steve/go-extractor
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Randomize static fingerprint values across browser sessions #71

New Issue
Closed
opened 2026-02-24 01:13:42 +00:00 by Claude · 2 comments
Claude commented 2026-02-24 01:13:42 +00:00
Collaborator
Copy Link

Parent Epic: #68

Problem

Every browser session created by go-extractor has identical fingerprint values hardcoded in the stealth init scripts:

  • WebGL renderer: always Intel Inc. / Intel Iris OpenGL Engine
  • Plugin list: always the same 3 Chrome plugins with identical descriptions and MIME types
  • Connection info: always { effectiveType: '4g', rtt: 50, downlink: 10, saveData: false }
  • Canvas noise: identical noise pattern every session

Anti-bot systems that fingerprint across sessions can trivially identify go-extractor instances because every session looks identical. Real browsers show natural variation in hardware, plugins, and network conditions.

Proposed Solution

  1. Create a hardware profile pool (5-10 realistic profiles):

    type HardwareProfile struct {
    WebGLVendor    string
    WebGLRenderer  string
    Platform       string
    HWConcurrency  int
    DeviceMemory   int
    ConnectionRTT  int
    ConnectionDown float64
}

var profiles = []HardwareProfile{
    {"Intel Inc.", "Intel Iris OpenGL Engine", "Win32", 8, 8, 50, 10.0},
    {"Google Inc. (NVIDIA)", "ANGLE (NVIDIA GeForce GTX 1660 ...)", "Win32", 12, 16, 25, 50.0},
    {"Google Inc. (AMD)", "ANGLE (AMD Radeon RX 580 ...)", "Win32", 8, 16, 75, 8.0},
    // ... more profiles
}

  2. Randomly select a profile per session and inject its values into the stealth scripts

  3. Replace static script slices with a dynamic builder:

    func buildStealthScripts(profile HardwareProfile, browser BrowserType) []string {
    // Generate scripts with profile-specific values
}

  4. Add slight randomization within profiles for connection stats (RTT ±20ms, downlink ±2Mbps) to avoid even profile-level fingerprinting

Files to Modify

  • stealth.go — hardware profiles, dynamic script builder
  • browser_init.go — select random profile at session creation
  • stealth_test.go — test profile selection and script generation

References

  • #68 — parent epic
**Parent Epic:** #68 ## Problem Every browser session created by go-extractor has identical fingerprint values hardcoded in the stealth init scripts: - **WebGL renderer:** always `Intel Inc.` / `Intel Iris OpenGL Engine` - **Plugin list:** always the same 3 Chrome plugins with identical descriptions and MIME types - **Connection info:** always `{ effectiveType: '4g', rtt: 50, downlink: 10, saveData: false }` - **Canvas noise:** identical noise pattern every session Anti-bot systems that fingerprint across sessions can trivially identify go-extractor instances because every session looks identical. Real browsers show natural variation in hardware, plugins, and network conditions. ## Proposed Solution 1. **Create a hardware profile pool** (5-10 realistic profiles): ```go type HardwareProfile struct { WebGLVendor string WebGLRenderer string Platform string HWConcurrency int DeviceMemory int ConnectionRTT int ConnectionDown float64 } var profiles = []HardwareProfile{ {"Intel Inc.", "Intel Iris OpenGL Engine", "Win32", 8, 8, 50, 10.0}, {"Google Inc. (NVIDIA)", "ANGLE (NVIDIA GeForce GTX 1660 ...)", "Win32", 12, 16, 25, 50.0}, {"Google Inc. (AMD)", "ANGLE (AMD Radeon RX 580 ...)", "Win32", 8, 16, 75, 8.0}, // ... more profiles } ``` 2. **Randomly select a profile per session** and inject its values into the stealth scripts 3. **Replace static script slices with a dynamic builder:** ```go func buildStealthScripts(profile HardwareProfile, browser BrowserType) []string { // Generate scripts with profile-specific values } ``` 4. **Add slight randomization within profiles** for connection stats (RTT ±20ms, downlink ±2Mbps) to avoid even profile-level fingerprinting ## Files to Modify - `stealth.go` — hardware profiles, dynamic script builder - `browser_init.go` — select random profile at session creation - `stealth_test.go` — test profile selection and script generation ## References - #68 — parent epic
Claude added the enhancementpriority/mediumtype/task labels 2026-02-24 01:13:50 +00:00
Claude commented 2026-02-24 01:35:19 +00:00
Author
Collaborator
Copy Link

Starting work on this issue. Plan:

  1. Replace static stealthChromiumScripts and stealthFirefoxScripts vars with builder functions that accept a hardware profile struct
  2. Add pools of 6 realistic profiles per engine, randomly sampled per session
  3. Add connection jitter (±20ms RTT, ±2 Mbps downlink) for Chromium profiles
  4. Update browser_init.go to call builders instead of referencing static slices
  5. Update tests to use builder functions

Branch: feature/71-randomize-fingerprints

Starting work on this issue. Plan: 1. Replace static `stealthChromiumScripts` and `stealthFirefoxScripts` vars with builder functions that accept a hardware profile struct 2. Add pools of 6 realistic profiles per engine, randomly sampled per session 3. Add connection jitter (±20ms RTT, ±2 Mbps downlink) for Chromium profiles 4. Update `browser_init.go` to call builders instead of referencing static slices 5. Update tests to use builder functions Branch: `feature/71-randomize-fingerprints`
Claude commented 2026-02-24 01:38:37 +00:00
Author
Collaborator
Copy Link

Work finished. PR #74 implements fingerprint randomization:

  • Replaced static stealthChromiumScripts/stealthFirefoxScripts with builder functions accepting hardware profile structs
  • 6 realistic profiles per engine (Chromium ANGLE strings, Firefox Mesa/native driver strings), randomly sampled per session
  • Chromium connection stats get per-session jitter (±20ms RTT, ±2 Mbps downlink)
  • 7 new tests covering profile pools, value templating, connection jitter, and single-quote guards
  • All existing tests adapted and passing

#74

Work finished. PR #74 implements fingerprint randomization: - Replaced static `stealthChromiumScripts`/`stealthFirefoxScripts` with builder functions accepting hardware profile structs - 6 realistic profiles per engine (Chromium ANGLE strings, Firefox Mesa/native driver strings), randomly sampled per session - Chromium connection stats get per-session jitter (±20ms RTT, ±2 Mbps downlink) - 7 new tests covering profile pools, value templating, connection jitter, and single-quote guards - All existing tests adapted and passing https://gitea.stevedudenhoeffer.com/steve/go-extractor/pulls/74
steve closed this issue 2026-02-24 01:39:28 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working correctly
 claude
Trigger — Steve has marked this issue for Claude to work on.
 claude:blocked
Blocked — Waiting on a dependency (another issue/repo).
 claude:review
In Review — PR created, awaiting human review/merge.
 claude:running
Active — A Claude instance is currently working on this.
 documentation
Documentation improvements or additions
 enhancement
New feature or improvement to existing functionality
 performance
Performance optimization or resource usage improvement
 priority/critical
Showstopper — security vulnerability, data loss, or crash in production
 priority/high
Important — significant bug or high-value improvement
 priority/low
Nice to have — minor improvement or cleanup
 priority/medium
Normal — standard improvement or non-critical bug
 security
Security-related issue or vulnerability
 testing
Test coverage, test infrastructure, or test improvements
 type/epic
Parent issue grouping related stories/tasks
 type/refactor
Code restructuring without behavior change
 type/task
Concrete implementation work item
No Label enhancement priority/medium type/task
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Claude fizi steve
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: steve/go-extractor#71
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?