Stealth Chrome & Anti-Detection

Purpose

Prevent WhatsApp from detecting the headless Chrome instance as automated. Uses puppeteer-extra-plugin-stealth and page-level fingerprint overrides to make the browser appear as a regular desktop Chrome session.

Stealth Plugin Integration

The puppeteer-extra-plugin-stealth package is loaded via a module resolution patch in backend/src/index.ts. This intercepts require('puppeteer') calls so that whatsapp-web.js (which internally requires puppeteer) gets the stealth-patched version instead.

Module Resolution Patch

// In backend/src/index.ts — before any whatsapp-web.js imports
const Module = require('module');
const originalResolve = Module._resolveFilename;
Module._resolveFilename = function(request: string, parent: any) {
  if (request === 'puppeteer') {
    return originalResolve.call(this, 'puppeteer-extra', parent);
  }
  return originalResolve.call(this, request, parent);
};

Page-Level Fingerprint Overrides

Applied in WhatsAppService.ts after the browser page is created:

Chrome Launch Args

Added to the Puppeteer launch configuration:

• --disable-blink-features=AutomationControlled – removes navigator.webdriver flag
• --lang=en-US,en – sets browser language

Dockerfile Font Packages

Added to deploy/saas/Dockerfile.slice to prevent font fingerprinting:

• ttf-freefont
• font-noto
• font-noto-emoji
• ttf-dejavu
• ttf-liberation

Key Finding

Testing showed that stealth measures alone do NOT prevent WhatsApp from killing first-time linking sessions. The IP reputation matters more – see VPN Proxy documentation.

Files Modified

Status

Complete and deployed. Stealth patches active on all slice containers.