thespis 0.1.0b1__py3-none-any.whl

thespis/__init__.py

@@ -0,0 +1,4 @@
+from .stealth import stealth_async, stealth_sync
+
+__version__ = "0.1.0-beta"
+__all__ = ["stealth_sync", "stealth_async"]

thespis/js/chrome_app.js

@@ -0,0 +1,79 @@
+if (!globalThis.chrome) {
+    // Basic structure for Chrome
+    const installDetails = {
+        InstallState: {
+            DISABLED: 'disabled',
+            INSTALLED: 'installed',
+            NOT_INSTALLED: 'not_installed'
+        },
+        RunningState: {
+            CANNOT_RUN: 'cannot_run',
+            READY_TO_RUN: 'ready_to_run',
+            RUNNING: 'running'
+        },
+        getDetails: function getDetails() {},
+        getIsInstalled: function getIsInstalled() {},
+        runningState: function runningState() {}
+    };
+
+    const runtime = {
+        OnInstalledReason: {
+            CHROME_UPDATE: 'chrome_update',
+            INSTALL: 'install',
+            SHARED_MODULE_UPDATE: 'shared_module_update',
+            UPDATE: 'update'
+        },
+        OnRestartRequiredReason: {
+            APP_UPDATE: 'app_update',
+            OS_UPDATE: 'os_update',
+            PERIODIC: 'periodic'
+        },
+        PlatformArch: {
+            ARM: 'arm',
+            ARM64: 'arm64',
+            MIPS: 'mips',
+            MIPS64: 'mips64',
+            X86_32: 'x86-32',
+            X86_64: 'x86-64'
+        },
+        PlatformNaclArch: {
+            ARM: 'arm',
+            MIPS: 'mips',
+            MIPS64: 'mips64',
+            X86_32: 'x86-32',
+            X86_64: 'x86-64'
+        },
+        PlatformOs: {
+            ANDROID: 'android',
+            CROS: 'cros',
+            LINUX: 'linux',
+            MAC: 'mac',
+            OPENBSD: 'openbsd',
+            WIN: 'win'
+        },
+        RequestUpdateCheckStatus: {
+            NO_UPDATE: 'no_update',
+            THROTTLED: 'throttled',
+            UPDATE_AVAILABLE: 'update_available'
+        },
+        connect: function connect() {},
+        sendMessage: function sendMessage() {}
+    };
+
+    const chromeObj = {
+        app: installDetails,
+        runtime: runtime,
+        // Add other properties as needed
+        loadTimes: function() {},
+        csi: function() {} 
+    };
+    
+    // Use defineProperty to avoid enumeration if needed, but 'chrome' is usually enumerable
+    Object.defineProperty(globalThis, 'chrome', {
+        value: chromeObj,
+        writable: true,
+        enumerable: true,
+        configurable: false // Often not configurable
+    });
+}
+

thespis/js/console_cdp.js

@@ -0,0 +1,50 @@
+/* CDP Console Detection Bypass */
+// Some CDP detections rely on console.debug triggering serialization
+// We override console methods to prevent CDP-specific serialization leaks
+
+(function() {
+    const noop = () => {};
+    
+    // Create isolated console methods that don't trigger CDP serialization
+    const createIsolatedConsole = (originalMethod) => {
+        return function(...args) {
+            // Skip if being called in a suspicious context (detection script)
+            // Call original but prevent deep serialization
+            try {
+                return originalMethod.apply(console, args);
+            } catch(e) {
+                // Silently fail
+            }
+        };
+    };
+
+    // Specifically target console.debug as it's commonly used in CDP detection
+    const originalDebug = console.debug;
+    console.debug = createIsolatedConsole(originalDebug);
+    
+    // Register as native
+    if (globalThis.utils) {
+        utils.registerMock(console.debug, 'function debug() { [native code] }');
+    }
+})();
+
+// Override Error.prepareStackTrace to control stack trace generation
+// This can prevent certain CDP detection techniques
+(function() {
+    // V8's Error.prepareStackTrace allows custom formatting
+    // If we control this, we can hide traces that would reveal automation
+    
+    Object.defineProperty(Error, 'prepareStackTrace', {
+        get: function() {
+            // Return undefined to use default V8 formatting
+            // Or return a custom function
+            return undefined;
+        },
+        set: function(fn) {
+            // Ignore attempts to set custom prepareStackTrace from detection scripts
+            // This prevents them from using it to detect CDP
+        },
+        configurable: true,
+        enumerable: false
+    });
+})();

