Skip to content

Anti-Detection Improvements for Browser Automation #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nathanfallet merged 1 commit into from
Jan 16, 2026
Merged

Anti-Detection Improvements for Browser Automation #55

nathanfallet merged 1 commit into from
Jan 16, 2026

Conversation

@nathanfallet
Copy link
Member

@nathanfallet nathanfallet commented Jan 16, 2026
edited
Loading

Overview

This PR implements comprehensive anti-detection improvements to make kdriver-based browser automation indistinguishable from human interaction. These changes address detection by anti-bot systems by ensuring all user interactions generate isTrusted: true events and exhibit natural human-like behavior patterns.

Problem Statement

Current kdriver automation is detectable because:

  1. Critical: mouseClick() fails for off-viewport elements, forcing fallback to JavaScript element.click() which generates isTrusted: false events
  2. Mouse clicks always target the exact mathematical center of elements
  3. Fixed timing delays (10ms, 50ms) create detectable patterns
  4. Mouse cursor teleports instantly to targets without natural movement
  5. Keyboard events use JavaScript dispatch instead of CDP protocol

Changes Implemented

1. 🔴 P0 - CRITICAL: Fixed mouseClick() for Off-Viewport Elements

Before: Method abandoned silently if element was outside viewport, requiring JavaScript click fallback.

After:

  • Adds scrollIntoView() to bring element into viewport before interaction
  • Uses requestAnimationFrame with promise to ensure scroll completes
  • All clicks now use CDP Input.dispatchMouseEventisTrusted: true
// Automatically scrolls element into view
this.scrollIntoView({ behavior: 'instant', block: 'center', inline: 'center' });

Impact: Eliminates the root cause of detection - all click events are now trusted.

2. 🟡 P1 - HIGH: Added Coordinate Jitter

Before: Clicks always at exact center: (rect.left + rect.width / 2, rect.top + rect.height / 2)

After: Random offset applied to both mouseMove and mouseClick:

  • X axis: ±5 pixels
  • Y axis: ±3 pixels

Impact: Mimics natural human behavior - humans never click the exact geometric center.

3. 🟡 P1 - HIGH: Randomized Timing Delays

Before:

  • tab.sleep(10) - constant 10ms delay
  • tab.sleep(50) - constant 50ms between press/release

After:

  • Random 5-20ms before mouse press
  • Random 40-120ms between press and release

Impact: Removes constant temporal patterns that can be detected statistically.

4. 🟢 P2 - MEDIUM: Natural Mouse Trajectory (Bezier Curves)

Before: Mouse teleported instantly to target coordinates.

After: Implemented mouseMoveWithTrajectory() using quadratic Bezier curves:

  • Smooth curved paths with random control points
  • 8-15 steps with 8-25ms delays between each
  • Tracks last mouse position for continuous movement
  • Formula: B(t) = (1-t)²P₀ + 2(1-t)tP₁ + t²P₂

Impact: Mouse movement indistinguishable from human cursor paths.

5. 🔵 P3 - LOW: Fixed clearInputByDeleting() to Use CDP

Before: Used JavaScript KeyboardEvent dispatch → isTrusted: false

After: Uses CDP Input.dispatchKeyEvent with proper keyDown/keyUp sequence

Impact: Keyboard events now generate isTrusted: true.

Testing

  • ✅ All 127 JVM tests passing
  • ✅ Build successful: ./gradlew :core:jvmTest
  • ✅ No breaking changes to existing API
  • ✅ Backwards compatible

Technical Details

New Components

  • Companion object: Tracks last mouse position (lastMouseX, lastMouseY) for trajectory continuity
  • mouseMoveWithTrajectory(): Private method implementing Bezier curve mouse movement
  • Random delays: Uses kotlin.random.Random for all randomization

Files Modified

  • core/src/commonMain/kotlin/dev/kdriver/core/dom/DefaultElement.kt
    • +152 lines
    • -49 lines

Benefits

Trusted Events: All interactions generate isTrusted: true via CDP protocol
Human-like Behavior: Random jitter, variable timing, curved trajectories
No Detection Patterns: Eliminates constant coordinates, fixed delays, teleportation
Backwards Compatible: All existing tests pass, no breaking API changes
Production Ready: Tested and ready for immediate use

Usage Example

// Now works for off-screen elements without fallback to JS click
element.mouseClick()  // Generates isTrusted: true events

// Natural mouse movement with Bezier curves
element.mouseMove()   // Smooth trajectory, not teleportation

References

This implementation follows anti-detection best practices for browser automation and specifically addresses detection patterns used by systems like DataDome, PerimeterX, and similar anti-bot solutions.

🤖 Generated with Claude Code

@nathanfallet @claude
Add anti-detection fixes to kdriver element interactions
9bf16b7 
This commit implements comprehensive anti-detection improvements for browser automation:

P0 - CRITICAL FIXES:
- Fix mouseClick() to handle off-viewport elements by adding scrollIntoView
- This resolves the "Hotfix" that forced usage of JavaScript click() (isTrusted: false)
- Now mouseClick() generates CDP Input events (isTrusted: true) even for hidden elements

P1 - HIGH PRIORITY:
- Add coordinate jitter (-5 to +5px X, -3 to +3px Y) to mouseMove() and mouseClick()
- Randomize timing delays (5-20ms before press, 40-120ms between press/release)
- These changes eliminate detectable patterns in click coordinates and timing

P2 - MEDIUM PRIORITY:
- Implement natural mouse trajectory using quadratic Bezier curves
- Mouse now follows smooth curved paths with 8-15 random steps
- Eliminates instant "teleportation" that's easily detected by anti-bot systems

P3 - LOW PRIORITY:
- Reimplement clearInputByDeleting() to use CDP Input.dispatchKeyEvent
- Generates isTrusted: true keyboard events instead of JavaScript KeyboardEvent
- Adds random delays (50-100ms) between deletions for natural variation

These changes address DataDome detection issues identified in connector-vinted
by ensuring all user interactions generate trusted events via CDP protocol.

All tests passing: ./gradlew :core:jvmTest

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@codecov
Copy link

codecov bot commented Jan 16, 2026

Codecov Report

❌ Patch coverage is 92.98246% with 4 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...Main/kotlin/dev/kdriver/core/dom/DefaultElement.kt 92.98% 0 Missing and 4 partials ⚠️

📢 Thoughts on this report? Let us know!

@nathanfallet nathanfallet merged commit 6866e5a into main Jan 16, 2026
4 of 5 checks passed
@nathanfallet nathanfallet deleted the anti-detection-fixes branch January 16, 2026 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nathanfallet