Open
Description
The bug
I can't open certain pages protected by Imperva.
How to reproduce
In a clean folder you do next:
- You install:
yarn add [email protected] puppeteer-core [email protected] [email protected] puppeteer-extra puppeteer-extra-plugin-stealth
-
In the file
node_modules/puppeteer-extra-plugin-stealth/evasions/_utils/index.jsyou change all matches ofnewHandlerintonewHandler2. -
You create a file index.js with the following content:
'use strict';
(async () => {
process.env.REBROWSER_PATCHES_RUNTIME_FIX_MODE = 'alwaysIsolated';
process.env.REBROWSER_PATCHES_SOURCE_URL = 'jquery-3.7.0.min.js';
process.env.REBROWSER_PATCHES_UTILITY_WORLD_NAME = 'domRenderedContainer';
const puppeteer = require('rebrowser-puppeteer');
const puppeteerCore = require('rebrowser-puppeteer-core');
const {addExtra} = require('puppeteer-extra');
const puppeteerExtra = addExtra(puppeteerCore);
const StealthPlugin = require('puppeteer-extra-plugin-stealth');
puppeteerExtra.use(StealthPlugin());
const browser = await puppeteerExtra.launch({
browser: 'chrome',
protocol: 'cdp',
headless: false,
devtools: false,
args: [
'--disable-gpu',
'--no-sandbox',
'--disable-web-security',
'--disable-features=IsolateOrigins,site-per-process,SitePerProcess,HttpsFirstBalancedModeAutoEnable',
'--flag-switches-begin --disable-site-isolation-trials --flag-switches-end'
],
executablePath: puppeteer.executablePath()
});
// if you are using StealthPlugin you need to open a new page and close those pages (usually just one)
// which were opened by chrome automatically in startup, because StealthPlugin did not inject it's code
// there yet.
const page = await browser.newPage();
const pages = await browser.pages();
for (let i = 0; i < pages.length - 1; i++) {
await pages[i].close();
}
const userAgent = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36';
await page.emulate({
viewport: {
width: 2048,
height: 790
},
userAgent
});
await page.setUserAgent(userAgent, {
brands: [
{ brand: 'Chromium', version: '112' },
{ brand: 'Google Chrome', version: '112' },
{ brand: 'Not;A Brand', version: '99' }
],
fullVersionList: [
{ brand: 'Chromium', version: '112.0.5615.49' },
{ brand: 'Google Chrome', version: '112.0.5615.49' },
{ brand: 'Not;A Brand', version: '99.0.0.0' }
],
platform: 'Linux',
platformVersion: '10.0.0',
architecture: 'x86',
model: '',
mobile: false,
bitness: '64',
wow64: false
});
await page.setRequestInterception(true);
page.on('request', (interceptedRequest) => {
interceptedRequest.continue({
headers: Object.assign(
{},
interceptedRequest.headers(),
{
'sec-ch-ua': '"Not?A_Brand";v="99", "Chromium";v="130"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Linux"',
'accept-language': 'en-US,en;q=0.9'
}
)
});
});
const gotoOptions = {
timeout: 30 * 1000,
waitUntil: 'load'
};
await page.goto('https://iaai.com/', gotoOptions);
await new Promise((resolve) => { setTimeout(resolve, 3 * 1000) });
await page.goto('https://www.iaai.com/LiveAuctionsCalendar', gotoOptions);
})();- You run this file and after some file (like 10 seconds) you'll see a triggered protection from Imperva.
Bonus step: In the same tab you open several websites:
https://www.browserscan.net/bot-detection
https://bot-detector.rebrowser.net/
https://kaliiiiiiiiii.github.io/brotector/
to be sure that you are not a bot.
So, something is leaking.
Thank you