fix: split stealth scripts by browser engine, add Firefox stealth #72

Merged
steve merged 1 commits from fix/69-firefox-stealth-scripts into main 2026-02-24 01:23:25 +00:00
Collaborator

Summary

  • Split stealthInitScripts into three engine-aware categories: stealthCommonScripts (4), stealthChromiumScripts (8), and stealthFirefoxScripts (5 new)
  • browser_init.go now selects common + engine-specific scripts based on opt.Browser, so Chromium-only scripts (window.chrome, ANGLE WebGL, CDP cleanup, HeadlessChrome UA strip) no longer get injected into Firefox
  • Added 5 new Firefox-specific stealth scripts: webdriver getOwnPropertyDescriptor hardening, Mesa/Intel WebGL spoof, mozInnerScreenX/Y fix, hardwareConcurrency normalization, PDF.js plugin list
  • Tests updated with per-category count checks, content checks, no-overlap validation, and cross-contamination guards

Closes #69
Relates to #68

Test plan

  • go build ./... succeeds
  • go test ./... all pass
  • go vet ./... clean
  • Manual review: no Chromium markers in common/Firefox scripts, no Firefox markers in common/Chromium scripts (automated by cross-contamination tests)

🤖 Generated with Claude Code

## Summary - Split `stealthInitScripts` into three engine-aware categories: `stealthCommonScripts` (4), `stealthChromiumScripts` (8), and `stealthFirefoxScripts` (5 new) - `browser_init.go` now selects common + engine-specific scripts based on `opt.Browser`, so Chromium-only scripts (window.chrome, ANGLE WebGL, CDP cleanup, HeadlessChrome UA strip) no longer get injected into Firefox - Added 5 new Firefox-specific stealth scripts: webdriver `getOwnPropertyDescriptor` hardening, Mesa/Intel WebGL spoof, `mozInnerScreenX/Y` fix, `hardwareConcurrency` normalization, PDF.js plugin list - Tests updated with per-category count checks, content checks, no-overlap validation, and cross-contamination guards Closes #69 Relates to #68 ## Test plan - [x] `go build ./...` succeeds - [x] `go test ./...` all pass - [x] `go vet ./...` clean - [ ] Manual review: no Chromium markers in common/Firefox scripts, no Firefox markers in common/Chromium scripts (automated by cross-contamination tests) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Claude added 1 commit 2026-02-24 01:20:53 +00:00
fix: split stealth init scripts by browser engine and add Firefox stealth
All checks were successful
CI / vet (pull_request) Successful in 1m59s
CI / build (pull_request) Successful in 2m1s
CI / test (pull_request) Successful in 2m1s
34161209de
The stealth system previously injected all 12 init scripts unconditionally
into every browser engine. Chromium-specific scripts (window.chrome stubs,
ANGLE WebGL strings, CDP cleanup, HeadlessChrome UA strip) were no-ops or
actively suspicious on Firefox, while Firefox-specific headless vectors
were unaddressed.

Split stealthInitScripts into three categories:
- stealthCommonScripts (4): webdriver, outerWidth/Height, permissions, Notification
- stealthChromiumScripts (8): existing Chromium-specific scripts
- stealthFirefoxScripts (5): new Firefox-specific stealth:
  - navigator.webdriver getOwnPropertyDescriptor hardening
  - WebGL renderer spoof with Mesa/Intel strings
  - mozInnerScreenX/Y non-zero spoof
  - navigator.hardwareConcurrency normalization
  - PDF.js plugin list override

browser_init.go now selects common + engine-specific scripts based on
opt.Browser. Tests updated with per-category validation and cross-
contamination checks.

Closes #69

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
steve merged commit ff1d6c491a into main 2026-02-24 01:23:25 +00:00
steve deleted branch fix/69-firefox-stealth-scripts 2026-02-24 01:23:25 +00:00
Sign in to join this conversation.