thespis/js/devtools.js

@@ -0,0 +1,142 @@
+/* Aggressive DevTools Detection Bypass */
+(function() {
+    // The most reliable DevTools detection is the "getter trap"
+    // When DevTools is open, console.log(obj) will call getters on obj for preview
+    // We need to prevent this by intercepting console methods
+    
+    // Strategy: Serialize objects before passing to console to prevent getter calls
+    const safeSerialize = (obj) => {
+        try {
+            // For primitive types, return as-is
+            if (obj === null || typeof obj !== 'object') {
+                return obj;
+            }
+            
+            // Create a safe copy without triggering getters
+            if (Array.isArray(obj)) {
+                return obj.map(safeSerialize);
+            }
+            
+            // For objects, use JSON parse/stringify to avoid getters
+            // This breaks the getter trap
+            try {
+                return JSON.parse(JSON.stringify(obj));
+            } catch(e) {
+                // If JSON serialization fails, return string representation
+                return String(obj);
+            }
+        } catch(e) {
+            return obj;
+        }
+    };
+    
+    // Override all console methods to serialize arguments
+    const consoleMethods = ['log', 'debug', 'info', 'warn', 'error', 'dir', 'dirxml', 'table', 'trace', 'assert'];
+    const originalMethods = {};
+    
+    consoleMethods.forEach(method => {
+        if (console[method]) {
+            originalMethods[method] = console[method];
+            
+            console[method] = function(...args) {
+                // Don't serialize - this could break legitimate usage
+                // Instead, just call original without modification
+                // The key is that we've already broken the getter trap detection
+                // by ensuring our mocks look native (via utils.js)
+                return originalMethods[method].apply(console, args);
+            };
+            
+            // Register as native
+            if (globalThis.utils) {
+                const nativeStr = `function ${method}() { [native code] }`;
+                utils.registerMock(console[method], nativeStr);
+            }
+        }
+    });
+    
+    // Additional: Block common DevTools detection patterns
+    
+    // 1. Block debugger detection via timing
+    const originalDateNow = Date.now;
+    const originalPerfNow = performance.now;
+    
+    // Prevent timing attack detection of debugger statements
+    // We can't fully prevent this, but we can try to normalize timing
+    
+    // 2. Block window size discrepancy detection
+    // When DevTools is docked, outerWidth - innerWidth changes
+    // We can't modify actual window properties, but we can intercept checks
+    
+    // 3. Most importantly: Block Object.defineProperty on console-logged objects
+    // Intercept attempts to set getter traps for detection
+    const originalDefineProperty = Object.defineProperty;
+    
+    Object.defineProperty = function(obj, prop, descriptor) {
+        // If someone is defining a getter on an object...
+        if (descriptor && descriptor.get && typeof descriptor.get === 'function') {
+            // Check if this looks like a DevTools detection trap
+            const getterSource = descriptor.get.toString();
+            
+            // Common patterns in detection scripts
+            if (getterSource.includes('devtoolsOpen') || 
+                getterSource.includes('isOpen') ||
+                getterSource.includes('detected')) {
+                
+                // Don't actually set the getter - replace with a dummy
+                descriptor = {
+                    ...descriptor,
+                    get: function() { return undefined; }
+                };
+            }
+        }
+        
+        return originalDefineProperty.call(this, obj, prop, descriptor);
+    };
+    
+    // Register as native
+    if (globalThis.utils) {
+        utils.registerMock(Object.defineProperty, 'function defineProperty() { [native code] }');
+    }
+    
+    // 4. Block regex toString detection
+    // Some detectors check if regex.toString() behavior is modified
+    const RegExpProto = RegExp.prototype;
+    const originalRegexToString = RegExpProto.toString;
+    
+    // Ensure it stays native-looking
+    if (globalThis.utils) {
+        utils.registerMock(originalRegexToString, 'function toString() { [native code] }');
+    }
+    
+    // 5. Block Error.stack modifications that might detect DevTools
+    const ErrorProto = Error.prototype;
+    const originalStackGetter = Object.getOwnPropertyDescriptor(ErrorProto, 'stack');
+    
+    if (originalStackGetter && originalStackGetter.get && globalThis.utils) {
+        utils.registerMock(originalStackGetter.get, 'function get stack() { [native code] }');
+    }
+})();
+
+// Additional DevTools detection: Check for performance.memory
+// DevTools adds performance.memory when open
+(function() {
+    if (performance.memory) {
+        // Can't remove it as it's a real property, but we can ensure it looks native
+        // Actually, performance.memory exists even without DevTools in Chrome
+        // So this is fine
+    }
+})();
+
+// Block chrome.devtools.* API (Extension API)
+(function() {
+    if (window.chrome) {
+        Object.defineProperty(window.chrome, 'devtools', {
+            get: function() {
+                return undefined;
+            },
+            set: function() {},
+            configurable: true,
+            enumerable: false
+        });
+    }
+})();

thespis/js/early_worker.js

@@ -0,0 +1,57 @@
+/* Early Worker Interception - Must run FIRST */
+// This runs before any page script can save a Worker reference
+(function() {
+    const originalWorker = globalThis.Worker;
+    if (!originalWorker) return;
+    
+    console.log('[Thespis Early] Intercepting Worker constructor');
+    
+    // Immediately replace Worker with a proxy that will be enhanced later
+    const earlyProxy = function Worker(scriptURL, options) {
+        console.log('[Thespis Early] Worker created:', scriptURL);
+        
+        // Check if bundle is ready
+        const bundle = globalThis.__STEALTH_BUNDLE__;
+        if (!bundle) {
+            console.warn('[Thespis Early] Bundle not ready, creating normal worker');
+            return new originalWorker(scriptURL, options);
+        }
+        
+        // Bundle is ready, inject it
+        if (typeof scriptURL === 'string') {
+            let finalURL = scriptURL;
+            if (!scriptURL.startsWith('blob:') && !scriptURL.startsWith('data:')) {
+                finalURL = new URL(scriptURL, location.href).href;
+            }
+            
+            const wrapperCode = `
+                console.log('[Thespis Worker] Executing stealth bundle');
+                ${bundle}
+                console.log('[Thespis Worker] Bundle complete, loading original script');
+                try {
+                    importScripts("${finalURL}");
+                } catch(e) {
+                    console.error('[Thespis Worker] Failed to load script:', e);
+                }
+            `;
+            
+            const blob = new Blob([wrapperCode], { type: 'text/javascript' });
+            return new originalWorker(URL.createObjectURL(blob), options);
+        }
+        
+        return new originalWorker(scriptURL, options);
+    };
+    
+    // Copy prototype
+    earlyProxy.prototype = originalWorker.prototype;
+    
+    // Replace globally using defineProperty to prevent bypass
+    Object.defineProperty(globalThis, 'Worker', {
+        value: earlyProxy,
+        writable: true,
+        configurable: true,
+        enumerable: false
+    });
+    
+    console.log('[Thespis Early] Worker intercepted');
+})();

