Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Browser Automation Studio is undetected #212

Open
LessThanGreaterThan opened this issue Feb 27, 2023 · 18 comments
Open

Browser Automation Studio is undetected #212

LessThanGreaterThan opened this issue Feb 27, 2023 · 18 comments
Assignees
@abrahamjuliot

Comments

@LessThanGreaterThan
Copy link

Hey, it seems like BAS ( https://bablosoft.com/shop/BrowserAutomationStudio ) is currently undetected,
from the looks of it they use a custom compiled chrome version.
@abrahamjuliot abrahamjuliot self-assigned this Feb 27, 2023
@abrahamjuliot
Copy link
Owner

It appears that the fingerprint feature is a paid service. There is a lot of cool stealthy software out there.

We mostly give attention to FOSS-privacy tools. I will take a look, but will probably not make modifications to show it can be detected.

@LessThanGreaterThan
Copy link
Author

It appears that the fingerprint feature is a paid service. There is a lot of cool stealthy software out there.

We mostly give attention to FOSS-privacy tools. I will take a look, but will probably not make modifications to show it can be detected.

Hey abraham, even the free version passes it.

@abrahamjuliot
Copy link
Owner

abrahamjuliot commented Mar 1, 2023
edited
Loading

Nice. I will definitely check it out.

In the future, I may introduce some concepts showing that fingerprint and score are of little value compared to server-side fingerprints.

Everything that does not blend-in with normal traffic on the site can be detected. For example, you could generate 200 – 1000 requests in 24 hours, and usually, it can be traced. If you would like to try this out for fun, I can try to tag and name your browser in the analysis section. Make sure to generate many requests.

@LessThanGreaterThan
Copy link
Author

Nice. I will definitely check it out.

In the future, I may introduce some concepts showing that fingerprint and score are of little value compared to server-side fingerprints.

Everything that does not blend-in with normal traffic on the site can be detected. For example, you could generate 200 – 1000 requests in 24 hours, and usually, it can be traced. If you would like to try this out for fun, I can try to tag and name your browser in the analysis section. Make sure to generate many requests.

should every regist be signed or just the first ?

@LessThanGreaterThan LessThanGreaterThan changed the title Browser Automation Framework is undetected Browser Automation Studio is undetected Mar 1, 2023
@LessThanGreaterThan
Copy link
Author

No need to sign, and randomizing fingerprints is optional, but not needed.

around 400 executions have been done.

@abrahamjuliot
Copy link
Owner

Okay, try now. In the analysis section, you see “bad” for the hidden fingerprint, but let me know if I missed the target. If you open a different or clean browser, it should go away.

@abrahamjuliot
Copy link
Owner

I'm just looking at last 2 hrs today, but can pick a different date.

@LessThanGreaterThan
Copy link
Author

Okay, try now. In the analysis section, you see “bad” for the hidden fingerprint, but let me know if I missed the target. If you open a different or clean browser, it should go away.

image

Looks good now, also seems to be flagged with a changed fingerprint.

@LessThanGreaterThan
Copy link
Author

also noticed that console.log() is not possible inside the custom chrome, it will only print "undefined"
image

@LessThanGreaterThan
Copy link
Author

Could probably hook console.log and check the console outputs. Depending on how BAS has tampered with the function you might be able to detect it with the given types.

(function () {
    const _console = console.log.bind(console);
    let log_history = [];
    console.log = function () {
        log_history.push(arguments);
        _console.apply(this, arguments);
    }
    console.log("Hello World");
    for (let i = 0; i < log_history.length; i++) {
        if (log_history[i][0] !== "Hello World") {
            return false;
        }
    }
    //restore the hook
    console.log = _console;
    return true;
})();

sadly doesn't seem to work. thank you non the less.

@LessThanGreaterThan
Copy link
Author

Do you have a copy of the BAS chromium binary? Want to try something.

Yes i do. want me to upload it or anything?

@LessThanGreaterThan
Copy link
Author

Do you have a copy of the BAS chromium binary? Want to try something.

Yes i do. want me to upload it or anything?

Yeah that would be great

Hey, you can either download the free version from BAS here: https://bablosoft.com/shop/BrowserAutomationStudio#download
or if you just want the custom compiled chrome: https://www.sendspace.com/file/5bha3p

@LessThanGreaterThan
Copy link
Author

Doesn't appear to run, can you check if there are any run parameters specified on the binary? Tried to get it running through selenium and puppeteer but neither worked. I assume its the worker.exe file?

https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program

yes its worker.exe

full cli

"C:\Users\LTGT\AppData\Roaming\BrowserAutomationStudio\apps\25.4.1\Worker\chrome\worker.exe" --remote-debugging-port=16668 --unique-process-id=0pMhvMU2 --parent-process-id=25524 --no-proxy-server --no-sandbox --force-device-scale-factor=1 --noerrdialogs --window-position=0,0 --disable-smooth-scrolling --disable-auto-reload --disable-component-update --disable-features=GpuProcessHighPriorityWin,GpuUseDisplayThreadPriority --disable-gpu-program-cache --disable-gpu-shader-disk-cache --disk-cache-size=1 --enable-features=ViewportHeightClientHintHeader --lang=en --reduce-user-agent-minor-version --window-size=1040,688 --user-data-dir="C:\\Users\\LTGT\\AppData\\Roaming\\BrowserAutomationStudio\\apps\\25.4.1\\prof/kUjSYtdK" about:blank

@NCLnclNCL
Copy link

Doesn't appear to run, can you check if there are any run parameters specified on the binary? Tried to get it running through selenium and puppeteer but neither worked. I assume its the worker.exe file?
https://superuser.com/questions/415360/how-do-i-find-out-command-line-arguments-of-a-running-program

yes its worker.exe

full cli

"C:\Users\LTGT\AppData\Roaming\BrowserAutomationStudio\apps\25.4.1\Worker\chrome\worker.exe" --remote-debugging-port=16668 --unique-process-id=0pMhvMU2 --parent-process-id=25524 --no-proxy-server --no-sandbox --force-device-scale-factor=1 --noerrdialogs --window-position=0,0 --disable-smooth-scrolling --disable-auto-reload --disable-component-update --disable-features=GpuProcessHighPriorityWin,GpuUseDisplayThreadPriority --disable-gpu-program-cache --disable-gpu-shader-disk-cache --disk-cache-size=1 --enable-features=ViewportHeightClientHintHeader --lang=en --reduce-user-agent-minor-version --window-size=1040,688 --user-data-dir="C:\\Users\\LTGT\\AppData\\Roaming\\BrowserAutomationStudio\\apps\\25.4.1\\prof/kUjSYtdK" about:blank

It using JavaScript to fake fingerprint and it can detected and heavy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abrahamjuliot abrahamjuliot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@abrahamjuliot @LessThanGreaterThan @NCLnclNCL and others