vytal-io / vytal-extension Goto Github PK
View Code? Open in Web Editor NEWBrowser extension to spoof timezone, geolocation, locale and user agent.
Home Page: https://vytal.io
License: GNU General Public License v3.0
Browser extension to spoof timezone, geolocation, locale and user agent.
Home Page: https://vytal.io
License: GNU General Public License v3.0
No matter what I change on Tor I always get the same hash with the same signature, that someone else signed
Vytal even recognizes my IP change but doesn't update the hash
So I have an app written in Python Selenium that uses Chromedriver and I wanted to change User Agent.
But it does not work, please see video https://www.awesomescreenshot.com/video/21423933?key=ffc853c6b00786132c3ccf92cc69c048 and I am sure no further explanation is required.
I get error
Uncaught (in promise) Error: Debugger is not attached to the tab with id: 1502110130.
EDIT:
Forgot to mention that when I launched browser, I did set values using my code by going through chrome-extension://ncbknoohfjmcfneopnfkapmkblaenokb/popup.html URL.
driver.get('chrome-extension://ncbknoohfjmcfneopnfkapmkblaenokb/popup.html')
driver.find_elements(by=By.CSS_SELECTOR, value='#app-container button')[1].click()
driver.find_element(by=By.CSS_SELECTOR, value='.css-ad1gwk .css-osq56n div').click()
select = Select(driver.find_element(by=By.CSS_SELECTOR, value='#type'))
select.select_by_visible_text('Microsoft Edge (Chromium) - Windows')
Suggestions for Functional Improvements (Rule-based Location Config + More Spoofing Configurations)
I hope the software can support rules similar to the "Clash Rule," enabling rule-based routing, such as:
# ---------------------
# Configuration: Grouping of Location Settings
# ---------------------
location-config-groups:
- name: Location_And_TimeZone_Config_for_US
timezone: America/New_York
locale: en-US
location_city: Washingon, USA
location_gps: 38.9072, -77.0369
system_os: Linux
language: en-US
webrtc: Disable
- name: Location_And_TimeZone_Config_for_JP
timezone: Asia/Tokyo
locale: ja-JP
location_city: Tokyo, Japan
location_gps: 35.6895, 139.6917
system_os: Linux
language: ja-JP
webrtc: Disable
- name: Location_And_TimeZone_Config_for_Final
timezone: Default
locale: Default
location_city: Default
location_gps: Default
system_os: Default
language: Default
webrtc: Default
# ---------------------
# Configuration: Rule-based Location Data
# ---------------------
rule:
- DOMAIN-SUFFIX , us , Location_And_TimeZone_Config_for_US
- DOMAIN-SUFFIX , jp , Location_And_TimeZone_Config_for_JP
- GeoIP , us , Location_And_TimeZone_Config_for_US
- GeoIP , jp , Location_And_TimeZone_Config_for_JP
- IP-CIDR , 103.41.167.0/24 , Location_And_TimeZone_Config_for_US
# external rules
- RULE-SET , netflix_no_resolve , Location_And_TimeZone_Config_for_US
# final rules
- MATCH , Location_And_TimeZone_Config_for_Final
# ---------------------
# Configuration: Subscription Rule Sets
# ---------------------
rule-providers:
netflix_no_resolve:
type: http
behavior: classical
url: 'https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Netflix/Netflix_No_Resolve.yaml'
path: ./ruleset/netflix_no_resolve.yaml
interval: 86400
The reason for adding support for the above configurations is to bypass the VPN detection of websites. You can use the following link to see if the website can detect your VPN:
https:ipdog.io/
Especially when users use VPN based on the Clash proxy software, Clash will route according to the user's rules. However, Vytal currently has a single global configuration, which cannot meet the demand for automatic configuration modification during routing
This is a tutorial, not an issue. I'm not sure where to post this under the project.
You can disable the extension developer warning as stated in extension help by adding "--silent-debugger-extension-api" parameter to the shortcuts. The issue with this is that you have to add it to all shortcuts and If you have created an web app, the parameter won't work, because it resets each time you reboot. Also, this won't work if you have allowed chrome or edge to autorun after computer boots up, because the registry value resets after each reboot.
There is also another way to disable the warning, which works for all shortcuts, apps created through Chrome and Edge and even the initial auto startup.