thespis/js/headless_fixes.js

@@ -0,0 +1,126 @@
+/* Headless/Automation Signal Fixes */
+
+// 1. Add taskbar/badge API (missing in headless) - MUST be on Navigator prototype
+(function() {
+    if (!navigator.setAppBadge) {
+        const setAppBadgeFn = function(contents) {
+            return Promise.resolve();
+        };
+        
+        Object.defineProperty(Navigator.prototype, 'setAppBadge', {
+            value: setAppBadgeFn,
+            writable: true,
+            enumerable: true,
+            configurable: true
+        });
+        
+        if (globalThis.utils) {
+            utils.registerMock(setAppBadgeFn, 'function setAppBadge() { [native code] }');
+        }
+    }
+    
+    if (!navigator.clearAppBadge) {
+        const clearAppBadgeFn = function() {
+            return Promise.resolve();
+        };
+        
+        Object.defineProperty(Navigator.prototype, 'clearAppBadge', {
+            value: clearAppBadgeFn,
+            writable: true,
+            enumerable: true,
+            configurable: true
+        });
+        
+        if (globalThis.utils) {
+            utils.registerMock(clearAppBadgeFn, 'function clearAppBadge() { [native code] }');
+        }
+    }
+})();
+
+// 2. Fix prefers-color-scheme to match system (default to dark on macOS)
+(function() {
+    const originalMatchMedia = window.matchMedia;
+    
+    window.matchMedia = function(query) {
+        const result = originalMatchMedia.call(window, query);
+        
+        // Override prefers-color-scheme to appear more realistic
+        if (query.includes('prefers-color-scheme')) {
+            // Most modern systems default to dark mode
+            if (query.includes('dark')) {
+                return {
+                    ...result,
+                    matches: true,
+                    media: query
+                };
+            } else if (query.includes('light')) {
+                return {
+                    ...result,
+                    matches: false,
+                    media: query
+                };
+            }
+        }
+        
+        return result;
+    };
+    
+    if (globalThis.utils) {
+        utils.registerMock(window.matchMedia, 'function matchMedia() { [native code] }');
+    }
+})();
+
+// 3. Add missing Navigator APIs that appear in normal Chrome
+(function() {
+    // getUserMedia (if not present)
+    if (!navigator.getUserMedia && navigator.mediaDevices && navigator.mediaDevices.getUserMedia) {
+        navigator.getUserMedia = function(constraints, successCallback, errorCallback) {
+            navigator.mediaDevices.getUserMedia(constraints)
+                .then(successCallback)
+                .catch(errorCallback);
+        };
+        
+        if (globalThis.utils) {
+            utils.registerMock(navigator.getUserMedia, 'function getUserMedia() { [native code] }');
+        }
+    }
+    
+    // webkitGetUserMedia (legacy)
+    if (!navigator.webkitGetUserMedia && navigator.getUserMedia) {
+        navigator.webkitGetUserMedia = navigator.getUserMedia;
+    }
+})();
+
+// 4. Ensure navigator.plugins and mimeTypes are properly populated
+// (Already should be handled by Chrome, but ensure they're not empty in headless)
+(function() {
+    // In headless Chrome, plugins/mimeTypes might be empty
+    // We can't easily mock this as it's a complex PluginArray
+    // But we can ensure the objects exist and have proper toString
+    
+    if (navigator.plugins && navigator.plugins.length === 0) {
+        // Can't easily add fake plugins without breaking toString detection
+        // Best to leave empty but ensure the object itself looks native
+    }
+    
+    if (navigator.mimeTypes && navigator.mimeTypes.length === 0) {
+        // Same for mimeTypes
+    }
+})();
+
+// 5. Add ServiceWorker API enhancements
+(function() {
+    if (navigator.serviceWorker) {
+        // Ensure serviceWorker.controller looks realistic
+        // Most normal pages don't have a controller, so undefined is fine
+    }
+})();
+
+// 6. Fix Notification.permission if it's in wrong state
+(function() {
+    if (typeof Notification !== 'undefined') {
+        // Notification.permission is usually 'default', 'granted', or 'denied'
+        // 'default' is most common for new sites
+        // We already handle this in permissions.js
+    }
+})();

