CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-18 15:50:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs(browse): correct stale stealth comments

Browse Source 
The file-level stealth.ts docstring claimed "we DON'T fake navigator.plugins"
while the same file now ships EXTENDED_STEALTH_SCRIPT, which does fake plugins
when GSTACK_STEALTH=extended. Clarify that Layer C (the always-on default)
doesn't fake plugins and the opt-in extended mode does, as the documented
"actively lies, may break sites" escape hatch.

Also fix the launch()/launchHeaded() comments that said "mask navigator.webdriver
only" — applyStealth (Layer C) also restores window.chrome.*, aligns
Notification.permission, and sets per-install hardware.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-06-18 00:58:50 -07:00
parent 248ca588fa
commit 588379fda3
2 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
browse/src/browser-manager.ts
+5 -4
View File
@@ -407,10 +407,11 @@ export class BrowserManager {
await this.context.setExtraHTTPHeaders(this.extraHeaders);
}
// D7: mask navigator.webdriver only. The other 3 wintermute patches
// (plugins, languages, chrome.runtime) are intentionally NOT applied —
// faking them to fixed values can flag more bot-like to modern
// fingerprinters, not less.
// Apply Layer C stealth (applyStealth): masks navigator.webdriver,
// restores window.chrome.* shape, aligns Notification.permission, sets
// per-install hardware, and strips automation globals + the Permissions
// notifications tell. We still do NOT fake navigator.plugins/languages —
// faking those to fixed values flags more bot-like, not less (D7).
const { applyStealth } = await import('./stealth');
await applyStealth(this.context);
browse/src/stealth.ts
+6 -2
View File
@@ -1,11 +1,15 @@
/**
* Stealth init script — Layer C of GBrowser's anti-detection plan.
*
* D7 (codex correction, kept): we DON'T fake navigator.plugins or
* D7 (codex correction, kept): Layer C (the always-on default built by
* buildStealthScript) does NOT fake navigator.plugins or
* navigator.languages — modern fingerprinters cross-check those against
* userAgent / platform / OS, and synthesizing fixed values flags MORE
* bot-like, not less. Plugins and languages surface their native
* Chromium values.
* Chromium values. The opt-in EXTENDED_STEALTH_SCRIPT below (gated on
* GSTACK_STEALTH=extended, off by default) DOES fake plugins — that mode
* is the documented "actively lies, may break sites" escape hatch, not
* the default posture.
*
* What this script DOES do (the new additions for Phase 1):
* 1. Mask navigator.webdriver (the canonical headless tell).