profile-website-bot-detection

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Profile Website for Bot Detection Vendors

分析网站的机器人检测供应商

Analyzes a target website to identify bot detection vendors, their specific products, and challenge types. Supports comparative analysis between stealth and non-stealth browser modes.

分析目标网站以识别机器人检测供应商、其具体产品及验证挑战类型。支持隐身与非隐身浏览器模式的对比分析。

Prerequisites

前置条件

Kernel CLI installed and authenticated
Node.js 22+ installed
```
jq
```
installed (
```
brew install jq
```
or
```
apt install jq
```
)
```
KERNEL_API_KEY
```
environment variable set. If it is not set, prompt the user to supply.

已安装并认证Kernel CLI
已安装Node.js 22+
已安装
```
jq
```
（可通过
```
brew install jq
```
或
```
apt install jq
```
安装）
已设置
```
KERNEL_API_KEY
```
环境变量。若未设置，请提示用户提供。

Comparative Workflow (Recommended)

对比分析流程（推荐）

Compare bot detection behavior between stealth and non-stealth browsers to evaluate stealth effectiveness.

对比隐身与非隐身浏览器的机器人检测行为，评估隐身模式的有效性。

Step 1: Create Both Browser Types

步骤1：创建两种类型的浏览器

bash

undefined

bash

undefined

Create stealth browser (with -s flag)

创建隐身浏览器（使用-s参数）

kernel browsers create -s --viewport 1920x1080@25 -t 300

Save session_id as STEALTH_ID

将session_id保存为STEALTH_ID

Create non-stealth headful browser (no -s flag)

创建非隐身有头浏览器（不使用-s参数）

kernel browsers create --viewport 1920x1080@25 -t 300

Save session_id as NORMAL_ID

将session_id保存为NORMAL_ID

undefined

undefined

Step 2: Run Analysis on Both Browsers

步骤2：在两种浏览器上运行分析

bash

cd scripts
npm install  # first run only

bash

cd scripts
npm install  # 首次运行时执行

Test with stealth browser

使用隐身浏览器测试

KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$STEALTH_ID TARGET_URL=<url> BROWSER_MODE=stealth npm run analyze

Test with non-stealth browser

使用非隐身浏览器测试

KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$NORMAL_ID TARGET_URL=<url> BROWSER_MODE=normal npm run analyze

undefined

KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$NORMAL_ID TARGET_URL=<url> BROWSER_MODE=normal npm run analyze

undefined

Step 3: Compare Results

步骤3：对比结果

Compare the vendor detections and blocking behavior:

bash

undefined

对比供应商检测结果和拦截行为：

bash

undefined

Set the hostname folder (e.g., chase-com for chase.com)

设置主机名文件夹（例如，chase.com对应chase-com）

HOST=chase-com

Quick verdict comparison

快速对比判定结果

echo "=== STEALTH VERDICT ===" && cat output/$HOST/stealth/report-.json | jq '.summary.verdict' echo "=== NORMAL VERDICT ===" && cat output/$HOST/normal/report-.json | jq '.summary.verdict'

echo "=== 隐身模式判定结果 ===" && cat output/$HOST/stealth/report-.json | jq '.summary.verdict' echo "=== 常规模式判定结果 ===" && cat output/$HOST/normal/report-.json | jq '.summary.verdict'

Compare block status

对比拦截状态

echo "=== STEALTH BLOCKED ===" && cat output/$HOST/stealth/report-.json | jq '.summary | {isBlocked, blockedPages, blockedVendors}' echo "=== NORMAL BLOCKED ===" && cat output/$HOST/normal/report-.json | jq '.summary | {isBlocked, blockedPages, blockedVendors}'

echo "=== 隐身模式拦截情况 ===" && cat output/$HOST/stealth/report-.json | jq '.summary | {isBlocked, blockedPages, blockedVendors}' echo "=== 常规模式拦截情况 ===" && cat output/$HOST/normal/report-.json | jq '.summary | {isBlocked, blockedPages, blockedVendors}'