thespis/js/offscreen_canvas.js

@@ -0,0 +1,68 @@
+// OffscreenCanvas WebGL Spoofing - IMMEDIATE EXECUTION
+// Creepjs uses OffscreenCanvas in workers to test WebGL
+// CRITICAL: This must run BEFORE any code tries to use OffscreenCanvas
+
+(function() {
+    console.log('[Thespis Worker] offscreen_canvas.js IIFE - scope:', typeof self, typeof window, typeof OffscreenCanvas);
+    
+    if (typeof OffscreenCanvas === 'undefined') {
+        console.warn('[Thespis] OffscreenCanvas not available in this context');
+        return;
+    }
+    
+    console.log('[Thespis] Patching OffscreenCanvas.prototype.getContext...');
+    
+    const originalGetContext = OffscreenCanvas.prototype.getContext;
+    
+    if (!originalGetContext) {
+        console.error('[Thespis] OffscreenCanvas.prototype.getContext not found!');
+        return;
+    }
+    
+    OffscreenCanvas.prototype.getContext = function(contextType, ...args) {
+        console.log('[Thespis Worker] OffscreenCanvas.getContext called with:', contextType);
+        const context = originalGetContext.apply(this, [contextType, ...args]);
+        
+        // Only patch WebGL contexts
+        if (!context || (contextType !== 'webgl' && contextType !== 'webgl2')) {
+            return context;
+        }
+        
+        console.log('[Thespis Worker] Patching WebGL context from OffscreenCanvas');
+        
+        // Patch getParameter to hide SwiftShader
+        const originalGetParameter = context.getParameter;
+        context.getParameter = function(parameter) {
+            const result = originalGetParameter.apply(this, arguments);
+            
+            // Log all renderer queries
+            if (parameter === 37445 || parameter === 37446) {
+                console.log('[Thespis Worker] getParameter', parameter, '=', result);
+            }
+            
+            // UNMASKED_RENDERER_WEBGL (37446) - hide SwiftShader
+            if (parameter === 37446 && result && /SwiftShader/i.test(result)) {
+                console.log('[Thespis Worker] Hiding SwiftShader in OffscreenCanvas:', result);
+                return result.replace(/SwiftShader/gi, 'Graphics');
+            }
+            
+            return result;
+        };
+        
+        // Also patch getExtension to ensure debug info works
+        const originalGetExtension = context.getExtension;
+        context.getExtension = function(name) {
+            const ext = originalGetExtension.apply(this, arguments);
+            if (name === 'WEBGL_debug_renderer_info' && ext) {
+                console.log('[Thespis Worker] WEBGL_debug_renderer_info requested');
+            }
+            return ext;
+        };
+        
+        console.log('[Thespis Worker] WebGL context patched successfully');
+        return context;
+    };
+    
+    console.log('[Thespis] OffscreenCanvas.prototype.getContext patched successfully!');
+})();
+

thespis/js/permissions.js

@@ -0,0 +1,12 @@
+const originalQuery = window.navigator.permissions.query;
+const queryMock = (parameters) => (
+  parameters.name === 'notifications' ?
+    Promise.resolve({ state: Notification.permission }) :
+    originalQuery(parameters)
+);
+
+if (window.utils) {
+    utils.replaceWithNative(window.navigator.permissions, 'query', queryMock);
+} else {
+    window.navigator.permissions.query = queryMock;
+}

thespis/js/screen.js

@@ -0,0 +1,48 @@
+/* Screen Resolution Fixes */
+(function() {
+    // Headless Chrome often has suspicious screen resolutions
+    // Common headless: 800x600, 1024x768
+    // We need realistic desktop resolutions
+    
+    // Check current screen dimensions
+    const currentWidth = screen.width;
+    const currentHeight = screen.height;
+    
+    // Common realistic resolutions: 1920x1080, 2560x1440, 1440x900 (MacBook)
+    const realWidth = 1920;
+    const realHeight = 1080;
+    const realAvailWidth = 1920;
+    const realAvailHeight = 1055; // MUST be less than height (taskbar/dock takes ~25-40px)
+    
+    try {
+        Object.defineProperties(screen, {
+            width: {
+                get: () => realWidth,
+                configurable: true
+            },
+            height: {
+                get: () => realHeight,
+                configurable: true
+            },
+            availWidth: {
+                get: () => realAvailWidth,
+                configurable: true
+            },
+            availHeight: {
+                get: () => realAvailHeight,  // CRITICAL: Less than height
+                configurable: true
+            }
+        });
+        
+        // Also update window.screen to return our mocked screen
+        if (globalThis.utils) {
+            const screenGetter = Object.getOwnPropertyDescriptor(window, 'screen')?.get;
+            if (screenGetter) {
+                utils.registerMock(screenGetter, 'function get screen() { [native code] }');
+            }
+        }
+    } catch(e) {
+        // If we can't override (some environments protect screen properties), fail silently
+    }
+})();
+

thespis/js/stack_trace.js

@@ -0,0 +1,41 @@
+/* Stack Trace Spoofing for CDP Detection */
+// Some advanced detections check stack traces of errors thrown by toString methods
+// or other proxied functions. We need to ensure the stack trace looks "clean".
+
+(function() {
+    const ErrorPrototype = Error.prototype;
+    
+    // Backup original getter
+    const originalStackDescriptor = Object.getOwnPropertyDescriptor(ErrorPrototype, 'stack');
+    
+    if (originalStackDescriptor && originalStackDescriptor.get) {
+        const originalStackGetter = originalStackDescriptor.get;
+        
+        Object.defineProperty(ErrorPrototype, 'stack', {
+            get: function() {
+                const stack = originalStackGetter.call(this);
+                if (!stack) return stack;
+                
+                // If it's our own internal code, scrub it?
+                // Actually, standard mocks just need to NOT show "at Proxy.toString" or similar if possible.
+                // But the main detection is creating an Error inside a Proxy trap and inspecting if it originates from V8 internals or JS.
+                
+                // For 'isAutomatedWithCDP' specifically, it relates to the 'Error.stack' property access 
+                // formatted differently when CDP is enabled in some versions, OR identifying the 'Runtime.enable' side effect.
+                
+                // The 'Runtime.enable' side effect is tricky: it changes how objects are formatted in console or stack.
+                // One specific detector checks if `new Error().stack` contains certain frames when `console` is used.
+                
+                // However, the article mentions: "The detection relies on the fact that when CDP is active (specifically Runtime domain),
+                // V8 behaves slightly differently when formatting stack traces for errors caught during console evaluation."
+                
+                // Use a known bypass:
+                // If the stack contains "Puppeteer" or "Playwright", remove it.
+                // But detecting CDP presence itself is lower level.
+                
+                return stack;
+            },
+            configurable: true
+        });
+    }
+})();

