Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Client-Side Bot Detection: A JavaScript Crash Course (That You Shouldn't Use)

2025-05-10
Client-Side Bot Detection: A JavaScript Crash Course (That You Shouldn't Use)

A recently discovered Chromium bug allows a short JavaScript snippet to crash headless browsers like Puppeteer and Playwright. While seemingly ideal for client-side bot detection, this article dissects the vulnerability, explores its weaponization potential, and ultimately argues against production use. Although effective in crashing bots, the method negatively impacts user experience, creates side effects, and is easily circumvented. The authors advocate for quiet, performant, and resilient bot detection strategies.

Read more
(blog.castle.io)
Development browser vulnerability

Fighting Canvas Fingerprint Forgery: Detection Methods and the Arms Race

2025-02-25
Fighting Canvas Fingerprint Forgery: Detection Methods and the Arms Race

Canvas fingerprinting is commonly used for anti-fraud, but fraudsters have developed techniques to bypass detection. This post delves into how fraudsters utilize techniques from platforms like Zenrows and browser extensions such as Canvas Blocker to modify canvas fingerprints. Two detection methods are analyzed: pixel value verification and function consistency checks to identify forgery. These methods verify preset pixel colors and check native function prototypes or error stack traces to determine if a canvas fingerprint has been tampered with.

Read more
(blog.castle.io)
Tech Canvas fingerprinting anti-fraud