Ensure navigator.webdriver is undefined in iframe
+                                try {
+                                    Object.defineProperty(iframeWindow.navigator, 'webdriver', {
+                                        get: () => undefined,
+                                        configurable: true
+                                    });
+                                } catch (e) {}
+                            }
+                        } catch (e) {
+                            // Cross-origin iframe, cannot access
+                        }
+                    });
+                }
+                
+                return element;
+            };
+            
+            // Register with stealth utils for consistent toString masking
+            const _s2 = typeof __stealth !== 'undefined' ? __stealth : {};
+            if (_s2.utils) {
+                _s2.utils.registerNativeFunction(document.createElement, 'createElement');
+            }
+        };
+
+        // 3. Patch Error.captureStackTrace to hide automation stack frames
+        const patchErrorCaptureStackTrace = () => {
+            if (Error.captureStackTrace) {
+                const originalCaptureStackTrace = Error.captureStackTrace;
+                
+                Error.captureStackTrace = function(targetObject, constructorOpt) {
+                    originalCaptureStackTrace.call(this, targetObject, constructorOpt);
+                    
+                    // Clean the stack trace of automation markers
+                    if (targetObject.stack) {
+                        const cleanStack = targetObject.stack
+                            .split('\\n')
+                            .filter(line => {
+                                const lowerLine = line.toLowerCase();
+                                return !lowerLine.includes('puppeteer') &&
+                                       !lowerLine.includes('playwright') &&
+                                       !lowerLine.includes('selenium') &&
+                                       !lowerLine.includes('webdriver') &&
+                                       !lowerLine.includes('__puppeteer_evaluation_script__') &&
+                                       !lowerLine.includes('__playwright_evaluation_script__') &&
+                                       !lowerLine.includes('evaluateonNewDocument') &&
+                                       !lowerLine.includes('pptr:') &&
+                                       !lowerLine.includes('devtools://');
+                            })
+                            .join('\\n');
+                        
+                        Object.defineProperty(targetObject, 'stack', {
+                            value: cleanStack,
+                            writable: true,
+                            configurable: true
+                        });
+                    }
+                };
+            }
+        };
+
+        // 4. Override Function constructor to hide sourceURL
+        const protectFunctionConstructor = () => {
+            const OriginalFunction = Function;
+            
+            const FunctionProxy = new Proxy(OriginalFunction, {
+                construct(target, args) {
+                    // Remove sourceURL comments from function body
+                    if (args.length > 0) {
+                        const lastArg = args[args.length - 1];
+                        if (typeof lastArg === 'string') {
+                            args[args.length - 1] = lastArg
+                                .replace(/\\/\\/# sourceURL=[^\\n]*/g, '')
+                                .replace(/\\/\\/# sourceMappingURL=[^\\n]*/g, '')
+                                .replace(/__puppeteer_evaluation_script__/g, 'anonymous')
+                                .replace(/__playwright_evaluation_script__/g, 'anonymous')
+                                .replace(/pptr:[^\\n]*/g, '');
+                        }
+                    }
+                    
+                    return Reflect.construct(target, args);
+                },
+                apply(target, thisArg, args) {
+                    if (args.length > 0) {
+                        const lastArg = args[args.length - 1];
+                        if (typeof lastArg === 'string') {
+                            args[args.length - 1] = lastArg
+                                .replace(/\\/\\/# sourceURL=[^\\n]*/g, '')
+                                .replace(/\\/\\/# sourceMappingURL=[^\\n]*/g, '')
+                                .replace(/__puppeteer_evaluation_script__/g, 'anonymous')
+                                .replace(/__playwright_evaluation_script__/g, 'anonymous');
+                        }
+                    }
+                    
+                    return Reflect.apply(target, thisArg, args);
+                },