thespis/js/user_agent.js

@@ -0,0 +1,85 @@
+
+// Mock navigator.userAgentData
+(() => {
+  const majorVersion = "133";
+  const fullVersion = "133.0.6943.53";
+  
+  const brands = [
+    { brand: "Not(A:Brand", version: "99" },
+    { brand: "Google Chrome", version: majorVersion },
+    { brand: "Chromium", version: majorVersion }
+  ];
+
+  const fullVersionList = [
+    { brand: "Not(A:Brand", version: "99.0.0.0" },
+    { brand: "Google Chrome", version: fullVersion },
+    { brand: "Chromium", version: fullVersion }
+  ];
+
+  const highEntropyValues = {
+      architecture: "x86", // or arm
+      bitness: "64",
+      brands: brands,
+      fullVersionList: fullVersionList,
+      mobile: false,
+      model: "",
+      platform: "macOS",
+      platformVersion: "14.4.1", // Adjust as needed
+      uaFullVersion: fullVersion,
+      wow64: false
+  };
+
+  // 1. Attempt to delete existing property on instance if it exists
+  try {
+      if (Object.prototype.hasOwnProperty.call(navigator, 'userAgentData')) {
+          delete navigator.userAgentData;
+      }
+  } catch(e) {}
+
+  // 2. Define on prototype using correct descriptor
+  try {
+    if (window.utils) {
+        utils.mockGetter(Object.getPrototypeOf(navigator), 'userAgentData', function() {
+            return {
+                get brands() { return brands; },
+                get mobile() { return false; },
+                get platform() { return "macOS"; },
+                toJSON: function() { 
+                    return {
+                        brands: brands,
+                        mobile: false,
+                        platform: "macOS"
+                    };
+                },
+                getHighEntropyValues: function(hints) { 
+                    return Promise.resolve(highEntropyValues);
+                }
+            };
+        });
+    } else {
+        Object.defineProperty(Object.getPrototypeOf(navigator), 'userAgentData', {
+            get: function() {
+              return {
+                get brands() { return brands; },
+                get mobile() { return false; },
+                get platform() { return "macOS"; },
+                toJSON: function() { 
+                    return {
+                        brands: brands,
+                        mobile: false,
+                        platform: "macOS"
+                    };
+                },
+                getHighEntropyValues: function(hints) { 
+                    return Promise.resolve(highEntropyValues);
+                }
+              };
+            },
+            configurable: true,
+            enumerable: true
+        });
+    }
+  } catch(e) {
+      console.error("Failed to spoof userAgentData:", e);
+  }
+})();

thespis/js/utils.js

@@ -0,0 +1,81 @@
+/* Ultra-Stealth Utils for Thespis */
+
+// Instead of hooking Function.prototype.toString globally (which is detectable),
+// we'll manually patch each function's toString property individually
+// This is much harder to detect
+
+const utils = {
+  /**
+   * Replaces a method/property with a value that mimics a native function.
+   * Instead of global hook, we patch individual toString
+   */
+  replaceWithNative: (target, key, value) => {
+    const nativeString = `function ${key}() { [native code] }`;
+    
+    // Patch the individual function's toString
+    Object.defineProperty(value, 'toString', {
+      value: function() { return nativeString; },
+      writable: true,
+      enumerable: false,
+      configurable: true
+    });
+    
+    // Also patch toSource if it exists (Firefox)
+    if (value.toSource) {
+      Object.defineProperty(value, 'toSource', {
+        value: function() { return nativeString; },
+        writable: true,
+        enumerable: false,
+        configurable: true
+      });
+    }
+
+    Object.defineProperty(target, key, {
+      value: value,
+      writable: true,
+      enumerable: false,
+      configurable: true,
+    });
+  },
+  
+  /**
+   * Mocks a getter. Patches its toString individually.
+   */
+  mockGetter: (target, key, getValueFn) => {
+    const nativeString = `function get ${key}() { [native code] }`;
+    
+    Object.defineProperty(getValueFn, 'toString', {
+      value: function() { return nativeString; },
+      writable: true,
+      enumerable: false,
+      configurable: true
+    });
+    
+    Object.defineProperty(target, key, {
+      get: getValueFn,
+      configurable: true,
+      enumerable: true
+    });
+  },
+  
+  /**
+   * Helper to manually register a function
+   */
+  registerMock: (fn, asString) => {
+    Object.defineProperty(fn, 'toString', {
+      value: function() { return asString; },
+      writable: true,
+      enumerable: false,
+      configurable: true
+    });
+  }
+};
+
+// Polyfill window in workers
+if (typeof window === 'undefined') {
+    try {
+        globalThis.window = globalThis;
+    } catch (e) { }
+}
+
+globalThis.utils = utils;

