I know you can detect the browser with navigator.userAgent, but how do I detect the true browser core someone is using JavaScript in order to avoid spoofing, like shown here?
Could not figure it out by searching it up, it kept trying to show how to use navigator.userAgent instead.
This Reddit post claims that it does it via testing browser functionality, which is how it gets around the user agent. Let's dig into the source!
Sadly, it is pretty well obfuscated. I'll try regardless. A quick search for "browser core" yields this div:
<div id="psanh" class="azylh">
<div id="vvwzm" class="tlgfj">True Browser Core:</div>
<div class="awysa">Unknown</div>
<div id="ntnfh" class="uaujg">Chrome</div>
<div class="xnzgd">
i
<span class="zcgki">
Supports detecting true browser core even if the browser is spoofed, for:<br />
Firefox, Chrome, Edge, Internet Explorer, Safari, Opera, Konqueror.
</span>
</div>
</div>
We can use that. Let's see where they set ntnfh
.
It is a line that says (ID("ntnfh").innerHTML = "" !== m ? m : n);
*. That means set ntnfh to m
if m
is not an empty string. Let's see what m
is. Earlier, we have var m = "";
followed by something useful:
var m = "";
try {
"" === m && "undefined" != typeof InstallTrigger && (m = "Firefox");
} catch (e) {}
try {
"" === m && g.chrome && (g.chrome.webstore || g.chrome.runtime) && (m = "Chrome");
} catch (e) {}
try {
"" === m && M.documentMode && (m = "Internet Explorer");
} catch (e) {}
try {
"" === m && "Internet Explorer" !== m && g.StyleMedia && (m = "Edge");
} catch (e) {}
try {
"" !== m || (!/constructor/i.test(g.HTMLElement) && "[object SafariRemoteNotification]" !== (!window.safari || safari.pushNotification).toString()) || (m = "Safari");
} catch (e) {}
try {
"" === m && ((g.opr && opr.addons) || g.opera) && (m = "Opera");
} catch (e) {}
That's tough to read. But the gist of it is that we test for browser-unique things. For example, in Chrome, we can check for the web store and the chrome runtime. Note that && (m = "Chrome")
sets m
to "Chrome"
. It is a pretty ugly way to write it. But it basically says if the previous things on that line are true, then set m
to Chrome
. It's an ugly way to write it, but it works due to left-to-right evaluation and the fact that an and
has to evaluate everything to be sure that the result is true (i.e., if it is false, it will return false early, never getting to the assignment).
But the gist is to check for browser-specific properties and to set the variable m
(the True Browser Core) to the guessed browser based on the properties.
*I've ran the page through a code formatter (prettier
) to make it easier to read