Add Firefox-specific stealth and split browser-conditional init scripts #69
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Parent Epic: #68
Problem
All 12 stealth init scripts in
stealth.gowere written for Chromium but are injected unconditionally into every browser engine, including Firefox. On Firefox:window.chromeproperty injection is meaningless (Firefox doesn't have it natively)HeadlessChromeUA stripping targets a string Firefox never containsnavigator.webdriveroverride works but the approach differs between enginesnavigator.languagesinconsistencies, missingmozInnerScreenX,document.fontsenumeration differences) are completely unaddressedThis means Firefox sessions are more fingerprintable than no stealth at all — the Chromium-specific spoofing makes the browser look like it's trying to fake being Chrome while running Firefox.
Proposed Solution
Categorize existing scripts into three groups:
navigator.webdriver, permissions API)window.chrome, Chrome plugins,HeadlessChromeUA fixGate injection by browser engine:
Add Firefox-specific stealth scripts:
navigator.languages(match Accept-Language header)navigator.hardwareConcurrency(Firefox headless sometimes reports 2)navigator.platformvaluesdocument.fonts.check()to return typical font availabilitymozInnerScreenX/mozInnerScreenYto non-zero valuesFiles to Modify
stealth.go— split script slices, add Firefox scriptsbrowser_init.go— conditional injection based onopt.Browserstealth_test.go— tests for each script categoryReferences
Starting implementation. Plan:
Script categorization:
navigator.webdriveroverride,outerWidth/outerHeightfix,navigator.permissions.queryoverride,Notificationconstructor stubnavigator.plugins(Chrome PDFs),navigator.mimeTypes,window.chromestub,chrome.app/csi/loadTimes, WebGL spoof (ANGLE strings),navigator.connection, CDP cleanup (cdc_*),HeadlessChromeUA stripnavigator.webdriverhardening (getOwnPropertyDescriptor), WebGL spoof (Mesa/Intel strings),mozInnerScreenX/Yspoof,navigator.hardwareConcurrencynormalization, Firefox PDF.js plugin listFiles to modify:
stealth.go,browser_init.go,stealth_test.goBranch:
fix/69-firefox-stealth-scriptsImplementation complete. PR: #72
What was done:
stealthInitScriptsintostealthCommonScripts(4),stealthChromiumScripts(8), andstealthFirefoxScripts(5 new)browser_init.gonow selects common + engine-specific scripts viaswitch opt.BrowsergetOwnPropertyDescriptorhardening, Mesa/Intel WebGL spoof,mozInnerScreenX/Yfix,hardwareConcurrencynormalization, PDF.js plugin list