0

I've been using https://requestly.io/ to make a Javascript script execute before the code of an annoying website that is trying to hide information from me by detecting when chrome dev tools is opened and breaking itself. The website uses window.console.debug to accomplish it. I've tried tricking it like so:

window.console.debug = new Proxy(console.debug, {
  apply(target, thisArg, args) {
    // Return undefined for all inputs to mimic console being closed
    return function() { return undefined; };
  }
});

But it detects it and throws an error, I suspect it's because the inputs aren't quite right, given the window.console.debug function is a native code implementation does anyone have an idea how to make an overwritten one that behaves functionally identical? I've also tried this

window.console.debug = function(){
  window.chrome.debug= function() {
      return;
  }
}

But it is also detected. Again I believe it's to do with the arguments or some other properties of the console.debug as shown here (https://developer.mozilla.org/en-US/docs/Web/API/Console/debug) but I'm unsure how to mimic this fully whilst still preventing its use in detecting an open chrome dev tools.

Jimmy J.K.
  • 25
  • 6
  • Another interesting thing is that the website doesn't throw an error/detect it when I change the window.console funciton like below, it seems to only care when window.console.debug is actually changed. `window.console = new Proxy(console, { get(target, prop) { if (prop === "debug") { console.log("Called ${prop}"); return target[prop] } else { console.log("Accessed property:", prop); } return target[prop]; }, });` – Jimmy J.K. Mar 19 '23 at 18:23
  • What's the point of returning a function from `console.debug(…)`? And why are you using a proxy, wouldn't just monkeypatching `console.debug` suffice? – Bergi Mar 19 '23 at 18:25
  • You'll need to show us the code of the annoying website that does the detection, and whether the code that you inject will run before or after it. We can hardly help you without that. – Bergi Mar 19 '23 at 18:26
  • I’ve been using requestly.io to inject the code before the website loads. In regards to the code a lot of it is obfuscated and overriding/preemptively setting the detection functions and freezing them doesn’t work as they are run in “use strict” and crash the website if they are overwritten – Jimmy J.K. Mar 20 '23 at 19:06
  • Also what do you mean by monkey patching console.debug? How would I do that? Do you have an example I can look at? – Jimmy J.K. Mar 20 '23 at 19:07
  • By [monkey patching](https://en.wikipedia.org/wiki/Monkey_patch) I mean `window.console.debug = function(){};` – Bergi Mar 20 '23 at 19:28
  • Not sure what you mean by "*the code is overriding/preemptively setting the detection functions*". Again, you need to show us that code and post the error that occurs if it doesn't work, or we can't help you with this. – Bergi Mar 20 '23 at 19:30
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/252640/discussion-between-jimmy-j-k-and-bergi). – Jimmy J.K. Mar 21 '23 at 00:08
  • Instead of returning `function() { return undefined; }` in the handler's `apply`, have you tried returning `undefined`? I know it seems counter-intuitive because the site might be matching the returned object to `console.debug`'s prototype, but most javascript logic forget to handle the `undefined` case (easier to forget with optional chaining). . This worked for me [when trying to capture calls to console functions](https://github.com/nsrCodes/capture-console-logs). Here's the [relevant code](https://github.com/nsrCodes/capture-console-logs/blob/master/src/ConsoleCapture.ts#L36-L43) – nsrCodes May 29 '23 at 02:57
  • And I don't have experience modifying obfuscated code, but if the site is observing the console.debug outputs, shouldn't you let all that code initialize first and then create your proxy object? I mean, why do you even want your injected script (which I am assuming is this proxy object) to run before the page load? Shouldn't you be injecting the script after the page load? AFAIK, requestly does allow you to do that. – nsrCodes May 29 '23 at 03:03
  • @nsrCodes The site loads information dynamically and certain information doesn't load if inspect element/google dev kit is open. Ergo whatever needs to happen needs to happen before the webpage loads so it doesn't trip the switch and prevent the website from loading – Jimmy J.K. Jul 14 '23 at 00:20
  • @nsrCodes And yes I tried to set it to undefined, i set `console.debug=function(){return;};` and the website failed to properly load (i.e. the client side obfuscated javascript detected it and didn't dynamically load the needed information) – Jimmy J.K. Jul 14 '23 at 00:30
  • @JimmyJ.K. the requestly's insert script rule works even if you don't open the browser dev tools. For dynamically loaded data, you can write code to listen or simulate loading this data. Eg. if the data is loaded after some dom event, create an event listener and in the callback initialize your proxy object. If the data is populated after a fetch request, you can make that request inside the insert script rule and then initialize the proxy object. The approach will vary based on the case, but this seems totally achievable. – nsrCodes Jul 15 '23 at 14:05

0 Answers0