+                get(target, prop) {
+                    // Return the original prototype when accessing .prototype
+                    if (prop === 'prototype') {
+                        return OriginalFunction.prototype;
+                    }
+                    return Reflect.get(target, prop);
+                },
+                set(target, prop, value) {
+                    // Prevent setting prototype or other frozen properties
+                    if (prop === 'prototype') {
+                        return true; // Silently ignore
+                    }
+                    return Reflect.set(target, prop, value);
+                }
+            });
+            
+            // Use defineProperty to replace Function without modifying frozen prototype
+            try {
+                Object.defineProperty(window, 'Function', {
+                    value: FunctionProxy,
+                    writable: true,
+                    enumerable: false,
+                    configurable: true
+                });
+            } catch (e) {
+                // If we can't redefine, just assign
+                window.Function = FunctionProxy;
+            }
+        };
+
+        // 5. Override eval to hide sourceURL
+        const protectEval = () => {
+            const originalEval = window.eval;
+            
+            window.eval = function(code) {
+                if (typeof code === 'string') {
+                    code = code
+                        .replace(/\\/\\/# sourceURL=[^\\n]*/g, '')
+                        .replace(/\\/\\/# sourceMappingURL=[^\\n]*/g, '')
+                        .replace(/__puppeteer_evaluation_script__/g, 'anonymous')
+                        .replace(/__playwright_evaluation_script__/g, 'anonymous')
+                        .replace(/pptr:[^)\\n]*/g, 'eval');
+                }
+                
+                return originalEval.call(this, code);
+            };
+            
+            // Register with stealth utils for consistent toString masking
+            const _s3 = typeof __stealth !== 'undefined' ? __stealth : {};
+            if (_s3.utils) {
+                _s3.utils.registerNativeFunction(window.eval, 'eval');
+            }
+        };
+
+        // 6. Override document.hasStorageAccess for sandbox detection
+        const protectStorageAccess = () => {
+            if (document.hasStorageAccess) {
+                const originalHasStorageAccess = document.hasStorageAccess;
+                
+                document.hasStorageAccess = function() {
+                    // Always return a promise that resolves to true for same-origin
+                    return Promise.resolve(true);
+                };
+                
+                const _s4 = typeof __stealth !== 'undefined' ? __stealth : {};
+                if (_s4.utils) _s4.utils.registerNativeFunction(document.hasStorageAccess, 'hasStorageAccess');
+            }
+            
+            if (document.requestStorageAccess) {
+                document.requestStorageAccess = function() {
+                    return Promise.resolve();
+                };
+            }
+        };
+
+        // 7. Protect window.name from automation markers
+        const protectWindowName = () => {
+            let windowName = window.name;
+            
+            Object.defineProperty(window, 'name', {
+                get() {
+                    // Filter out automation-related markers from window name
+                    if (windowName && typeof windowName === 'string') {
+                        if (windowName.includes('puppeteer') || 
+                            windowName.includes('playwright') ||
+                            windowName.includes('selenium') ||
+                            windowName.includes('webdriver')) {
+                            return '';
+                        }
+                    }
+                    return windowName;
+                },
+                set(value) {
+                    windowName = value;
+                },
+                configurable: true,
+                enumerable: true
+            });
+        };
+
+        // 8. Override Object.getOwnPropertyDescriptor to hide automation properties
+        // AND make overridden properties appear native (configurable: false)
+        const protectPropertyDescriptor = () => {
+            const originalGetOwnPropertyDescriptor = Object.getOwnPropertyDescriptor;
+            
+            // Properties that should appear as native (configurable: false)
+            const nativeNavigatorProps = new Set([
+                'userAgent', 'platform', 'vendor', 'vendorSub', 'productSub',
+                'hardwareConcurrency', 'deviceMemory', 'maxTouchPoints',
+                'language', 'languages', 'cookieEnabled', 'onLine', 'webdriver',
