vytal-io / vytal-extension Goto Github PK

Using vytal and its spooding everything except navigator.platform
i've attached a screenshot below of the settings used and the results from vytal scan.

everything else seems to check out and works as expected.
using Chrome 112.0.5615.137 (Official Build) (arm64)
with vytal extension version 2.1.10

No matter what I change on Tor I always get the same hash with the same signature, that someone else signed
Vytal even recognizes my IP change but doesn't update the hash

So I have an app written in Python Selenium that uses Chromedriver and I wanted to change User Agent.

But it does not work, please see video https://www.awesomescreenshot.com/video/21423933?key=ffc853c6b00786132c3ccf92cc69c048 and I am sure no further explanation is required.

I get error

Uncaught (in promise) Error: Debugger is not attached to the tab with id: 1502110130.

EDIT:

Forgot to mention that when I launched browser, I did set values using my code by going through chrome-extension://ncbknoohfjmcfneopnfkapmkblaenokb/popup.html URL.

driver.get('chrome-extension://ncbknoohfjmcfneopnfkapmkblaenokb/popup.html')
driver.find_elements(by=By.CSS_SELECTOR, value='#app-container button')[1].click()
driver.find_element(by=By.CSS_SELECTOR, value='.css-ad1gwk .css-osq56n div').click()
select = Select(driver.find_element(by=By.CSS_SELECTOR, value='#type'))
select.select_by_visible_text('Microsoft Edge (Chromium) - Windows')

Suggestions for Functional Improvements (Rule-based Location Config + More Spoofing Configurations)

@z0ccc

I hope the software can support rules similar to the "Clash Rule," enabling rule-based routing, such as:

# ---------------------
#  Configuration: Grouping of Location Settings
# ---------------------
location-config-groups: 

  - name: Location_And_TimeZone_Config_for_US
     timezone: America/New_York
     locale: en-US
     location_city: Washingon, USA
     location_gps: 38.9072, -77.0369
     system_os: Linux
     language: en-US
     webrtc: Disable

  - name: Location_And_TimeZone_Config_for_JP
     timezone: Asia/Tokyo
     locale: ja-JP
     location_city: Tokyo, Japan
     location_gps: 35.6895, 139.6917
     system_os: Linux
     language: ja-JP
     webrtc: Disable

  - name: Location_And_TimeZone_Config_for_Final
     timezone: Default
     locale: Default
     location_city: Default
     location_gps: Default
     system_os: Default
     language: Default
     webrtc: Default


# ---------------------
# Configuration: Rule-based Location Data 
# ---------------------
rule:
    - DOMAIN-SUFFIX , us  ,  Location_And_TimeZone_Config_for_US
    - DOMAIN-SUFFIX , jp  , Location_And_TimeZone_Config_for_JP

    - GeoIP  , us  ,  Location_And_TimeZone_Config_for_US
    - GeoIP  , jp  , Location_And_TimeZone_Config_for_JP

    - IP-CIDR   , 103.41.167.0/24  , Location_And_TimeZone_Config_for_US

   # external rules
    - RULE-SET , netflix_no_resolve  ,  Location_And_TimeZone_Config_for_US  

   # final rules
    - MATCH ,  Location_And_TimeZone_Config_for_Final


# ---------------------
# Configuration: Subscription Rule Sets
# ---------------------
rule-providers: 

  netflix_no_resolve: 
    type: http
    behavior: classical
    url: 'https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Netflix/Netflix_No_Resolve.yaml'
    path: ./ruleset/netflix_no_resolve.yaml
    interval: 86400

The reason for adding support for the above configurations is to bypass the VPN detection of websites. You can use the following link to see if the website can detect your VPN:
https:ipdog.io/

Especially when users use VPN based on the Clash proxy software, Clash will route according to the user's rules. However, Vytal currently has a single global configuration, which cannot meet the demand for automatic configuration modification during routing

This is a tutorial, not an issue. I'm not sure where to post this under the project.

You can disable the extension developer warning as stated in extension help by adding "--silent-debugger-extension-api" parameter to the shortcuts. The issue with this is that you have to add it to all shortcuts and If you have created an web app, the parameter won't work, because it resets each time you reboot. Also, this won't work if you have allowed chrome or edge to autorun after computer boots up, because the registry value resets after each reboot.
There is also another way to disable the warning, which works for all shortcuts, apps created through Chrome and Edge and even the initial auto startup.