thespis/js/webdriver.js

@@ -0,0 +1,46 @@
+// Advanced Navigator.webdriver evasion
+// Creepjs detects lies by checking Object.getOwnPropertyDescriptor inconsistencies
+
+(function() {
+    const webdriverValue = false;
+    
+    // Delete any existing webdriver property first
+    try {
+        delete Object.getPrototypeOf(navigator).webdriver;
+        delete navigator.webdriver;
+    } catch(e) {}
+    
+    // Define on Navigator.prototype (the "correct" location)
+    try {
+        Object.defineProperty(Object.getPrototypeOf(navigator), 'webdriver', {
+            get: () => webdriverValue,
+            set: () => {}, // Allow setting but ignore
+            configurable: true,
+            enumerable: true
+        });
+    } catch(e) {}
+    
+    // ALSO patch Object.getOwnPropertyDescriptor to hide our modification
+    const originalGOPD = Object.getOwnPropertyDescriptor;
+    Object.getOwnPropertyDescriptor = function(obj, prop) {
+        const result = originalGOPD.apply(this, arguments);
+        
+        // If checking Navigator.prototype.webdriver, make it look completely native
+        if (obj === Object.getPrototypeOf(navigator) && prop === 'webdriver') {
+            // Return a descriptor that looks like it was never modified
+            return {
+                get: () => webdriverValue,
+                set: undefined,
+                configurable: true,
+                enumerable: true
+            };
+        }
+        
+        return result;
+    };
+    
+    // Register GOPD as native
+    if (globalThis.utils) {
+        utils.registerMock(Object.getOwnPropertyDescriptor, 'function getOwnPropertyDescriptor() { [native code] }');
+    }
+})();

thespis/js/webgl.js

@@ -0,0 +1,61 @@
+// WebGL - Only hide SwiftShader, keep real GPU values
+// This prevents fingerprint mismatch while still hiding automation
+const getParameter = WebGLRenderingContext.prototype.getParameter;
+const getParameter2 = WebGL2RenderingContext.prototype.getParameter;
+const getExtension = WebGLRenderingContext.prototype.getExtension;
+const getExtension2 = WebGL2RenderingContext.prototype.getExtension;
+
+const parameterMock = function(parameter) {
+  const result = getParameter.apply(this, arguments);
+  
+  // Only mask SwiftShader - keep all other real values
+  if (parameter === 37445 && result && result.includes('Google')) {
+    // UNMASKED_VENDOR_WEBGL - keep as is
+    return result;
+  }
+  if (parameter === 37446 && result && /SwiftShader/i.test(result)) {
+    // UNMASKED_RENDERER_WEBGL - only hide SwiftShader
+    // Return a generic but believable renderer
+    return result.replace(/SwiftShader/gi, 'Graphics');
+  }
+  
+  return result;
+};
+
+const parameterMock2 = function(parameter) {
+  const result = getParameter2.apply(this, arguments);
+  
+  // Same logic for WebGL2
+  if (parameter === 37445 && result && result.includes('Google')) {
+    return result;
+  }
+  if (parameter === 37446 && result && /SwiftShader/i.test(result)) {
+    return result.replace(/SwiftShader/gi, 'Graphics');
+  }
+  
+  return result;
+};
+
+// Keep extension handling simple
+const extensionMock = function(name) {
+    return getExtension.apply(this, arguments);
+};
+
+const extensionMock2 = function(name) {
+    return getExtension2.apply(this, arguments);
+};
+
+if (window.utils) {
+    utils.replaceWithNative(WebGLRenderingContext.prototype, 'getParameter', parameterMock);
+    utils.replaceWithNative(WebGL2RenderingContext.prototype, 'getParameter', parameterMock2);
+    utils.replaceWithNative(WebGLRenderingContext.prototype, 'getExtension', extensionMock);
+    utils.replaceWithNative(WebGL2RenderingContext.prototype, 'getExtension', extensionMock2);
+} else {
+    WebGLRenderingContext.prototype.getParameter = parameterMock;
+    WebGL2RenderingContext.prototype.getParameter = parameterMock2;
+    WebGLRenderingContext.prototype.getExtension = extensionMock;
+    WebGL2RenderingContext.prototype.getExtension = extensionMock2;
+}
+
+
+

thespis/js/worker.js

@@ -0,0 +1,70 @@
+/* Worker Proxy for Thespis Stealth */
+const originalWorker = globalThis.Worker;
+
+if (originalWorker) {
+    console.log('[Thespis] Worker proxy initialized');
+    
+    const WorkerProxy = function(scriptURL, options) {
+        console.log('[Thespis] Worker constructor called with:', scriptURL, options);
+        
+        try {
+            const bundle = globalThis.__STEALTH_BUNDLE__;
+            if (!bundle) {
+                console.warn('[Thespis] __STEALTH_BUNDLE__ not found');
+                return new originalWorker(scriptURL, options);
+            }
+            
+            console.log('[Thespis] Bundle found, length:', bundle.length);
+            
+            // Handle string URLs (most common case)
+            if (typeof scriptURL === 'string') {
+                let finalURL = scriptURL;
+                
+                // For relative/absolute URLs, make absolute
+                if (!scriptURL.startsWith('blob:') && !scriptURL.startsWith('data:')) {
+                    finalURL = new URL(scriptURL, location.href).href;
+                }
+                
+                console.log('[Thespis] Creating worker with bundle injection');
+                
+                // Create wrapper that injects bundle before loading original script
+                const wrapperCode = `
+                    console.log('[Thespis Worker] Starting stealth injection');
+                    ${bundle}
+                    console.log('[Thespis Worker] Stealth bundle executed');
+                    try {
+                        importScripts("${finalURL}");
+                        console.log('[Thespis Worker] Original script loaded');
+                    } catch(e) {
+                        console.error("[Thespis Worker] importScripts failed:", e);
+                    }
+                `;
+                
+                const blob = new Blob([wrapperCode], { type: 'text/javascript' });
+                const blobURL = URL.createObjectURL(blob);
+                console.log('[Thespis] Created blob URL:', blobURL);
+                return new originalWorker(blobURL, options);
+            }
+        } catch (e) {
+            console.error('[Thespis] Worker proxy error:', e);
+        }
+        
+        // Fallback
+        console.log('[Thespis] Using fallback - original worker');
+        return new originalWorker(scriptURL, options);
+    };
+    
+    // Copy prototype
+    WorkerProxy.prototype = originalWorker.prototype;
+    
+    // Replace Worker constructor
+    if (globalThis.utils) {
+        utils.replaceWithNative(globalThis, 'Worker', WorkerProxy);
+        console.log('[Thespis] Worker masked with utils');
+    } else {
+        globalThis.Worker = WorkerProxy;
+        console.log('[Thespis] Worker replaced (no utils)');
+    }
+}
+
+

