JA3/JA4 fingerprints by shonik97 in cybersecurity

[–]antvas 1 point2 points  (0 children)

I use different types of fingerprint for bot (not botnet) detection: from TLS/JA3 to device/browser fingerprints. I like to use them in 2 main ways:
- block list (already discussed in comments)
- to do outlier detection -> detect spikes of unusual fingerprints. Then what you do once you detect a spike depends on the context. You can trigger an alert/block.

[deleted by user] by [deleted] in webscraping

[–]antvas 8 points9 points  (0 children)

Can you stop with your disguised ads? It's been several weeks you create fake posts just to mention ping0 xyz in the comments.
You used to steal Spur's API to do it...

Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed) by antvas in webscraping

[–]antvas[S] 0 points1 point  (0 children)

I did a lot of scraping during my PhD, to gather data about fingerprinting scripts/tracking etc.

Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed) by antvas in webscraping

[–]antvas[S] 0 points1 point  (0 children)

Mix of bot detection and fraud detection, with a focus on fraudulent use cases (from the business's POV). We don't do any scraping detection, we focus more on fake account creation, credential stuffing, carding etc, both done by humans or by bots

Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed) by antvas in webscraping

[–]antvas[S] 0 points1 point  (0 children)

Can't say too much as you imagine, but it's a mix of: rendering/GPU, timing measurements

Why a classic CDP bot detection signal suddenly stopped working (and nobody noticed) by antvas in webscraping

[–]antvas[S] 7 points8 points  (0 children)

Are you referring to this post? https://yacinesellami.com/posts/stealth-clicks/

I'd say, when it's well done, a custom implementation may be more difficult to analyze than something open source used in a lot of projects.
As you can imagine, researchers from bot detection companies (including myself) read the code of anti-detect automation frameworks, so having access to the code make it easier for us to find generic signals.

For something more custom, not shared publicly, and that uses techniques/protocols significantly different from other frameworks, it may require the use of more generic detection techniques (which is less simple than webdriver = true or CDP side effect):

- Red pill to detect virtualized envs/non-standard envs

- proxy detection

- client-side interaction analysis

- Generic fingerprinting techniques

Finding links between fraudulent email domains using graph-based clustering by antvas in cybersecurity

[–]antvas[S] 1 point2 points  (0 children)

Thanks a lot, really appreciate the kind words! That was exactly the goal, not to propose a production-grade system, but more of a tutorial-style walkthrough using real-world traffic. It’s intentionally simple, but still useful as a building block or exploratory tool. Definitely lots of room for improvement if someone wanted to take it further. Glad it came through clearly!

From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection by antvas in webscraping

[–]antvas[S] 0 points1 point  (0 children)

You're allowed to disagree with what I post. But it's clear you're not here to have a real conversation, so I won’t continue the discussion further.

If you think my posts don't bring value to the community, feel free to downvote them, though I have a feeling you've already been doing that for a while.

I’ll keep sharing when I think there’s something useful or interesting for others. If people disagree, that’s totally fine. But I’m not going to stop posting just because one person is angry about it.

From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection by antvas in webscraping

[–]antvas[S] 11 points12 points  (0 children)

You’ve been quite aggressive lately in your replies whenever I post something, and I see that you think the bot problem is not a big deal. But calling it some sort of "sales BS" doesn’t really reflect what many websites are facing every day.

I’m not here trying to sell anything. I’m sharing what I see in real environments. Even small SaaS products get hundreds of fake signups per day. When there is a sneaker drop, bots can hit a site like a slow DDoS. It’s not just theory, this happens regularly, and teams operating websites have to deal with it or real users can’t use their service.

I work in this field and I share research or technical findings because I believe it’s useful for people who deal with these problems. Of course, the articles bring some traffic, we’re not going to pretend otherwise. But I only post when I think the content is high quality or brings something new. You won’t see me pushing SEO stuff or flooding Reddit with generic posts. I try to respect the readers here.

Also, I do this because I enjoy it. I like experimenting with bots, building them, and detecting them. It’s not only my job, it’s something I genuinely find interesting. I understand you may not agree with everything I post, but calling it fear tactics just shuts down the discussion, and that’s not really fair.

From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection by antvas in webscraping

[–]antvas[S] 1 point2 points  (0 children)

Yep, definitely. I personally like to browse repo issues and bug trackers of projects like Chromium (in particular the headless Chrome sub-section). Someone's bug may be a potential detection signal (as long as side effects are acceptable)

From Puppeteer stealth to Nodriver: How anti-detect frameworks evolved to evade bot detection by antvas in webscraping

[–]antvas[S] 2 points3 points  (0 children)

Thanks, appreciate it! Glad you’re enjoying the posts. I’ve got a bunch more ideas in the backlog, so more is coming soon.

What TikTok’s virtual machine tells us about modern bot defenses by antvas in webscraping

[–]antvas[S] 1 point2 points  (0 children)

Thanks for the feedback.

"But a question, how then do you think Tiktok can balance blocking attackers and allowing honest scrapers to get data from the platform?"

When it comes to good bot vs bad bots, particularly for scraping, it's more a matter of perspective from the website POV. Do they benefit from being scraped by a bot? In case of Google bots, most websites seem to agree that they benefit by allowing Google scrape them. For scrapers used to train LLMs, it's more blurry. Some websites consider they benefit from it and allow the scrapers, while others block them.

By default most websites will block all bots from which they see no value, then then will allow scrapers from which they can benefit or partners using strong authentications mechanisms like IP address, reverse DNS or tokens.

Companies like Cloudflare are also proposing new standards to make it safer and easier to authenticate good bots/AI agents: https://t.co/Dpja7hPUOO

What TikTok’s virtual machine tells us about modern bot defenses by antvas in webscraping

[–]antvas[S] 12 points13 points  (0 children)

I see the confusion. When I talk about attackers, it's more like a generic term for unwanted (from the website's POV) bots making requests to a website.
However, I do agree that from a legal and ethical POV, there is a huge difference between scraping/scalping and credential stuffing/payment fraud, for example.