網上說的基本不全,最近有個新加密(F5shape)是控制流加密,解起來比較繁瑣,就直接用selenium了,我看到有環境監測,但是沒想到有檢測selenium…一開始用nodejs寫的,但是用nodejs寫面向過程的代碼真的很難受,又改為python了

打開這個網站就能看到部分檢測點 https://bot.sannysoft.com

基本配置

UA

手機版本的話要設置通用手機型號

根據這個網頁好好配置下https://peter.sh/experiments/chromium-command-line-switches/#enable-print-preview-register-promos

options = webdriver.ChromeOptions() # 配置 # options.add_argument('--headless') # options.add_argument('--disable-gpu') # options.add_argument('--blink-settings=imagesEnabled=false');#無圖模式options.add_argument("--disable-blink-features") options.add_argument("--disable-blink-features=AutomationControlled") options.add_argument('--incognito')#無痕模式 options.add_argument("--disable-extensions") options.add_argument("--disable-infobars") options.add_argument("--no-default-browser-check") options.add_experimental_option("excludeSwitches", ["enable-automation"]) options.add_experimental_option("useAutomationExtension", False) mobileEmulation = {'deviceName': 'iPhone X'}#模擬手機 options.add_experimental_option('mobileEmulation', mobileEmulation)

網上入門就有講的那堆全局變量

windows.navigator.webdriver 需要改為false
navigator.plugins 插件數量不應該為0
navigator.languages 為英文(但是國外本來就應該是英文)

這些都是小打小鬧,弄個提前hook就過去了

driver = webdriver.Chrome(executable_path=path+'/chromedriver.exe',chrome_options=options)driver.execute_cdp_cmd("Page.addScriptToEvaluateOnNewDocument", {"source": '''Object.defineProperties(navigator,{ webdriver:{ get: () => false } }) } window.navigator.chrome = { runtime: {}, }; } Object.defineProperty(navigator, 'languages', { get: () => ['en-US', 'en'] }); } Object.defineProperty(navigator, 'plugins', { get: () => [1, 2, 3, 4, 5,6], }); }''' })

后來有了新方法,直接導出瀏覽器的狀態生成js

這個跟第二個是一樣的,但是比第二個全

with open(path+'/stealth.min.js') as f:js = f.read()driver.execute_cdp_cmd("Page.addScriptToEvaluateOnNewDocument", {"source": js })

stealth.min.js文件獲取方法
安裝nodejs后運行以下命令,自動生成在根目錄

npx extract-stealth-evasions

這時候已經能繞過大部分檢測了,包括本文開頭那個檢測網站

命令通訊檢測

這個調了好久,發現只要webdriver跟selenium有通訊,js就檢測到了
后來看了webdriver的文檔:https://www.w3.org/TR/webdriver
發現她們通訊是通過http的,猜測是在全局變量有緩存

然而瀏覽器的全局變量就:windows

selenium其實還能當油猴用

with open(path+'/stealth.min.js') as f:js = f.read()driver.execute_cdp_cmd("Page.addScriptToEvaluateOnNewDocument", {"source": '''function objKeySort(obj) {let newkey = Object.keys(obj).sort();let resStr = '';for (let i = 0; i < newkey.length; i++) {let str = obj[newkey[i]];console.log(i,newkey[i],str);resStr += str;} }''' })

這時候console已經有objKeySort這個方法了
用objKeySort(windows)看一下命令運行前和命令運行后的區別

找到了document這里變了
用Object.keys(window.document)可以看到,命令運行之后多了個$cdc_xxxxxx的key

后來搜了下 在https://stackoverflow.com/questions/33225947/can-a-website-detect-when-you-are-using-selenium-with-chromedriver

可以看到,直接用命令改驅動里面的字符串就行了
perl -pi -e ‘s/cdc_/dcd_/g’ chromedriver.exe

---

聽別人說tb的監測cdc直接在js搜就能搜到,但是我這個是jsvmp,不能搜,只能慢慢調才找出來~
在上面偷了個檢測腳本

runBotDetection = function () {var documentDetectionKeys = ["__webdriver_evaluate","__selenium_evaluate","__webdriver_script_function","__webdriver_script_func","__webdriver_script_fn","__fxdriver_evaluate","__driver_unwrapped","__webdriver_unwrapped","__driver_evaluate","__selenium_unwrapped","__fxdriver_unwrapped",];var windowDetectionKeys = ["_phantom","__nightmare","_selenium","callPhantom","callSelenium","_Selenium_IDE_Recorder",];for (const windowDetectionKey in windowDetectionKeys) {const windowDetectionKeyValue = windowDetectionKeys[windowDetectionKey];if (window[windowDetectionKeyValue]) {return true;}};for (const documentDetectionKey in documentDetectionKeys) {const documentDetectionKeyValue = documentDetectionKeys[documentDetectionKey];if (window['document'][documentDetectionKeyValue]) {return true;}};for (const documentKey in window['document']) {if (documentKey.match(/\$[a-z]dc_/) && window['document'][documentKey]['cache_']) {return true;}}if (window['external'] && window['external'].toString() && (window['external'].toString()['indexOf']('Sequentum') != -1)) return true;if (window['document']['documentElement']['getAttribute']('selenium')) return true;if (window['document']['documentElement']['getAttribute']('webdriver')) return true;if (window['document']['documentElement']['getAttribute']('driver')) return true;return false; };

換個bypass驅動

https://github.com/ultrafunkamsterdam/undetected-chromedriver
挺多人在用的,但是還是要改cdc_

總結

以上是生活随笔為你收集整理的selenium所有检测点和绕过方式[运行命令后被检测/打开就被检测/环境检测]的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。