Skip to content

Change intercept js / inject cookies in webview#26

Merged
LukasOgunfeitimi merged 3 commits intomainfrom
lukas/change-js
Mar 11, 2026
Merged

Change intercept js / inject cookies in webview#26
LukasOgunfeitimi merged 3 commits intomainfrom
lukas/change-js

Conversation

@LukasOgunfeitimi
Copy link
Collaborator

@LukasOgunfeitimi LukasOgunfeitimi commented Feb 23, 2026

adds stealthiness to the intercepting js script which bypassed akamai's 400 responses for delta airlines

nerodesu017
nerodesu017 approved these changes Mar 4, 2026
View reviewed changes
src/objc/ModalWebViewController.mm
Comment on lines +42 to +52
" const nativeToString = Function.prototype.toString;\n"
" const nativeCallToString = Function.prototype.call.bind(nativeToString);\n"
" const wrappedFns = new WeakMap();\n"
" \n"
" Function.prototype.toString = function() {\n"
" if (wrappedFns.has(this)) {\n"
" return wrappedFns.get(this);\n"
" }\n"
" return nativeCallToString(this);\n"
" };\n"
" wrappedFns.set(Function.prototype.toString, 'function toString() { [native code] }');\n"
Copy link
Collaborator

@nerodesu017 nerodesu017 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hahaha, missed seeing this. Overriding the toString, good old times. Fun fact though function toString() { [native code] } is only for chromium based browsers, firefox and safari actually has function () {\n [native code]\n}. But I guess it's not an issue even though we are on WKWebView - so Safari - because they don't yet have that much data from users using WebView

Not really sure if it's worth for you changing it to the one with newlines, but again, you did say adding all of this code made stuff work for Delta when they use akamai, so I guess normal users would probably be detected more 😂 classic antibot behavior

src/objc/ModalWebViewController.mm
Comment on lines +108 to +113
" const automationProps = ['__webdriver_script_fn', '__driver_evaluate', '__webdriver_evaluate',\n"
" '__selenium_evaluate', '__fxdriver_evaluate', '__driver_unwrapped', '__webdriver_unwrapped',\n"
" '__selenium_unwrapped', '__fxdriver_unwrapped', '_Selenium_IDE_Recorder', '_selenium',\n"
" 'calledSelenium', '_WEBDRIVER_ELEM_CACHE', 'ChromeDriverw', 'driver-hierarchical',\n"
" '__nightmare', '__phantomas', '_phantom', 'phantom', 'callPhantom'];\n"
" automationProps.forEach(p => { try { Object.defineProperty(window, p, { get: () => undefined, configurable: true }); } catch(e) {} });\n"
Copy link
Collaborator

@nerodesu017 nerodesu017 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually interesting, any of these are present in WKWebView? Didn't know

src/objc/ModalWebViewController.mm
" const OriginalError = Error;\n"
" Error = function(...args) {\n"
" const err = new OriginalError(...args);\n"
" if (err.stack) err.stack = err.stack.replace(/\\n.*interceptedRequestHandler.*/g, '');\n"
Copy link
Collaborator

@nerodesu017 nerodesu017 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I knew DD and PX are pretty annoying with CDP error stacks, good catch :P

@LukasOgunfeitimi LukasOgunfeitimi changed the title Change intercept js Change intercept js / inject cookies in webview Mar 5, 2026
@LukasOgunfeitimi LukasOgunfeitimi merged commit 2802f2a into main Mar 11, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nerodesu017 nerodesu017 nerodesu017 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LukasOgunfeitimi @nerodesu017