DevTools Undocked

[ghost]

I there's a polyfill or an idea to fix when DevTools is undocked, it should be added to this thread.

[arthurvr]

I don't think there actually is, at least not using the approach we're currently taking to detect if devtools are open.

[mtx-z]

Those two ones (Fiddle one & two) use the same approach to detect Chrome devtools. It also detect in undocked. Do you think it's possible to implement in your script ? ty :)
Edit: maybe it's easier to use your script for everything but Chrome devtools, and use the Fiddle ones for Chrome ?

[sksar]

The fiddle ones are seriously genius pieces of insanely useful code,,,,

[EbiPenMan]

for this problem you can add this code:

var minimalUserResponseInMiliseconds = 100; var before = new Date().getTime(); debugger; var after = new Date().getTime(); if (after - before > minimalUserResponseInMiliseconds) { // user had to resume the script manually via opened dev tools // is opened }

[kdzwinel]

The getter hack relied on a bug - browser DevTools should never automatically invoke getters as these may have side effects. Firefox (I tested in 57) and Chrome (65 - currently in canary) already patched it up. Only major browsers where it still works are Safari and Edge.

---

BTW I found another one that abuses the fact that many developers have cache disabled when DevTools are open:

http://jsbin.com/vanogec/edit?js,output

Works in all major browsers even if DevTools are undocked, but has a side effect of making a request.

[eligrey]

Here's my idea for devtools detection: https://jsfiddle.net/eligrey/j4v270p4/

I think this solution is much more difficult to mitigate.

[eligrey]

Apparently the method I posted isn't that accurate in Firefox, although it is pretty accurate in Chrome.

[ngyikp]

@kdzwinel Yup, this seems to be the Chrome bug report: https://bugs.chromium.org/p/chromium/issues/detail?id=795547

[mrghosh]

https://stackoverflow.com/a/42194142/4040525

[kdzwinel]

@ngyikp thanks! Quick look at the diff of the patch reveals that only some properties were patched while others are still vulnerable to the same getter hack. I opened another report: crbug.com/799791.

[EDIT] Patched in Canary

[ziozec-zz]

@mtx-z unfortunately your solution doesn' t work anymore :-(

[kdzwinel]

I found myself discussing this and thinking about this again, so here goes a braindump.

There are four techniques that still can be used to detect DevTools (that I know of). Thankfully, all of them can be migrated:

1. screen size change (detach devtools to migrate),
2. "debugger;" statements ("Deactivate breakpoints" to migrate),
3. cache not working - DevTools Undocked #15 (comment) (don't disable the cache),
4. source maps getting fetched (check off "Enable JavaScript source maps" in DevTools settings).

If everything fails and code you are trying to debug is still detecting DevTools:

• please ping me, so I can take a look,
• you can still use lower level tools (such as Debugging Protocol or chrome://net-export/).

[drinkmaker]

This guy did a good check somehow https://samy.pl/ try to open dev tools.
I've been trying to get to the bottom of it for several hours now. Maybe one of you can? He hides everything very well.

[drinkmaker]

Ok, guys, I figured it out. Thanks to the dude from samy.pl He's really cool. So try my solution https://content-protector-wordpress.42theme.com/ it detects undocked dev tools too.
Here is the full code https://gist.github.com/drinkmaker/67c5dd6c83170a65517a595a5fa135d8
Pay attention to two points:

1. Creating a copy of console.log() https://gist.github.com/drinkmaker/67c5dd6c83170a65517a595a5fa135d8#file-devtools-detect-js-L84-L97
2. Run checks by interval https://gist.github.com/drinkmaker/67c5dd6c83170a65517a595a5fa135d8#file-devtools-detect-js-L193

Hope this helps.

[dpw1]

@drinkmaker I can still open the DevTools on the content-protector website. Was that intentional?

[drinkmaker]

@dpw1 Oh, You're right, it's broken again. I need to look for a solution, again :(

[drinkmaker]

Found another solution https://github.com/AEPKILL/devtools-detector, it works in summer 2022 and correctly detects undocked DevTools.

[MHuiG]

I'm also researching this problem recently, and I wrote a simple one today , devtools-detecter, but because I don't have enough equipment, I haven't done a detailed test. I know that it is effective in win10 chrome103.If you find a bug, you can send issues.

[deepaksm1]

Found another solution https://github.com/AEPKILL/devtools-detector, it works in summer 2022 and correctly detects undocked DevTools.

Thank you very much you saved our life

[icinemagr]

Found another solution https://github.com/AEPKILL/devtools-detector, it works in summer 2022 and correctly detects undocked DevTools.

Thank you very much you saved our life

if you go to console you will notice there is a message "console was cleared" every x milliseconds.
from the otehr hand bet365 does it without this message.
Must be an other way and bet365 knows it

[s0urce-c0de]

Check if console.log is a no-op like samy.pl