You can disable it by adding the following key to registry:
Registry Hive | HKEY_LOCAL_MACHINE (for all users) or HKEY_CURRENT_USER (for current user)
Registry Path | Software\Policies\Google\Chrome\ExtensionInstallForcelist
Value Name | {number} (example: **1** or if there is already a key, type a number in incremental order)
Value | **ncbknoohfjmcfneopnfkapmkblaenokb**
In Edge Chromium you can do the same, just in the following registry path:
Registry Path | Software\Policies\Microsoft\Edge\ExtensionInstallForcelist
When vytal is used alongside the smartUp gestures extension, the gestures stop working.
However it only happens when i change my user agent to firefox. Chrome and brave user agents work fine. Although i haven't tested all os/browser combinations..
My os is Linux, with right mouse button used for gestures. When it happens i see the context menu instead of the gesture, the menu should be visible after a double click normally.
Pretty self explanatory.
I'm using latest version of Brave. I install app. I load up https://vytal.io , Initial Load Intl.DateTimeFormat().resolvedOptions().timeZone still detects the home timezone. This affects all of the other time related detections on the site as well.
Please add different useragent options for desktop and mobile mode.
This isn't really an issue with Vytal, more wanting to understand the limitations.
As part of a cyber Capture the Flag (CTF) problem there is a webpage where you need to appear to be from Kazakhstan
The entry webpage is https://metaproblems.com/713bceb86c049123ed8a436c14d6b014/geo-lock/
When you click on "Online broadcasting" if you have successfully 'pretended' to be from Kazakhstan then you see a video snippet. Otherwise you see "This content is not available in your country"
I used a custom profile to appear to visit from Kazakhstan.
Timezone: Asia/Almaty
Locale: kk-KZ
Latitude: 43.277500
Longitude: 76.895833
User Agent: Left as default
I got the message "This content is not available in your country". I made sure the site permissions have Location set to allow.
I assume there are other settings I need to change in my browser or another extension or some combination.
What about that ?
This problem is seen on latest ungoogled chromium on windows and kiwi browser on android.
For example, you can test the following website:
Please add option to exclude some domains or IPs.
I want to exclude local and private IPs.
If I set the profile to Custom I am able to set Timezone, Latitude, Longitude and User Agent. However, if I try to set the Locale I can type in the new locale. However, when I check:
a) The Locale has reverted back to whatever was in there previously
b) The Timezone is set to what I tried to set Locale to
An example: I set profile to New York
Timezone: America/New_York
Locale: en-US
I select Custom profile. I set locale to en-GB and close the tab.
I then check and see:
Timezone: en-GB
Locale: en-US
On opening every page the yellow strip covers top of the screen, does not go away.
Please add an option to either completely disable it or make it go away in 1-2 sec. Otherwise I have to click cancel button on each page I open and closing the bar with a click does not always work instantaneously.
Even after the User-Agent string is changed, the Client-Hints reveal the real browser, mobile/not, platform, platform version, architecture, etc. more details here -> https://browserleaks.com/client-hints
Some details from docs -> https://developer.chrome.com/docs/privacy-sandbox/user-agent/
Some observations -> It can't be entirely disabled because some sites ends up in a endless loop unless these match with the User-Agent header.
So you might need a dataset for the brands.
I am not sure if thats possible through debugger api.
Is there any way to make it so that when the extension loads the default option is match timezone by IP? Or can you tell me how to edit it so it stays like that? Every time I install it, I have to manually go to the option and load the setting of match timezone by IP, no way to do it automatically as default?
Thanks.
Doesn't work the "Match IP address" with Nord VPN while it's connected. I hope the problem will be solved soon. Thank you very much for the app and your attention. Greetings.
When I select Hong Kong for example, and my physical location is in Los Angeles, TOP WINDOW and INITIAL LOAD remain unchanged and show Los Angeles. Only FRAME and WEB WORKER show Hong Kong.
Loading webpages with seleniums driver.get methodnot triggering extension execution
driver.get ttriggers start of vytal the same way that entering a url in search bar does.
Thank you so much for releasing this extension! Exactly what I've needed
Hello dear developer, is there any possible that we could have Firefox supported? Thank you very much!
