How to Control a Real Chromium Browser via CDP in Python to Bypass Bot Detection

·1 views

Developers using Playwright or Selenium often face bot detection from services like Google OAuth, Cloudflare, and Vercel, which flag headless browsers by their automation signatures. A technical tutorial published on DEV Community outlines an alternative approach: launching a real Chromium instance with remote debugging enabled on port 9222 and connecting to it via Python using the Chrome DevTools Protocol (CDP) and websockets. Because this method drives an actual browser rather than a headless one, it carries a genuine browser fingerprint with no automation flags attached. Persistent user profiles mean cookies and existing sessions, including Google logins, carry over between runs. The approach effectively sidesteps bot detection since the browser being controlled is indistinguishable from a normally operated one.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

csh Shell Incompatibility Bug Fixed Across SSH Codebase With Unified Helper

A user reported that WordPress auto-detect via SSH always failed while the WP-CLI path test on the same connection succeeded, pointing to an asymmetric bug. Investigation revealed the root cause was csh, the default login shell on some hosts like Sakura Internet, which cannot interpret Bash/POSIX idioms such as 2>/dev/null passed through Python's paramiko SSH library. An earlier fix had wrapped commands in /bin/sh -c for one endpoint only, leaving all other SSH-command APIs still broken on csh hosts. Developers resolved this by introducing a _safe_run helper function that automatically wraps every SSH command in /bin/sh -c, ensuring POSIX shell interpretation regardless of the user's login shell. A static analysis test was also added to the codebase to prevent raw SSH command calls from being introduced again in the future.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Builds Aegis Pulse to Automate GitHub Analytics Tracking for OSS Projects

A developer behind the open-source tool Aegis Stack publicly launched the project on Reddit on December 3rd and began manually tracking GitHub clone metrics daily due to the platform's 14-day rolling data window. To extract insights, they routinely pasted the collected data into three separate AI chats — ChatGPT, Claude Opus, and Google Gemini — preloaded with project context. Over time, growing context sizes caused the AI chats to lose coherence, forcing repeated and time-consuming chat migrations. This frustration ultimately led the developer to automate the entire workflow, giving rise to Aegis Pulse. Aegis Pulse is a free, no-signup tool that provides real human-versus-bot download analytics for open-source packages.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Mobile-Originated iMessage 2FA Could Eliminate SMS Pumping Fraud and Cut Costs

SMS pumping, also known as Artificially Inflated Traffic fraud, is a scheme where bad actors submit thousands of phone numbers to a company's verification endpoint, triggering paid SMS codes that generate revenue for fraudsters through carrier termination fees. The scam exploits the fact that companies pay for every outgoing one-time password, creating a direct financial incentive for abuse at scale. Elon Musk cited this fraud as costing Twitter approximately $60 million per year before the platform removed free SMS two-factor authentication, with around 390 telecom operators allegedly implicated. A proposed alternative flips the model: instead of companies sending codes to users, users send a pre-filled one-time code from their own iMessage to the service, eliminating any outbound per-message cost that fraudsters could exploit. Because the message originates from the user's Apple ID over end-to-end-encrypted iMessage, the approach is also more resistant to spoofing than traditional SMS-based verification.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Free CLI Tool Validates Shopify Product CSVs Before Import to Catch Silent Errors

A command-line tool called Shopify CSV Preflight Validator allows merchants and developers to check product CSV files for errors before uploading them to Shopify. The tool runs locally without requiring any login or third-party data upload, scanning for common issues such as UTF-8 BOM characters, incorrect header casing, missing parent handles, duplicate handles, and invalid pricing. It produces three outputs: a corrected CSV file, a machine-readable errors list, and a human-readable markdown report. Two categories of unambiguous errors — BOM at file start and header case mismatches — are automatically fixed, while all other issues are flagged for the user to resolve manually. The tool is aimed at solo merchants handling bulk product updates as well as agencies managing client store imports.

0 comments Read more at DEV Community