+                'plugins', 'mimeTypes', 'userAgentData', 'connection',
+                'pdfViewerEnabled', 'doNotTrack', 'appCodeName', 'appName',
+                'appVersion', 'product', 'oscpu'
+            ]);
+            
+            const nativeScreenProps = new Set([
+                'width', 'height', 'availWidth', 'availHeight', 'colorDepth',
+                'pixelDepth', 'availLeft', 'availTop', 'orientation'
+            ]);
+            
+            const nativeWindowProps = new Set([
+                'devicePixelRatio', 'innerWidth', 'innerHeight', 'outerWidth',
+                'outerHeight', 'screenX', 'screenY', 'screenLeft', 'screenTop'
+            ]);
+            
+            Object.getOwnPropertyDescriptor = function(obj, prop) {
+                // Hide automation-related properties
+                if (obj === navigator && prop === 'webdriver') {
+                    return undefined;
+                }
+                
+                if (typeof prop === 'string' && 
+                    (prop.startsWith('cdc_') || 
+                     prop.startsWith('$cdc_') ||
+                     prop.includes('__webdriver') ||
+                     prop.includes('__selenium') ||
+                     prop.includes('__puppeteer') ||
+                     prop.includes('__playwright'))) {
+                    return undefined;
+                }
+                
+                // Get the real descriptor
+                const descriptor = originalGetOwnPropertyDescriptor.call(this, obj, prop);
+                
+                if (!descriptor) return descriptor;
+                
+                // Make navigator properties appear native
+                if (obj === navigator && nativeNavigatorProps.has(prop)) {
+                    return {
+                        ...descriptor,
+                        configurable: false,
+                        enumerable: true
+                    };
+                }
+                
+                // Make screen properties appear native
+                if (obj === screen && nativeScreenProps.has(prop)) {
+                    return {
+                        ...descriptor,
+                        configurable: false,
+                        enumerable: true
+                    };
+                }
+                
+                // Make window properties appear native
+                if (obj === window && nativeWindowProps.has(prop)) {
+                    return {
+                        ...descriptor,
+                        configurable: false,
+                        enumerable: true
+                    };
+                }
+                
+                // Check prototype integrity module for fake descriptors
+                const _s = typeof __stealth !== 'undefined' ? __stealth : {};
+                if (_s.integrity) {
+                    const protoIntegrity = _s.integrity;
+                    if (protoIntegrity.isOverridden && protoIntegrity.isOverridden(obj, prop)) {
+                        const fakeDesc = protoIntegrity.createNativeDescriptor(obj, prop, descriptor);
+                        if (fakeDesc) return fakeDesc;
+                    }
+                }
+                
+                return descriptor;
+            };
+            
+            // Also patch Reflect.getOwnPropertyDescriptor
+            if (typeof Reflect !== 'undefined' && Reflect.getOwnPropertyDescriptor) {
+                const originalReflectGetOwnPropertyDescriptor = Reflect.getOwnPropertyDescriptor;
+                
+                Reflect.getOwnPropertyDescriptor = function(obj, prop) {
+                    // Use our patched Object.getOwnPropertyDescriptor
+                    return Object.getOwnPropertyDescriptor(obj, prop);
+                };
+            }
+        };
+        
+        // 8b. Protect Object.getPrototypeOf from revealing automation
+        const protectGetPrototypeOf = () => {
+            const originalGetPrototypeOf = Object.getPrototypeOf;
+            const originalReflectGetPrototypeOf = typeof Reflect !== 'undefined' ? Reflect.getPrototypeOf : null;
+            
+            // Cache expected prototypes
+            const expectedPrototypes = new Map();
+            expectedPrototypes.set(navigator, Navigator.prototype);
+            expectedPrototypes.set(screen, Screen.prototype);
+            expectedPrototypes.set(window, Window.prototype);
+            expectedPrototypes.set(document, HTMLDocument.prototype);
+            
+            Object.getPrototypeOf = function(obj) {
+                const proto = originalGetPrototypeOf.call(this, obj);
+                
+                // Ensure navigator returns Navigator.prototype
+                if (obj === navigator) {
+                    return Navigator.prototype;
+                }
+                