There isn't any sort of license on this project, is it fully copyright of you, is it under MIT (or any other) license?
if it's possible to remove non-IP matching or non-location (depends on what you've chosen in the extension) matching data from javascript navigator.languages
would be cool
Option to limit or remove the "started debugging this browser" notifications would be nice, becomes quite annoying and distracting when viewing webpages.
I noticed the language locale is not changed at the level of the HTTP request.
Is it not possible to do using a browser extension?
Hey there :)
I didn't look at the code, but I assume you are picking up on some privacy.resistFingerprinting
(RFP) attributes: such as timezone is UTC0
, inner window is 100's
height x 200
's width, etc. These are problematic - users can manipulate timezone via extensions for example, even if Tor Project do not recommend it, and window sizes and even letterboxing have edge case bugs and users could maximize or manually resize without letterboxing. But the biggest problem is RFP is maintained upstream at Mozilla, and thus available in Firefox
There's also a very simple way to detect is RFP is on. Tor Browser is not trying to hide it's Tor Browser, and RFP is not trying to hide itself either. If you want that snippet, ask :)
To detect Tor Browser, client side JS only, 100% reliably with zero false positives ...
personally I use a mix of some things in here to catch extra entropy with extension lies, but you can get away with a single wrapped error check (chromium and webkit produce different error messages, depending on the error of course)
var isFF = false
const newFn = x => typeof x != 'string' ? x : new Function(x)()
try {
newFn("alert('A)")
} catch(e) {
if e.name + e.message == "TypeErrorcyclic object value") {isFF = true}
}
var isTB = false
const set_isTB = () => new Promise(resolve => {
if (!isFF) {return resolve()} // optional
try {
// extensions can block resources://
// FF ~5ms, TB ~20ms
setTimeout(() => resolve(), 100)
let css = document.createElement("link")
css.href = "resource://torbutton-assets/aboutTor.css"
css.type = "text/css"
css.rel = "stylesheet"
document.head.appendChild(css)
css.onload = function() {
isTB = true
return resolve()
}
css.onerror = function() {
return resolve()
}
document.head.removeChild(css)
} catch(e) {
return resolve()
}
})
// call the promise
enjoy
Installed it and set the browser spoof to blackberry, but when i visit https://www.whatsmybrowser.org
it clearly shows I am using Opera not blackberry
Is it possible to change the behavior of the randomize button, so it randomizes all values, instead of just user-agent?
I guess this is more convenient than just changing the user-agent without changing the location/profile.
Thank you
I suggest you remove it before anyone else gets access to it. Probably want to remove the commit history too.
First of all, thanks for this excellent extension. I'm using Vivaldi on Linux and everything works OK... except for this tiny one thing.
When I execute a script or a cli command like e.g. vivaldi-stable https://somewebpage.com
the URL is not loaded.
It's weird, because the browser does open a new tab, and the URL is shown in the navigation bar, but it's not loaded. Actually, if I click in the navigation bar (where the URL is shown) and just hit Enter
, the page starts to load normally.
Before I started to use Vytal, the scripts/cli commands worked as expected and URLs were loaded (and if I remove Vytal, everything goes back to normal).
Is there any way to fix this, or it's just a limitation because of how the extension works?
Thanks again.
I understand what the hash is but don't understand what the point of signing it is, any explanation would be great, thanks.
In the worker context navigator.userAgent still works.
When I put in my custom gent string on chrome I went to use the test website and it was set to my browser default except the extension said it was set to my custom string.
Request a new feature X-Forwarded-For
Update the Chrome Mall plug-in version
System: MacOS Monterey 12.4 (21F79)
Browser: Chrome version 103.0.5060.53 (Official Build) (x86_64)
For several days, some keyboard shortcuts didn't work for me anymore in Google Docs, such as Option+Left/Right Arrow. As I was disabling some extensions today, testing if it solved the problem, I was surprised to find that disabling Vytal fixed the issue. All my keyword shortcuts are back to working.
I would not have thought that Vytal would have any impact on Google Docs keyboard shortcuts, but apparently it does.
Notes:
Hi, is there something similar for Firefox?
Could 'User-Agent Switcher and Manager' be used for similar purposes for instance? I am reluctant to keep using Chromium-based browsers given Manifest V3 is coming soon.
Thanks team!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.