How Do Websites Detect Selenium Automation, and How Can It Be Circumvented?

Selenium Detection by Websites

While Selenium with Chromedriver provides browser automation, some websites possess the ability to detect when a selenium instance is being used, despite the absence of explicit automation. This ability raises the question of how these websites accomplish this detection.

Detection Techniques

Websites employ various techniques to discern the presence of Selenium. One prevalent method involves examining predefined JavaScript variables that emerge when Selenium is operational. These variables frequently contain the terms "selenium" or "webdriver" and can be detected in window objects and document variables like $cdc_ and $wdc_. The detection mechanism varies depending on the browser being employed.

Countermeasures

To circumvent website detection, one approach is to eliminate or alter the presence of specific JavaScript variables. For instance, in Chrome, modifying the chromedriver source code to change $cdc_ to a different variable name has been found to be effective.

Pseudocode for Bot Detection

Some bot networks may leverage complex algorithms to detect Selenium usage. The following pseudocode provides a glimpse into potential detection techniques:

runBotDetection = function () {

    // Check for window-specific detection keys
    for (windowDetectionKey in windowDetectionKeys) {
        if (window[windowDetectionKeyValue]) {
            return true;
        }
    }

    // Check for document-specific detection keys
    for (documentDetectionKey in documentDetectionKeys) {
        if (window['document'][documentDetectionKeyValue]) {
            return true;
        }
    }

    // Inspect document for specific patterns
    for (documentKey in window['document']) {
        if (documentKey.match(/$[a-z]dc_/) && window['document'][documentKey]['cache_']) {
            return true;
        }
    }

    // Check for additional external indicators
    if (window['external'] && window['external'].toString() && (window['external'].toString()['indexOf']('Sequentum') != -1)) return true;

    // Examine HTML element attributes
    if (window['document']['documentElement']['getAttribute']('selenium')) return true;
    if (window['document']['documentElement']['getAttribute']('webdriver')) return true;
    if (window['document']['documentElement']['getAttribute']('driver')) return true;

    return false;
};

Additional Methods

In addition to altering JavaScript variables, other techniques for evading Selenium detection include:

• Using VPNs: VPNs can temporarily mask the user's IP address, but they may be detected after subsequent requests.
• Modifying the User Agent: Changing the user agent string can make the web browser appear like a regular user.
• Disabling Browser Plugins: Certain plugins may expose information that can reveal Selenium's presence.
• Modifying Headers: HTTP headers can be manipulated to appear more similar to a typical user's traffic.
• Using Proxy Servers: Proxy servers can further anonymize the user's connection.

The above is the detailed content of How Do Websites Detect Selenium Automation, and How Can It Be Circumvented?. For more information, please follow other related articles on the PHP Chinese website!