+                // Ensure screen returns Screen.prototype  
+                if (obj === screen) {
+                    return Screen.prototype;
+                }
+                
+                return proto;
+            };
+            
+            if (originalReflectGetPrototypeOf) {
+                Reflect.getPrototypeOf = function(obj) {
+                    return Object.getPrototypeOf(obj);
+                };
+            }
+        };
+
+        // 9. Override Object.getOwnPropertyNames to hide automation properties
+        const protectPropertyNames = () => {
+            const originalGetOwnPropertyNames = Object.getOwnPropertyNames;
+            
+            Object.getOwnPropertyNames = function(obj) {
+                const names = originalGetOwnPropertyNames.call(this, obj);
+                
+                return names.filter(name => {
+                    const lowerName = name.toLowerCase();
+                    return !name.startsWith('cdc_') &&
+                           !name.startsWith('$cdc_') &&
+                           !lowerName.includes('webdriver') &&
+                           !lowerName.includes('selenium') &&
+                           !lowerName.includes('puppeteer') &&
+                           !lowerName.includes('playwright') &&
+                           !name.startsWith('__driver') &&
+                           !name.startsWith('__selenium') &&
+                           !name.startsWith('__webdriver');
+                });
+            };
+        };
+
+        // 10. Override Object.keys similarly
+        const protectObjectKeys = () => {
+            const originalKeys = Object.keys;
+            
+            Object.keys = function(obj) {
+                const keys = originalKeys.call(this, obj);
+                
+                return keys.filter(key => {
+                    const lowerKey = key.toLowerCase();
+                    return !key.startsWith('cdc_') &&
+                           !key.startsWith('$cdc_') &&
+                           !lowerKey.includes('webdriver') &&
+                           !lowerKey.includes('selenium') &&
+                           !lowerKey.includes('puppeteer');
+                });
+            };
+        };
+
+        // 11. Protect against Reflect.ownKeys detection
+        const protectReflectOwnKeys = () => {
+            const originalOwnKeys = Reflect.ownKeys;
+            
+            Reflect.ownKeys = function(obj) {
+                const keys = originalOwnKeys.call(this, obj);
+                
+                return keys.filter(key => {
+                    const keyStr = String(key).toLowerCase();
+                    return !keyStr.startsWith('cdc_') &&
+                           !keyStr.startsWith('$cdc_') &&
+                           !keyStr.includes('webdriver') &&
+                           !keyStr.includes('selenium') &&
+                           !keyStr.includes('puppeteer');
+                });
+            };
+        };
+
+        // 12. Protect navigator.permissions.query for automation detection
+        const protectPermissionsQuery = () => {
+            if (navigator.permissions && navigator.permissions.query) {
+                const originalQuery = navigator.permissions.query;
+                
+                navigator.permissions.query = function(descriptor) {
+                    // Handle notifications permission specifically
+                    if (descriptor && descriptor.name === 'notifications') {
+                        return Promise.resolve({
+                            state: 'prompt',
+                            name: 'notifications',
+                            onchange: null,
+                            addEventListener: () => {},
+                            removeEventListener: () => {},
+                            dispatchEvent: () => true
+                        });
+                    }
+                    
+                    return originalQuery.apply(this, arguments);
+                };
+            }
+        };
+
+        // 13. Protect MediaSession API
+        const protectMediaSession = () => {
+            if (navigator.mediaSession) {
+                // Ensure mediaSession appears properly configured
+                try {
+                    Object.defineProperty(navigator.mediaSession, 'playbackState', {
+                        get: () => 'none',
+                        configurable: true
+                    });
+                } catch (e) {}
+            }
+        };
+
+        // 14. Protect against CDP Runtime detection via timing
+        // NOTE: Previously enforced 1ms minimum gap between Date.now() calls,
+        // but this itself is detectable (real browsers can return same ms value).
+        // Removed artificial gap - just pass through to native Date.now.
