Fabien Vauchelles

Cracking the Code: Decoding Anti-Bot Systems!

How do anti-bot systems use your GPU rendering and browser plugins to decide if you're human? This talk shows how to reverse-engineer their logic.

Cracking the Code: Decoding Anti-Bot Systems!
#1about 5 minutes

The fundamental challenge of web scraping as a turing test

Web scraping is fundamentally a Turing test where automated scripts must mimic natural human behavior to avoid detection by anti-bot systems.

#2about 10 minutes

How anti-bot systems analyze the browser stack for signals

Anti-bot systems analyze signals from the entire browser stack, including IP address, TCP/TLS/HTTP2 fingerprints, JavaScript execution, and user navigation patterns.

#3about 2 minutes

Exploiting the business need to minimize false positives

The necessity for websites to avoid blocking real customers (false positives) forces anti-bot systems to focus on a limited set of the most effective signals.

#4about 5 minutes

Tools and techniques to identify anti-bot systems

Use tools like Wappalyzer, browser dev tools, and proxy interceptors to identify the specific anti-bot protection and analyze its architecture and encrypted payloads.

#5about 7 minutes

A step-by-step methodology for building robust scrapers

Follow an incremental approach to bypass protections, starting with basic scraper tuning and progressively adding proxies, headless browsers, and unblocker APIs.

#6about 4 minutes

Designing a scalable architecture for data collection

Build a scalable scraping infrastructure using a central data store, an orchestrator, a proxy management layer, and a farm of diverse browsers.

#7about 7 minutes

Decoding common javascript obfuscation techniques

Anti-bot systems use JavaScript obfuscation techniques like string concealing, code flow confusion, and control flow flattening to make their code unreadable.

#8about 3 minutes

Identifying the five key signal types after deobfuscation

After deobfuscating the code, identify the five main types of signals collected: configuration details, automation flags, rendering fingerprints, reverse engineering checks, and integrity controls.

#9about 1 minute

The next frontier in anti-bot is javascript virtual machines

The next evolution in anti-bot technology involves JavaScript virtual machines that execute proprietary, undocumented bytecode, making reverse engineering significantly more difficult.

#10about 14 minutes

Answering questions on scraping legality, VPNs, and rate limits

The Q&A session addresses common questions about the legality of web scraping, the effectiveness of VPNs, managing rate limits, and the cat-and-mouse game with anti-bot providers.

Related jobs
Jobs that call for the skills explored in this talk.

job ad

Saby Company
Delebio, Italy

Intermediate

d

Saby Company
Delebio, Italy

Junior

Matching moments

Navigating the complexities of modern web scraping
04:01 MIN

Navigating the complexities of modern web scraping

How to scrape modern websites to feed AI agents

Overcoming blocking techniques and messy HTML
11:08 MIN

Overcoming blocking techniques and messy HTML

Scrape, Train, Predict: The Lifecycle of Data for AI Applications

Presenting live web scraping demos at a developer conference
17:41 MIN

Presenting live web scraping demos at a developer conference

Tech with Tim at WeAreDevelopers World Congress 2024

Defending systems with honeypots and tarpits
49:19 MIN

Defending systems with honeypots and tarpits

Honeypots and Tarpits, Benefits of Building your own Tools and more with Salma Alam-Naylor

How to defend against AI-powered attacks
24:42 MIN

How to defend against AI-powered attacks

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Solving scaling challenges in web data collection
19:38 MIN

Solving scaling challenges in web data collection

Tech with Tim at WeAreDevelopers World Congress 2024

The evolving cybersecurity landscape with AI
12:04 MIN

The evolving cybersecurity landscape with AI

Fireside Chat with Cloudflare's Chief Strategy Officer, Stephanie Cohen (with Mike Butcher MBE)

Verifying bots and agents with Web Bot Auth
08:08 MIN

Verifying bots and agents with Web Bot Auth

Fireside Chat with Cloudflare's Chief Strategy Officer, Stephanie Cohen (with Mike Butcher MBE)

Featured Partners

Related Videos

See all videos
The attacker's footprint2:08:06

The attacker's footprint

Antonio de Mello & Amine Abed

WeAreDevelopers LIVE: Scammer Payback with Python, Grok Goes Unhinged, The Future of Chromium and mo1:01:44

WeAreDevelopers LIVE: Scammer Payback with Python, Grok Goes Unhinged, The Future of Chromium and mo

Dan Cranney, Chris Heilmann & Brian Rountree

Getting under the skin: The Social Engineering techniques43:56

Getting under the skin: The Social Engineering techniques

Mauro Verderosa

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking56:03

WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking

Chris Heilmann & Daniel Cranney & Ramona Schwering

Skynet wants your Passwords! The Role of AI in Automating Social Engineering31:19

Skynet wants your Passwords! The Role of AI in Automating Social Engineering

Wolfgang Ettlinger & Alexander Hurbean

Typed Security: Preventing Vulnerabilities By Design58:19

Typed Security: Preventing Vulnerabilities By Design

Michael Koppmann

How to scrape modern websites to feed AI agents19:20

How to scrape modern websites to feed AI agents

Jan Curn

WeAreDevelopers Live: Browser Extensions, Honey Scam, Jailbreaking LLMs and more1:01:25

WeAreDevelopers Live: Browser Extensions, Honey Scam, Jailbreaking LLMs and more

Chris Heilmann & Daniel Cranney

Related Articles

View all articles
CH
Chris Heilmann
Dev Digest 137 - AI'm not sure about this
Hello fellow developer, this is the 1st "out of the can" edition of 3 as I am on vacation in Greece going "whee are you cute" at donkeys. So, fewer news, but lots of great resources. Enjoy! News and ArticlesOpenAI has been the big topic winning in th...
Dev Digest 137 - AI'm not sure about this
CH
Chris Heilmann
Dev Digest 138 - Are you secure about this?
Hello there! This is the 2nd "out of the can" edition of 3 as I am on vacation in Greece eating lovely things on the beach. So, fewer news, but lots of great resources. Many around the topic of security. Enjoy! News and ArticlesGoogle Pixel phones t...
Dev Digest 138 - Are you secure about this?
CH
Chris Heilmann
Dev Digest 116 - WWWAI?
This time, learn how to un-AI Google's search results, what's new on the web, avoid a new security hole and go back to BASICS with us. News and ArticlesWhat a week. Google, Microsoft, OpenAI and many others had their big flagship events announcing th...
Dev Digest 116 - WWWAI?
CH
Chris Heilmann
Dev Digest 134 - Where pixels sing?
News and ArticlesWeAreDevelopers LIVE Data and Security Day is on Wednesday, 25/09/2024. Learn about OPC UA Updates, Best Practices for Using GitHub Secrets, Passwordless Web 1.5, Emerging AI Security Risks, Data Privacy in LLMs and get a chance to t...
Dev Digest 134 - Where pixels sing?

From learning to earning

Jobs that call for the skills explored in this talk.