Compare detected vendors

对比检测到的供应商

echo "=== STEALTH VENDORS ===" && cat output/$HOST/stealth/report-.json | jq '.summary.vendorNames' echo "=== NORMAL VENDORS ===" && cat output/$HOST/normal/report-.json | jq '.summary.vendorNames'

undefined

echo "=== 隐身模式检测到的供应商 ===" && cat output/$HOST/stealth/report-.json | jq '.summary.vendorNames' echo "=== 常规模式检测到的供应商 ===" && cat output/$HOST/normal/report-.json | jq '.summary.vendorNames'

undefined

Step 4: Interpret Comparison

步骤4：解读对比结果

Scenario	Stealth	Normal	Meaning
No vendors detected	0	0	Site has no bot detection
Same vendors, no blocks	N	N	Bot detection present, both pass
Normal blocked, stealth passes	0 blocks	Blocked	Stealth mode is effective
Both blocked	Blocked	Blocked	Bot detection defeats stealth
Different challenge types	Lighter	Harder	Stealth reduces suspicion

场景	隐身模式	常规模式	含义
未检测到任何供应商	0	0	网站未部署机器人检测机制
检测到相同供应商，无拦截	无拦截	无拦截	存在机器人检测机制，两种模式均通过验证
常规模式被拦截，隐身模式通过	0次拦截	被拦截	隐身模式有效
两种模式均被拦截	被拦截	被拦截	机器人检测机制破解了隐身模式
验证挑战类型不同	更轻度	更严苛	隐身模式降低了系统的怀疑程度

Step 5: Provide Summary

步骤5：生成总结报告

After running the comparative analysis, provide a detailed summary report to the user that includes:

Summary Report Template:

undefined

完成对比分析后，向用户提供详细的总结报告，内容包括：

总结报告模板：

undefined

Bot Detection Comparative Analysis: [TARGET_URL]

机器人检测对比分析报告: [TARGET_URL]

Verdict

判定结果

Stealth Browser: [verdict from summary.verdict]
Normal Browser: [verdict from summary.verdict]
Stealth Effectiveness: [Effective/Ineffective/Inconclusive]

隐身浏览器: [来自summary.verdict的判定结果]
常规浏览器: [来自summary.verdict的判定结果]
隐身模式有效性: [有效/无效/不确定]

Block Status

拦截状态

Browser	Blocked	Block Type	Evidence
Stealth	[Yes/No]	[blockType or N/A]	[first evidence item]
Normal	[Yes/No]	[blockType or N/A]	[first evidence item]

浏览器	是否被拦截	拦截类型	证据
隐身模式	[是/否]	[blockType或无]	[首个证据项]
常规模式	[是/否]	[blockType或无]	[首个证据项]

Detected Vendors

检测到的供应商

Vendor	Stealth	Normal	Products
[vendor]	✓/✗	✓/✗	[product list]

供应商	隐身模式	常规模式	产品
[供应商名称]	✓/✗	✓/✗	[产品列表]

Analysis

分析

[Explain what the results mean]
[Note any differences between stealth and normal]
[Recommend next steps if blocked]

[解释结果的含义]
[说明隐身模式与常规模式的差异]
[若被拦截，建议后续操作]

Key Findings

关键发现

[Finding 1]
[Finding 2]
[Finding 3]


Use the JSON reports to populate this template:
- `summary.verdict` - The final verdict string
- `summary.isBlocked` - Whether the browser was blocked
- `summary.blockedPages` - Details about blocked pages
- `summary.vendorNames` - List of detected vendors
- `vendorDetections` - Detailed vendor/product information

[发现1]
[发现2]
[发现3]


使用JSON报告填充模板：
- `summary.verdict` - 人类可读的最终判定结果字符串
- `summary.isBlocked` - 布尔值，表示浏览器是否被拦截
- `summary.blockedPages` - 被拦截页面的详细信息
- `summary.vendorNames` - 检测到的供应商名称列表
- `vendorDetections` - 供应商/产品的详细信息