thespis/stealth.py

@@ -0,0 +1,93 @@
+import json
+import os
+
+from playwright.async_api import Page as PageAsync
+from playwright.sync_api import Page as PageSync
+
+# Determine the absolute path to the 'js' directory
+SCRIPTS_DIR = os.path.join(os.path.dirname(os.path.abspath(__file__)), "js")
+
+
+def _read_script(name: str) -> str:
+    """Reads a JavaScript file from the 'js' directory."""
+    path = os.path.join(SCRIPTS_DIR, name)
+    try:
+        with open(path, "r", encoding="utf-8") as f:
+            return f.read()
+    except FileNotFoundError:
+        print(f"Warning: Script {name} not found in {SCRIPTS_DIR}")
+        return ""
+
+
+def apply_stealth(page):
+    """
+    Applies stealth JavaScript to the given page.
+    Injects evasion scripts to mask automation signals.
+    Works with both sync and async Page objects.
+
+    IMPORTANT: For best results, launch browser with:
+        browser = p.chromium.launch(
+            args=['--disable-blink-features=AutomationControlled']
+        )
+    This prevents navigator.webdriver from being set without causing "lie" detection.
+
+    The page.add_init_script calls run before page content loads,
+    because add_init_script is not awaitable/is consistent.
+    """
+    # 0. Load all scripts and prepare bundle
+    # Order matters: utils first, then console/devtools detection bypasses
+    # NOTE: webdriver.js is NOT included - we use --disable-blink-features=AutomationControlled instead
+    # NOTE: offscreen_canvas.js is injected SEPARATELY before the bundle for early execution
+    scripts = [
+        "utils.js",
+        "console_cdp.js",
+        "devtools.js",
+        "screen.js",
+        "headless_fixes.js",
+        "chrome_app.js",
+        "permissions.js",
+        "user_agent.js",
+        "webgl.js",
+    ]
+    bundle_parts = []
+
+    for s in scripts:
+        content = _read_script(s)
+        # Don't wrap in try/catch - let errors surface for debugging
+        bundle_parts.append(content)
+
+    full_bundle = "\n".join(bundle_parts)
+
+    # CRITICAL ORDER - Each script must inject at the right time:
+    # 0. FIRST: Patch OffscreenCanvas before ANYTHING else (for workers)
+    page.add_init_script(_read_script("offscreen_canvas.js"))
+
+    # 1. Second: Inject early worker interceptor (before ANY page script can save Worker ref)
+    page.add_init_script(_read_script("early_worker.js"))
+
+    # 2. Define global bundle string for Worker injection
+    bundle_json = json.dumps(full_bundle)
+    page.add_init_script(f"window.__STEALTH_BUNDLE__ = {bundle_json};")
+
+    # 3. Run the bundle in the Main Page
+    page.add_init_script(full_bundle)
+
+    # 4. Viewport adjustment
+    # Don't set viewport to exact screen size - this triggers hasVvpScreenRes
+    # Set to a common browser window size that's LESS than screen
+    # Common: 1366x768, 1440x900, 1536x864 (not fullscreen)
+    try:
+        page.set_viewport_size({"width": 1366, "height": 768})
+    except Exception:
+        # Can fail if context was created with viewport=None (no fixed size)
+        pass
+
+
+def stealth_sync(page: PageSync):
+    """Sync version of stealth"""
+    apply_stealth(page)
+
+
+async def stealth_async(page: PageAsync):
+    """Async version of stealth"""
+    apply_stealth(page)

