It's been down for months, sadly. I was working on some dummy Puppeteer human-behavior script back then and the site helped a lot. Hope the guy's doing alright :/
Kind reminder Google broke almost all TCP fingerprints (i.e. JA3) when introducing grease values and other stuff such as random order in the ciphers in Chromium. I work in a bot detection company and we put a lot effort on it, currently have an advanced implementation that ignores some extensions, order the fields, remove the grease values etc.
I have an open source implementation of normalized JA3 fingerprinting at https://github.com/fidraC/canary (Includes CreepJS and other stuff to be added / WIP) it’s not very complicated but I did waste some time before realizing that grease was everywhere, not just extensions.
Note: That is my secondary account for school. I’m not stealing someone else’s work. I use a different name as a sort of mental compartmentalization between different spheres of my life.
Some parts are outdated now. Bot detection vs web scraping is an ever evolving arms race.
Anyway, incolumnitas blog is a great source of information about bot detection and techniques to avoid being detected. We have implemented many successful methods based on it in https://scrapingfish.com/.
14 comments
[ 3.5 ms ] story [ 132 ms ] threadAlas, does not accept TLS1.3.
Note: That is my secondary account for school. I’m not stealing someone else’s work. I use a different name as a sort of mental compartmentalization between different spheres of my life.
iOS isn't any better and already sends a unique "Private Access Token" with requests to Cloudflare.
Anyway, incolumnitas blog is a great source of information about bot detection and techniques to avoid being detected. We have implemented many successful methods based on it in https://scrapingfish.com/.