Expand description
CDP (Chrome DevTools Protocol) leak protection
The Runtime.enable CDP method is a well-known detection vector: when
Chromium automation sends this command, anti-bot systems can fingerprint
the session. This module implements three mitigation techniques and patches
the __puppeteer_evaluation_script__ / pptr:// Source URL leakage.
An additional pass cleans well-known automation artifacts regardless of
mode: ChromeDriver cdc_ / _cdc_ globals, Chromium headless
domAutomation / domAutomationController bindings, and any document-level
$cdc_-prefixed properties.
§Techniques
| Technique | Description | Reliability |
|---|---|---|
AddBinding | Injects a fake binding to avoid Runtime.enable | High ★★★ |
IsolatedWorld | Runs evaluation scripts in isolated CDP contexts | Medium ★★ |
EnableDisable | Enable → evaluate → disable immediately | Low ★ |
None | No protection | Detectable |
The default is AddBinding. Select via the STYGIAN_CDP_FIX_MODE env var.
§Source URL patching
Scripts evaluated via CDP receive a source URL comment
//# sourceURL=pptr://... that exposes automation. The injected bootstrap
script overwrites Function.prototype.toString to sanitise these URLs.
Set STYGIAN_SOURCE_URL to a custom value (e.g. app.js) or 0 to skip.
§Reference
- https://github.com/rebrowser/rebrowser-patches
- https://github.com/greysquirr3l/undetected-chromedriver
- https://github.com/Redrrx/browser-js-dumper
§Example
use stygian_browser::cdp_protection::{CdpProtection, CdpFixMode};
let protection = CdpProtection::from_env();
assert_ne!(protection.mode, CdpFixMode::None);
let script = protection.build_injection_script();
assert!(!script.is_empty());Structs§
- CdpProtection
- Configuration and script-building for CDP leak protection.
Enums§
- CdpFix
Mode - Which CDP leak-protection technique to apply.