Step 6: Cleanup

步骤6：清理资源

bash

kernel browsers delete -y $STEALTH_ID
kernel browsers delete -y $NORMAL_ID

bash

kernel browsers delete -y $STEALTH_ID
kernel browsers delete -y $NORMAL_ID

Interpreting Results

结果解读

The analysis detects vendors and their specific products:

Vendor	Products Detected
Akamai	Bot Manager, Bot Manager Premier, mPulse RUM, Sensor Script, Edge DNS
Cloudflare	Bot Management, Turnstile, Challenge Platform, JS Challenge, Managed Challenge
DataDome	Interstitial Challenge, Slider Challenge, Device Check, Picasso Fingerprint
HUMAN/PerimeterX	Bot Defender, Sensor SDK, Press & Hold Challenge
Imperva/Incapsula	Advanced Bot Protection (utmvc), Advanced Bot Protection (reese84), WAF
Kasada	IPS (Initial Page Security), FP (Fingerprint Endpoint), Telemetry, POW Challenge
Google	reCAPTCHA v2, reCAPTCHA v3, reCAPTCHA Enterprise
hCaptcha	Widget, Enterprise
FingerprintJS	Fingerprint Pro, BotD
Arkose Labs	FunCaptcha

Detection methods:

URL pattern matching for vendor scripts and endpoints
Cookie analysis (e.g.,
```
_abck
```
,
```
__cf_bm
```
,
```
datadome
```
,
```
_px*
```
)
Header detection (e.g.,
```
cf-ray
```
,
```
x-kpsdk-*
```
,
```
x-d-token
```
)
Challenge detection from response status codes

Vendor-specific checks:

DataDome: Hard IP block detection (
```
dd.t === 'bv'
```
)
Akamai: Cookie validity check (
```
~0~
```
indicator)
Kasada: Flow type detection (IPS vs FP)

分析会检测供应商及其具体产品：

供应商	检测到的产品
Akamai	Bot Manager, Bot Manager Premier, mPulse RUM, Sensor Script, Edge DNS
Cloudflare	Bot Management, Turnstile, Challenge Platform, JS Challenge, Managed Challenge
DataDome	Interstitial Challenge, Slider Challenge, Device Check, Picasso Fingerprint
HUMAN/PerimeterX	Bot Defender, Sensor SDK, Press & Hold Challenge
Imperva/Incapsula	Advanced Bot Protection (utmvc), Advanced Bot Protection (reese84), WAF
Kasada	IPS (Initial Page Security), FP (Fingerprint Endpoint), Telemetry, POW Challenge
Google	reCAPTCHA v2, reCAPTCHA v3, reCAPTCHA Enterprise
hCaptcha	Widget, Enterprise
FingerprintJS	Fingerprint Pro, BotD
Arkose Labs	FunCaptcha

检测方法：

针对供应商脚本和端点的URL模式匹配
Cookie分析（例如
```
_abck
```
、
```
__cf_bm
```
、
```
datadome
```
、
```
_px*
```
）
请求头检测（例如
```
cf-ray
```
、
```
x-kpsdk-*
```
、
```
x-d-token
```
）
通过响应状态码检测验证挑战

供应商专属检测逻辑：

DataDome: 硬IP拦截检测（
```
dd.t === 'bv'
```
）
Akamai: Cookie有效性检查（
```
~0~
```
标识）
Kasada: 流程类型检测（IPS vs FP）

Pages Analyzed

分析的页面

The script automatically analyzes:

Homepage - Initial page load and bot detection scripts
Login page - Automatically discovered via link detection or common paths (
```
/login
```
,
```
/signin
```
, etc.)