You can disable it by adding the following key to registry:

Registry Hive | HKEY_LOCAL_MACHINE (for all users) or HKEY_CURRENT_USER (for current user)
Registry Path | Software\Policies\Google\Chrome\ExtensionInstallForcelist
Value Name | {number} (example: **1** or if there is already a key, type a number in incremental order)
Value | **ncbknoohfjmcfneopnfkapmkblaenokb**

In Edge Chromium you can do the same, just in the following registry path:

Registry Path | Software\Policies\Microsoft\Edge\ExtensionInstallForcelist

When vytal is used alongside the smartUp gestures extension, the gestures stop working.
However it only happens when i change my user agent to firefox. Chrome and brave user agents work fine. Although i haven't tested all os/browser combinations..

My os is Linux, with right mouse button used for gestures. When it happens i see the context menu instead of the gesture, the menu should be visible after a double click normally.

Pretty self explanatory.

I'm using latest version of Brave. I install app. I load up https://vytal.io , Initial Load Intl.DateTimeFormat().resolvedOptions().timeZone still detects the home timezone. This affects all of the other time related detections on the site as well.

Please add different useragent options for desktop and mobile mode.

This isn't really an issue with Vytal, more wanting to understand the limitations.

As part of a cyber Capture the Flag (CTF) problem there is a webpage where you need to appear to be from Kazakhstan

The entry webpage is https://metaproblems.com/713bceb86c049123ed8a436c14d6b014/geo-lock/
When you click on "Online broadcasting" if you have successfully 'pretended' to be from Kazakhstan then you see a video snippet. Otherwise you see "This content is not available in your country"

I used a custom profile to appear to visit from Kazakhstan.

Timezone: Asia/Almaty
Locale: kk-KZ
Latitude: 43.277500
Longitude: 76.895833
User Agent: Left as default

I got the message "This content is not available in your country". I made sure the site permissions have Location set to allow.

I assume there are other settings I need to change in my browser or another extension or some combination.

What about that ?

This problem is seen on latest ungoogled chromium on windows and kiwi browser on android.

For example, you can test the following website:

https://forum.xda-developers.com/

Please add option to exclude some domains or IPs.
I want to exclude local and private IPs.

If I set the profile to Custom I am able to set Timezone, Latitude, Longitude and User Agent. However, if I try to set the Locale I can type in the new locale. However, when I check:

a) The Locale has reverted back to whatever was in there previously
b) The Timezone is set to what I tried to set Locale to

An example: I set profile to New York
Timezone: America/New_York
Locale: en-US

I select Custom profile. I set locale to en-GB and close the tab.
I then check and see:
Timezone: en-GB
Locale: en-US

On opening every page the yellow strip covers top of the screen, does not go away.
Please add an option to either completely disable it or make it go away in 1-2 sec. Otherwise I have to click cancel button on each page I open and closing the bar with a click does not always work instantaneously.

Even after the User-Agent string is changed, the Client-Hints reveal the real browser, mobile/not, platform, platform version, architecture, etc. more details here -> https://browserleaks.com/client-hints

Some details from docs -> https://developer.chrome.com/docs/privacy-sandbox/user-agent/

Some observations -> It can't be entirely disabled because some sites ends up in a endless loop unless these match with the User-Agent header.

So you might need a dataset for the brands.

I am not sure if thats possible through debugger api.

Is there any way to make it so that when the extension loads the default option is match timezone by IP? Or can you tell me how to edit it so it stays like that? Every time I install it, I have to manually go to the option and load the setting of match timezone by IP, no way to do it automatically as default?

Thanks.

Doesn't work the "Match IP address" with Nord VPN while it's connected. I hope the problem will be solved soon. Thank you very much for the app and your attention. Greetings.

When I select Hong Kong for example, and my physical location is in Los Angeles, TOP WINDOW and INITIAL LOAD remain unchanged and show Los Angeles. Only FRAME and WEB WORKER show Hong Kong.

Current Behavior:

Loading webpages with seleniums driver.get methodnot triggering extension execution

Requested Behavior:

driver.get ttriggers start of vytal the same way that entering a url in search bar does.

Steps To Reproduce:

1. Load preconfigured chrome profile with vytal extension/settings into webdriver instance
2. Navigate to "chrome://new-tab-page" using driver.get()
3. sleep
4. navigate to target URL using driver.get()
5. at this point we will notice that the vytal banner does not show, like it would if entering a url manually

Thank you so much for releasing this extension! Exactly what I've needed

Hello dear developer, is there any possible that we could have Firefox supported? Thank you very much!

There isn't any sort of license on this project, is it fully copyright of you, is it under MIT (or any other) license?

if it's possible to remove non-IP matching or non-location (depends on what you've chosen in the extension) matching data from javascript navigator.languages would be cool

Although I'm not sure whether this is an issue or not,

Option to limit or remove the "started debugging this browser" notifications would be nice, becomes quite annoying and distracting when viewing webpages.

