steve/go-extractor
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: split stealth scripts by browser engine, add Firefox stealth #72

Merged
steve merged 1 commits from fix/69-firefox-stealth-scripts into main 2026-02-24 01:23:25 +00:00
Conversation 0 Commits 1 Files Changed 3 +378 -100
Claude commented 2026-02-24 01:20:53 +00:00
Collaborator
Copy Link

Summary

  • Split stealthInitScripts into three engine-aware categories: stealthCommonScripts (4), stealthChromiumScripts (8), and stealthFirefoxScripts (5 new)
  • browser_init.go now selects common + engine-specific scripts based on opt.Browser, so Chromium-only scripts (window.chrome, ANGLE WebGL, CDP cleanup, HeadlessChrome UA strip) no longer get injected into Firefox
  • Added 5 new Firefox-specific stealth scripts: webdriver getOwnPropertyDescriptor hardening, Mesa/Intel WebGL spoof, mozInnerScreenX/Y fix, hardwareConcurrency normalization, PDF.js plugin list
  • Tests updated with per-category count checks, content checks, no-overlap validation, and cross-contamination guards

Closes #69
Relates to #68

Test plan

  • go build ./... succeeds
  • go test ./... all pass
  • go vet ./... clean
  • Manual review: no Chromium markers in common/Firefox scripts, no Firefox markers in common/Chromium scripts (automated by cross-contamination tests)

🤖 Generated with Claude Code

## Summary - Split `stealthInitScripts` into three engine-aware categories: `stealthCommonScripts` (4), `stealthChromiumScripts` (8), and `stealthFirefoxScripts` (5 new) - `browser_init.go` now selects common + engine-specific scripts based on `opt.Browser`, so Chromium-only scripts (window.chrome, ANGLE WebGL, CDP cleanup, HeadlessChrome UA strip) no longer get injected into Firefox - Added 5 new Firefox-specific stealth scripts: webdriver `getOwnPropertyDescriptor` hardening, Mesa/Intel WebGL spoof, `mozInnerScreenX/Y` fix, `hardwareConcurrency` normalization, PDF.js plugin list - Tests updated with per-category count checks, content checks, no-overlap validation, and cross-contamination guards Closes #69 Relates to #68 ## Test plan - [x] `go build ./...` succeeds - [x] `go test ./...` all pass - [x] `go vet ./...` clean - [ ] Manual review: no Chromium markers in common/Firefox scripts, no Firefox markers in common/Chromium scripts (automated by cross-contamination tests) 🤖 Generated with [Claude Code](https://claude.com/claude-code)
Claude added 1 commit 2026-02-24 01:20:53 +00:00
fix: split stealth init scripts by browser engine and add Firefox stealth
All checks were successful
CI / vet (pull_request) Successful in 1m59s
Details
CI / build (pull_request) Successful in 2m1s
Details
CI / test (pull_request) Successful in 2m1s
Details
34161209de 
The stealth system previously injected all 12 init scripts unconditionally
into every browser engine. Chromium-specific scripts (window.chrome stubs,
ANGLE WebGL strings, CDP cleanup, HeadlessChrome UA strip) were no-ops or
actively suspicious on Firefox, while Firefox-specific headless vectors
were unaddressed.

Split stealthInitScripts into three categories:
- stealthCommonScripts (4): webdriver, outerWidth/Height, permissions, Notification
- stealthChromiumScripts (8): existing Chromium-specific scripts
- stealthFirefoxScripts (5): new Firefox-specific stealth:
  - navigator.webdriver getOwnPropertyDescriptor hardening
  - WebGL renderer spoof with Mesa/Intel strings
  - mozInnerScreenX/Y non-zero spoof
  - navigator.hardwareConcurrency normalization
  - PDF.js plugin list override

browser_init.go now selects common + engine-specific scripts based on
opt.Browser. Tests updated with per-category validation and cross-
contamination checks.

Closes #69

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
steve merged commit ff1d6c491a into main 2026-02-24 01:23:25 +00:00
steve deleted branch fix/69-firefox-stealth-scripts 2026-02-24 01:23:25 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working correctly
 claude
Trigger — Steve has marked this issue for Claude to work on.
 claude:blocked
Blocked — Waiting on a dependency (another issue/repo).
 claude:review
In Review — PR created, awaiting human review/merge.
 claude:running
Active — A Claude instance is currently working on this.
 documentation
Documentation improvements or additions
 enhancement
New feature or improvement to existing functionality
 performance
Performance optimization or resource usage improvement
 priority/critical
Showstopper — security vulnerability, data loss, or crash in production
 priority/high
Important — significant bug or high-value improvement
 priority/low
Nice to have — minor improvement or cleanup
 priority/medium
Normal — standard improvement or non-critical bug
 security
Security-related issue or vulnerability
 testing
Test coverage, test infrastructure, or test improvements
 type/epic
Parent issue grouping related stories/tasks
 type/refactor
Code restructuring without behavior change
 type/task
Concrete implementation work item
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
Claude fizi steve
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: steve/go-extractor#72
Delete Branch "fix/69-firefox-stealth-scripts"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?