+        const protectRuntimeTiming = () => {
+            // No-op: Date.now should behave naturally
+        };
+
+        // 15. Protect native constructor toString (DataDome checks these)
+        const protectConstructorToString = () => {
+            // List of constructors that DataDome checks
+            const constructorsToProtect = [
+                { name: 'CompressionStream', ctor: typeof CompressionStream !== 'undefined' ? CompressionStream : null },
+                { name: 'MutationObserver', ctor: typeof MutationObserver !== 'undefined' ? MutationObserver : null },
+                { name: 'Date', ctor: Date },
+                { name: 'Worker', ctor: typeof Worker !== 'undefined' ? Worker : null },
+                { name: 'Error', ctor: Error },
+                { name: 'Promise', ctor: Promise },
+                { name: 'Proxy', ctor: typeof Proxy !== 'undefined' ? Proxy : null },
+                { name: 'Reflect', ctor: typeof Reflect !== 'undefined' ? Reflect : null },
+                { name: 'Map', ctor: Map },
+                { name: 'Set', ctor: Set },
+                { name: 'WeakMap', ctor: WeakMap },
+                { name: 'WeakSet', ctor: WeakSet },
+                { name: 'Symbol', ctor: Symbol },
+                { name: 'ArrayBuffer', ctor: ArrayBuffer },
+                { name: 'DataView', ctor: DataView },
+                { name: 'Intl', ctor: typeof Intl !== 'undefined' ? Intl : null }
+            ];
+            
+            constructorsToProtect.forEach(({ name, ctor }) => {
+                if (!ctor) return;
+                
+                try {
+                    // Make the constructor's toString return native code
+                    const nativeString = \`function \${name}() { [native code] }\`;
+                    
+                    Object.defineProperty(ctor, 'toString', {
+                        value: function() { return nativeString; },
+                        writable: true,
+                        configurable: true
+                    });
+                    
+                    // Also protect the prototype.constructor if it exists
+                    if (ctor.prototype && ctor.prototype.constructor) {
+                        Object.defineProperty(ctor.prototype.constructor, 'toString', {
+                            value: function() { return nativeString; },
+                            writable: true,
+                            configurable: true
+                        });
+                    }
+                } catch (e) {
+                    // Some constructors may be frozen, skip them
+                }
+            });
+        };
+
+        // 16. Clean up any existing automation markers in the DOM
+        const cleanDOMAutomationMarkers = () => {
+            // Remove data attributes that might indicate automation
+            const elements = document.querySelectorAll('[data-webdriver], [data-selenium], [data-puppeteer]');
+            elements.forEach(el => {
+                el.removeAttribute('data-webdriver');
+                el.removeAttribute('data-selenium');
+                el.removeAttribute('data-puppeteer');
+            });
+            
+            // Clean script tags with automation-related src
+            const scripts = document.querySelectorAll('script');
+            scripts.forEach(script => {
+                if (script.src && (
+                    script.src.includes('puppeteer') ||
+                    script.src.includes('playwright') ||
+                    script.src.includes('selenium')
+                )) {
+                    script.remove();
+                }
+            });
+        };
+
+        // Initialize all protections
+        try {
+            removeAutomationProperties();
+            protectIframeContentWindow();
+            interceptIframeCreation(); // Ensure dynamic iframes get overrides
+            patchErrorCaptureStackTrace();
+            protectFunctionConstructor();
+            protectEval();
+            protectStorageAccess();
+            protectWindowName();
+            protectPropertyDescriptor();
+            protectGetPrototypeOf(); // NEW: Protect Object.getPrototypeOf
+            protectPropertyNames();
+            protectObjectKeys();
+            protectReflectOwnKeys();
+            protectPermissionsQuery();
+            protectMediaSession();
+            protectRuntimeTiming();
+            protectConstructorToString(); // DataDome checks constructor.toString()
+            
+            // Clean DOM after a short delay to catch dynamically added elements
+            if (document.readyState === 'loading') {
+                document.addEventListener('DOMContentLoaded', cleanDOMAutomationMarkers);
+            } else {
+                cleanDOMAutomationMarkers();
+            }
+        } catch (e) {
+            console.error('[CDP-DETECTION-BYPASS] Failed to apply CDP detection bypass:', e);
+            throw e; // Rethrow to make errors visible
+        }
+    };
+
+    const DEBUG_PREFIX = '[CDP-FP-DEBUG]';
+    const ERROR_PREFIX = '[CDP-FP-ERROR]';
+    
+    try {
+        console.log(DEBUG_PREFIX, 'Starting CDP detection bypass...');
+        bypassCDPDetection();
+        console.log(DEBUG_PREFIX, '✓ CDP detection bypass applied');
+    } catch (e) {
+        console.error(ERROR_PREFIX, '✗ Failed to apply CDP detection bypass:', e);
+        throw e;
+    }
+})();`;
+};
+//# sourceMappingURL=cdp-detection-bypass.js.map