I noticed the language locale is not changed at the level of the HTTP request.

Is it not possible to do using a browser extension?

Hey there :)

I didn't look at the code, but I assume you are picking up on some privacy.resistFingerprinting (RFP) attributes: such as timezone is UTC0, inner window is 100's height x 200's width, etc. These are problematic - users can manipulate timezone via extensions for example, even if Tor Project do not recommend it, and window sizes and even letterboxing have edge case bugs and users could maximize or manually resize without letterboxing. But the biggest problem is RFP is maintained upstream at Mozilla, and thus available in Firefox

There's also a very simple way to detect is RFP is on. Tor Browser is not trying to hide it's Tor Browser, and RFP is not trying to hide itself either. If you want that snippet, ask :)

To detect Tor Browser, client side JS only, 100% reliably with zero false positives ...

isFF

personally I use a mix of some things in here to catch extra entropy with extension lies, but you can get away with a single wrapped error check (chromium and webkit produce different error messages, depending on the error of course)

• technically it's not isFF but more like isGecko, but that's not how I'm using in it my own code :)

var isFF = false
const newFn = x => typeof x != 'string' ? x : new Function(x)()
try {
	newFn("alert('A)")
} catch(e) {
	if e.name + e.message == "TypeErrorcyclic object value") {isFF = true}
}

isTB

var isTB = false
const set_isTB = () => new Promise(resolve => {
	if (!isFF) {return resolve()} // optional
	try {
		// extensions can block resources://
			// FF ~5ms, TB ~20ms
		setTimeout(() => resolve(), 100)
		let css = document.createElement("link")
		css.href = "resource://torbutton-assets/aboutTor.css"
		css.type = "text/css"
		css.rel = "stylesheet"
		document.head.appendChild(css)
		css.onload = function() {
			isTB = true
			return resolve()
		}
		css.onerror = function() {
			return resolve()
		}
		document.head.removeChild(css)
	} catch(e) {
		return resolve()
	}
})
// call the promise

enjoy

Installed it and set the browser spoof to blackberry, but when i visit https://www.whatsmybrowser.org
it clearly shows I am using Opera not blackberry

Is it possible to change the behavior of the randomize button, so it randomizes all values, instead of just user-agent?
I guess this is more convenient than just changing the user-agent without changing the location/profile.
Thank you

I suggest you remove it before anyone else gets access to it. Probably want to remove the commit history too.

First of all, thanks for this excellent extension. I'm using Vivaldi on Linux and everything works OK... except for this tiny one thing.

When I execute a script or a cli command like e.g. vivaldi-stable https://somewebpage.com the URL is not loaded.

It's weird, because the browser does open a new tab, and the URL is shown in the navigation bar, but it's not loaded. Actually, if I click in the navigation bar (where the URL is shown) and just hit Enter, the page starts to load normally.

Before I started to use Vytal, the scripts/cli commands worked as expected and URLs were loaded (and if I remove Vytal, everything goes back to normal).

Is there any way to fix this, or it's just a limitation because of how the extension works?

Thanks again.

I understand what the hash is but don't understand what the point of signing it is, any explanation would be great, thanks.

In the worker context navigator.userAgent still works.

When I put in my custom gent string on chrome I went to use the test website and it was set to my browser default except the extension said it was set to my custom string.

To re-enable it, accept the new permissions:

• Detect your physical location

Vytal stopped working unless I give it permission for location detection, can someone explain this to me? Thank you

Request a new feature X-Forwarded-For
Update the Chrome Mall plug-in version

Hello. Please tell me how to disable constant notifications of debugging a browser in Google chrome. It appeared after the installation of your expansion, before with other extensions this was not.

System: MacOS Monterey 12.4 (21F79)
Browser: Chrome version 103.0.5060.53 (Official Build) (x86_64)

For several days, some keyboard shortcuts didn't work for me anymore in Google Docs, such as Option+Left/Right Arrow. As I was disabling some extensions today, testing if it solved the problem, I was surprised to find that disabling Vytal fixed the issue. All my keyword shortcuts are back to working.

I would not have thought that Vytal would have any impact on Google Docs keyboard shortcuts, but apparently it does.

Notes:

• Some keyboard shortcuts still worked, such as Ctrl+Left/Right Arrow, while others like Option+Left/Right Arrow didn't.
• The 'defective' shortcuts on GDoc were still working on other websites. I've only experienced it on GDoc.

Hi, is there something similar for Firefox?

Could 'User-Agent Switcher and Manager' be used for similar purposes for instance? I am reluctant to keep using Chromium-based browsers given Manifest V3 is coming soon.

Thanks team!