526互联

selenium所有检测点和绕过方式[运行命令后被检测/打开就被检测/环境检测]

发布时间 2023-10-12 11:52:03作者: mingruqi
网上说的基本不全,最近有个新加密(F5shape)是控制流加密,解起来比较繁琐,就直接用selenium了,我看到有环境监测,但是没想到有检测selenium…一开始用nodejs写的,但是用nodejs写面向过程的代码真的很难受,又改为python了 JSVMP js加密

打开这个网站就能看到部分检测点 https://bot.sannysoft.com

基本配置

  1. UA
  2. 手机版本的话要设置通用手机型号
  3. 根据这个网页好好配置下https://peter.sh/experiments/chromium-command-line-switches/#enable-print-preview-register-promos
options = webdriver.ChromeOptions()
# 配置
# options.add_argument('--headless')  
# options.add_argument('--disable-gpu')  
# options.add_argument('--blink-settings=imagesEnabled=false');#无图模式

options.add_argument("--disable-blink-features")
options.add_argument("--disable-blink-features=AutomationControlled")
options.add_argument('--incognito')#无痕模式
options.add_argument("--disable-extensions")
options.add_argument("--disable-infobars")
options.add_argument("--no-default-browser-check")
options.add_experimental_option("excludeSwitches", ["enable-automation"])
options.add_experimental_option("useAutomationExtension", False)
mobileEmulation = {'deviceName': 'iPhone X'}#模拟手机
options.add_experimental_option('mobileEmulation', mobileEmulation)

网上入门就有讲的那堆全局变量
windows.navigator.webdriver 需要改为false
navigator.plugins 插件数量不应该为0
navigator.languages 为英文(但是国外本来就应该是英文)

这些都是小打小闹,弄个提前hook就过去了

driver = webdriver.Chrome(executable_path=path+'/chromedriver.exe',chrome_options=options)

driver.execute_cdp_cmd("Page.addScriptToEvaluateOnNewDocument", {
  "source": '''
  Object.defineProperties(navigator,{ webdriver:{ get: () => false } }) }
window.navigator.chrome = { runtime: {},  }; }
Object.defineProperty(navigator, 'languages', { get: () => ['en-US', 'en'] }); }
Object.defineProperty(navigator, 'plugins', { get: () => [1, 2, 3, 4, 5,6], }); }
  '''
})

后来有了新方法,直接导出浏览器的状态生成js

这个跟第二个是一样的,但是比第二个全

with open(path+'/stealth.min.js') as f:
    js = f.read()

driver.execute_cdp_cmd("Page.addScriptToEvaluateOnNewDocument", {
  "source": js 
})

stealth.min.js文件获取方法
安装nodejs后运行以下命令,自动生成在根目录

  npx extract-stealth-evasions

这时候已经能绕过大部分检测了,包括本文开头那个检测网站

命令通讯检测
这个调了好久,发现只要webdriver跟selenium有通讯,js就检测到了
后来看了webdriver的文档:https://www.w3.org/TR/webdriver
发现她们通讯是通过http的,猜测是在全局变量有缓存

然而浏览器的全局变量就:windows

selenium其实还能当油猴用

with open(path+'/stealth.min.js') as f:
    js = f.read()

driver.execute_cdp_cmd("Page.addScriptToEvaluateOnNewDocument", {
  "source": '''
  function objKeySort(obj) {
    let newkey = Object.keys(obj).sort();
    let resStr = '';
    for (let i = 0; i < newkey.length; i++) {
            let str = obj[newkey[i]];
            console.log(i,newkey[i],str);
            resStr += str;
    }
}
  '''
})

这时候console已经有objKeySort这个方法了
用objKeySort(windows)看一下命令运行前和命令运行后的区别

找到了document这里变了
用Object.keys(window.document)可以看到,命令运行之后多了个$cdc_xxxxxx的key

后来搜了下 在https://stackoverflow.com/questions/33225947/can-a-website-detect-when-you-are-using-selenium-with-chromedriver

可以看到,直接用命令改驱动里面的字符串就行了
perl -pi -e ‘s/cdc_/dcd_/g’ chromedriver.exe

 

听别人说tb的监测cdc直接在js搜就能搜到,但是我这个是jsvmp,不能搜,只能慢慢调才找出来~
在上面偷了个检测脚本

runBotDetection = function () {
    var documentDetectionKeys = [
        "__webdriver_evaluate",
        "__selenium_evaluate",
        "__webdriver_script_function",
        "__webdriver_script_func",
        "__webdriver_script_fn",
        "__fxdriver_evaluate",
        "__driver_unwrapped",
        "__webdriver_unwrapped",
        "__driver_evaluate",
        "__selenium_unwrapped",
        "__fxdriver_unwrapped",
    ];

    var windowDetectionKeys = [
        "_phantom",
        "__nightmare",
        "_selenium",
        "callPhantom",
        "callSelenium",
        "_Selenium_IDE_Recorder",
    ];

    for (const windowDetectionKey in windowDetectionKeys) {
        const windowDetectionKeyValue = windowDetectionKeys[windowDetectionKey];
        if (window[windowDetectionKeyValue]) {
            return true;
        }
    };
    for (const documentDetectionKey in documentDetectionKeys) {
        const documentDetectionKeyValue = documentDetectionKeys[documentDetectionKey];
        if (window['document'][documentDetectionKeyValue]) {
            return true;
        }
    };

    for (const documentKey in window['document']) {
        if (documentKey.match(/\$[a-z]dc_/) && window['document'][documentKey]['cache_']) {
            return true;
        }
    }

    if (window['external'] && window['external'].toString() && (window['external'].toString()['indexOf']('Sequentum') != -1)) return true;

    if (window['document']['documentElement']['getAttribute']('selenium')) return true;
    if (window['document']['documentElement']['getAttribute']('webdriver')) return true;
    if (window['document']['documentElement']['getAttribute']('driver')) return true;

    return false;
};

换个bypass驱动

https://github.com/ultrafunkamsterdam/undetected-chromedriver
挺多人在用的,但是还是要改cdc_

 

 

————————————————
版权声明:本文为CSDN博主「[meng」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/weixin_42453905/article/details/122086184