脚本会自动分析以下页面：

首页 - 初始页面加载及机器人检测脚本
登录页 - 通过链接检测或常见路径（
```
/login
```
、
```
/signin
```
等）自动发现

由于需要防范凭据填充攻击，登录页通常部署更严格的机器人检测机制。

Output Files

输出文件

Results are organized by target hostname in

scripts/output/<hostname>/<mode>/

```
report-<timestamp>.json
```
- Full JSON report with vendor detections
```
screenshot-homepage-<timestamp>.png
```
- Homepage screenshot
```
screenshot-login-<timestamp>.png
```
- Login page screenshot (if found)

Example structure for comparative test on chase.com:

output/chase-com/
├── stealth/
│   ├── report-*.json
│   ├── screenshot-homepage-*.png
│   └── screenshot-login-*.png
└── normal/
    ├── report-*.json
    ├── screenshot-homepage-*.png
    └── screenshot-login-*.png

The JSON report includes:

```
summary
```
: Quick access to verdict, block status, and vendor names
- ```
verdict
```
  : Human-readable result (e.g., "BLOCKED - homepage (Error Page)")
- ```
isBlocked
```
  : Boolean - true if any page was blocked
- ```
vendorNames
```
  : Array of detected vendor names
- ```
blockedPages
```
  : Details of blocked pages with evidence
```
vendorDetections
```
: Map of detected vendors with products, URLs, cookies, headers
```
blockDetections
```
: Detailed block analysis for each page
```
vendorScriptsDetected
```
: URLs of detected vendor scripts (not saved to disk)
```
networkRequests/networkResponses
```
: All requests with vendor matching
```
cookies
```
: All cookies with vendor attribution

结果按目标主机名组织在

scripts/output/<hostname>/<mode>/

目录下：

```
report-<timestamp>.json
```
- 包含供应商检测结果的完整JSON报告
```
screenshot-homepage-<timestamp>.png
```
- 首页截图
```
screenshot-login-<timestamp>.png
```
- 登录页截图（若找到）

以chase.com的对比测试为例，目录结构如下：

output/chase-com/
├── stealth/
│   ├── report-*.json
│   ├── screenshot-homepage-*.png
│   └── screenshot-login-*.png
└── normal/
    ├── report-*.json
    ├── screenshot-homepage-*.png
    └── screenshot-login-*.png

JSON报告包含以下内容：

```
summary
```
: 快速查看判定结果、拦截状态和供应商名称
- ```
verdict
```
  : 人类可读的结果（例如"BLOCKED - homepage (Error Page)"）
- ```
isBlocked
```
  : 布尔值 - 若任何页面被拦截则为true
- ```
vendorNames
```
  : 检测到的供应商名称数组
- ```
blockedPages
```
  : 被拦截页面的详细信息及证据
```
vendorDetections
```
: 检测到的供应商映射，包含产品、URL、Cookie、请求头信息
```
blockDetections
```
: 每个页面的详细拦截分析
```
vendorScriptsDetected
```
: 检测到的供应商脚本URL（不保存到磁盘）
```
networkRequests/networkResponses
```
: 所有与供应商匹配的网络请求
```
cookies
```
: 所有带有供应商标记的Cookie

Example: Comparative Session

示例：对比分析会话

bash

undefined

bash

undefined

Create both browsers

创建两种浏览器

STEALTH_ID=$(kernel browsers create -s --viewport 1920x1080@25 -t 300 -o json | jq -r '.session_id') NORMAL_ID=$(kernel browsers create --viewport 1920x1080@25 -t 300 -o json | jq -r '.session_id')

echo "Stealth: $STEALTH_ID" echo "Normal: $NORMAL_ID"

STEALTH_ID=$(kernel browsers create -s --viewport 1920x1080@25 -t 300 -o json | jq -r '.session_id') NORMAL_ID=$(kernel browsers create --viewport 1920x1080@25 -t 300 -o json | jq -r '.session_id')

echo "隐身模式会话ID: $STEALTH_ID" echo "常规模式会话ID: $NORMAL_ID"

Run analysis on both

在两种浏览器上运行分析

cd scripts KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$STEALTH_ID TARGET_URL=chase.com BROWSER_MODE=stealth npm run analyze KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$NORMAL_ID TARGET_URL=chase.com BROWSER_MODE=normal npm run analyze