thespis-0.1.0b1.dist-info/METADATA

@@ -0,0 +1,135 @@
+Metadata-Version: 2.4
+Name: thespis
+Version: 0.1.0b1
+Summary: Anti-detection plugin for Playwright automation
+Project-URL: Homepage, https://github.com/jxlil/thespis
+Author: Jalil SA
+License: MIT
+License-File: LICENSE
+Keywords: automation,bot-detection,playwright,stealth,web-scraping
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Topic :: Software Development :: Testing
+Requires-Python: >=3.8
+Requires-Dist: playwright>=1.30.0
+Provides-Extra: dev
+Requires-Dist: black>=23.0.0; extra == 'dev'
+Requires-Dist: isort>=5.12.0; extra == 'dev'
+Requires-Dist: pre-commit>=3.0.0; extra == 'dev'
+Requires-Dist: pytest>=7.0.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# Thespis
+
+<p align="center">
+  <img src="assets/thespis.png" width="150" height="150" alt="Thespis" />
+</p>
+
+<p align="center">
+  <img src="https://img.shields.io/badge/status-beta-orange" alt="Beta">
+  <img src="https://img.shields.io/badge/python-3.8+-blue" alt="Python">
+  <img src="https://img.shields.io/badge/license-MIT-green" alt="License">
+</p>
+
+<p align="center">
+  <strong>Make Playwright automation undetectable</strong>
+</p>
+
+> **Note:** This project is currently in beta. Features are stable but may change based on feedback.
+
+## Why Use Thespis?
+
+Websites detect Playwright because of `navigator.webdriver` and other automation signals.
+
+**Results:** Tested against [CreepJS](https://abrahamjuliot.github.io/creepjs/):
+
+| Metric                  | Real Browser | With Thespis | Without Thespis |
+| ----------------------- | ------------ | ------------ | --------------- |
+| **Like Headless**       | 25%          | **31%**      | 44%             |
+| **Headless Detection**  | 0%           | **0%**       | 33%             |
+
+## Quick Start
+
+### Basic Example (Sync)
+
+```python
+from playwright.sync_api import sync_playwright
+from thespis import stealth_sync
+
+with sync_playwright() as p:
+    # Launch browser with special flag (REQUIRED!)
+    browser = p.chromium.launch(
+        headless=False,
+        args=['--disable-blink-features=AutomationControlled']
+    )
+
+    # Create page and apply stealth
+    page = browser.new_page()
+    stealth_sync(page)
+
+    page.goto("https://bot.sannysoft.com")
+    page.screenshot(path="test.png")
+
+    browser.close()
+```
+
+## Important: Required Flag
+
+**This flag is CRITICAL:**
+
+```python
+args=['--disable-blink-features=AutomationControlled']
+```
+
+Without it, `navigator.webdriver` stays `true` and detection fails.
+
+## Docker (Production)
+
+For servers without displays, use Docker with Xvfb:
+
+```bash
+# Build image
+docker-compose build
+
+# Run test script
+docker-compose run --rm thespis
+
+# Run your own script
+docker-compose run --rm thespis python your_script.py
+```
+
+**Why Docker?**
+
+- Runs `headless=False` on servers (31% detection score)
+- No visible windows (uses virtual display)
+
+### Recommended Full Configuration
+
+```python
+# Launch browser
+browser = p.chromium.launch(
+    headless=False,
+    args=[
+        '--disable-blink-features=AutomationControlled',
+        '--disable-dev-shm-usage',
+        '--no-sandbox',
+    ]
+)
+
+# Create realistic context
+context = browser.new_context(
+    viewport={'width': 1366, 'height': 768},
+    user_agent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36',
+    locale='en-US',
+    timezone_id='America/New_York',
+)
+
+page = context.new_page()
+stealth_sync(page)
+```

thespis-0.1.0b1.dist-info/RECORD

@@ -0,0 +1,20 @@
+thespis/__init__.py,sha256=h3X2XaFtUVI3caKvqt1_1ssvWXa_VptsAlfw-7Jgjsk,121
+thespis/stealth.py,sha256=CTxyLktJR527I2Q7iqXVjQT6luSSRw0ciFYT-Huep_M,3184
+thespis/js/chrome_app.js,sha256=tfhgVrcQivcO2gok2fuILitGtDAQIeAtojIWwLNRXSE,2238
+thespis/js/console_cdp.js,sha256=WxlkqtfDXj5g6EiqRpq6S3y9yoFfLCWCTqRd4N7GjeQ,1794
+thespis/js/devtools.js,sha256=fx-sucvym5w8Vc1EhIqnEi2tcNWCgWzL8-MlT4zxOvk,5461
+thespis/js/early_worker.js,sha256=6rxzDk9LKZSWhTLUHt3SepWvfOTTwYj8lyqwBai6mbI,2136
+thespis/js/headless_fixes.js,sha256=ePY4GS-iLCLfOMjXnzZ3cbpL2lcjk35PbcOU4OpPuf8,4189
+thespis/js/offscreen_canvas.js,sha256=GWEwE9IUkpyIyb-UDP7bDJpnI17zc0mpZVbLz-pwZkw,2802
+thespis/js/permissions.js,sha256=OcD7lFf9r64OA82aR-Ea3HJxCnv4Sn0Qpm8apYIew7o,388
+thespis/js/screen.js,sha256=gRTKxVlXNNjT-CutnuFS1_uYtB-4kVAkJDsf4oucw2M,1609
+thespis/js/stack_trace.js,sha256=qT_1Ev_TDdwTIrUg36YJN44PAkQUslX2hZ4Mv1QpFWE,2174
+thespis/js/user_agent.js,sha256=z3WRPrjNsMUWI4M0eEjfIkc0yQn-jU2U5yXuEhd1oY4,2621
+thespis/js/utils.js,sha256=CDbd1M2xnwoT2dWXEX-ZGRZJyOvKT6tnBzjwLzU4eww,2094
+thespis/js/webdriver.js,sha256=_IfV3rwiU52EqOfOL-c0h77UOeQPEI-nactIlJSY0z4,1622
+thespis/js/webgl.js,sha256=uZrekNLDjFGHGuvkoTPtHr80b5IkVcrO_mByYTJdRUk,2214
+thespis/js/worker.js,sha256=bBO_ngypV3g-EjxS3os99XPNtJ-huySIaKubvCbhuW0,2760
+thespis-0.1.0b1.dist-info/METADATA,sha256=-S9lb2-OKcKfsqLYZUiBgMlWNksFPA29VGmeB16V8pg,3718
+thespis-0.1.0b1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+thespis-0.1.0b1.dist-info/licenses/LICENSE,sha256=5QSnFBbFXKIjgTqB0lViq1b5merR6WkbJRrRhqGdIjc,1065
+thespis-0.1.0b1.dist-info/RECORD,,

thespis-0.1.0b1.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.28.0
+Root-Is-Purelib: true
+Tag: py3-none-any

thespis-0.1.0b1.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Jalil SA
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.