Output structure:

输出结构:

./output/chase-com/stealth/report-*.json

./output/chase-com/stealth/screenshot-*.png

./output/chase-com/normal/report-*.json

./output/chase-com/normal/screenshot-*.png

Quick comparison - check verdicts

快速对比 - 查看判定结果

echo "--- Stealth verdict ---" cat output/chase-com/stealth/report-*.json | jq '.summary.verdict'

echo "--- Normal verdict ---" cat output/chase-com/normal/report-*.json | jq '.summary.verdict'

echo "--- 隐身模式判定结果 ---" cat output/chase-com/stealth/report-*.json | jq '.summary.verdict'

echo "--- 常规模式判定结果 ---" cat output/chase-com/normal/report-*.json | jq '.summary.verdict'

Detailed vendor comparison

详细对比供应商

echo "--- Stealth vendors ---" cat output/chase-com/stealth/report-*.json | jq '.summary.vendorNames'

echo "--- Normal vendors ---" cat output/chase-com/normal/report-*.json | jq '.summary.vendorNames'

echo "--- 隐身模式检测到的供应商 ---" cat output/chase-com/stealth/report-*.json | jq '.summary.vendorNames'

echo "--- 常规模式检测到的供应商 ---" cat output/chase-com/normal/report-*.json | jq '.summary.vendorNames'

Cleanup

清理资源

kernel browsers delete -y $STEALTH_ID kernel browsers delete -y $NORMAL_ID

undefined

kernel browsers delete -y $STEALTH_ID kernel browsers delete -y $NORMAL_ID

undefined

Vendor-Specific Detection Notes

供应商专属检测说明

Akamai

Cookies:
```
_abck
```
(core validation),
```
bm_sz
```
,
```
bm_sv
```
Cookie
```
~0~
```
in
```
_abck
```
value = valid session

Cookie:
```
_abck
```
（核心验证）、
```
bm_sz
```
、
```
bm_sv
```
```
_abck
```
值中的
```
~0~
```
标识 = 会话有效

Cloudflare

Cookies:
```
__cf_bm
```
,
```
cf_clearance
```
Challenge:
```
/cdn-cgi/challenge-platform/
```
Turnstile:
```
challenges.cloudflare.com/turnstile
```

Cookie:
```
__cf_bm
```
、
```
cf_clearance
```
验证挑战:
```
/cdn-cgi/challenge-platform/
```
Turnstile:
```
challenges.cloudflare.com/turnstile
```

DataDome

Cookie:
```
datadome
```
```
dd.t === 'bv'
```
= hard IP block (changing IP required, solving captcha won't help)

Cookie:
```
datadome
```
```
dd.t === 'bv'
```
= 硬IP拦截（需更换IP，解决验证码无效）

HUMAN/PerimeterX

Cookies:
```
_px2
```
,
```
_px3
```
,
```
_pxhd
```
Press & Hold challenge requires behavioral simulation

Cookie:
```
_px2
```
、
```
_px3
```
、
```
_pxhd
```
Press & Hold验证挑战需要行为模拟

Imperva/Incapsula

utmvc: Script via
```
/_Incapsula_Resource
```
reese84: Cookie or
```
x-d-token
```
header

utmvc: 通过
```
/_Incapsula_Resource
```
加载的脚本
reese84: Cookie或
```
x-d-token
```
请求头

Kasada

Headers:
```
x-kpsdk-ct
```
,
```
x-kpsdk-cd
```
Flow 1 (IPS): 429 on initial page load, must solve
```
ips.js
```
first
Flow 2 (FP): Background
```
/fp
```
fingerprint requests

请求头:
```
x-kpsdk-ct
```
、
```
x-kpsdk-cd
```
流程1（IPS）: 初始页面加载返回429，需先解决
```
ips.js
```
验证
流程2（FP）: 后台
```
/fp
```
指纹采集请求