PerimeterX

PerimeterX (now Human Security) is an anti-bot software that leverages advanced machine learning and behavioral analytics to accurately identify and block malicious bot traffic in real-time. There is currently 153,000 websites using PerimeterX.

Recognize PerimeterX

To identify PerimeterX’s presence on a website, look for these characteristics:

Internal property: window._pxAppId property.
Collector XHR: PerimeterX can operate with or without any external server, in case of external collector, those domains can be used: px-cdn.net, pxchk.net, px-client.net In case of an internal endpoint being used, it’s format will likely follow this format:

/rf8vapwA/xhr/api/v2/collector

Cookies: PerimeterX set the cookies: _px3, _pxhd, _px_vid

PerimeterX’s Device Fingerprinting

PerimeterX employs traditional techniques commonly observed in other anti-bot software, but with a particular focus on WebGL by assessing rendering capabilities. This approach goes beyond the usual strategy of merely collecting parameters and extensions, as seen in most anti-bot solutions.

General fingerprinting

devicePixelRatio
hardwareConcurrency
localStorage
indexedDB
openDatabase
sessionStorage
cpuClass
Navigator.plugins
window.performance

Behavior Analysis

PerimeterX observes various specified events and compiles them into a consistent payload for their collector API endpoint. This suggests that they utilize behavioral analysis. As a result, it’s important to be careful when activating these events. To closely replicate human interactions with the page, it is advisable to employ simulation libraries.

touchstart
touchend
touchmove
touchenter
touchleave
touchcancel
mousedown
mouseup
mousemove
mouseover
mouseout
mouseenter
mouseleave
click
dblclick
scroll
wheel

mouse type events coordinates and details are tracked on the following attributes:

coordination_start
coordination_end
movementX
movementY
clientX
clientY

For touch type events, the following attributes are tracked:

touches
changedTouches

Canvas Fingerprinting

PerimeterX utilizes a technique involving the use of unicode special characters for fingerprinting canvas renderings. This method is based on the significant variability in how unicode renders high-entropy elements like emojis.

First test:

Renders all characters using “8px sans-serif” default font from 0x1F600 to 0x1F64F.

a.font = "8px sans-serif";
for (var o = 1, c = 128512; c < 128591; c++)
   a.fillText(_("0x" + c.toString(16)), 8 * o, 8),
   o++;
n = Q(a.canvas.toDataURL())

Second test:

Renders the following characters using “6px sans-serif” default font:

97, 667, 917, 1050, 1344, 1488, 1575, 1808, 1931, 2342, 2476, 2583, 2711, 2825, 2980, 3108, 3221, 3374, 3517, 3524, 3652, 3749, 3926, 4121, 4325, 4877, 5091, 5123, 6017, 6190, 6682, 7070, 11612, 20206, 27721, 41352, 43415, 54620, 55295

And then the characters from 0x2699 to 0x26FF.

Results:

Notice: Result original resolution has been preserved, notice how small and pixely the rendering is, this allow better fingerprinting of anti-aliasing technique, and produce more entropy while being lighter.

WebGL fingerprinting:

PerimeterX checks for specific Anisotropic extension to detect browser type, among those values:

EXT_texture_filter_anisotropic
WEBKIT_EXT_texture_filter_anisotropic (Safari)
MOZ_EXT_texture_filter_anisotropic (Firefox)

This method is highly efficient for identifying browser type spoofing because the properties involved cannot be falsified through traditional JavaScript proxy or Function override techniques.

Attributes fingerprint:

PerimeterX check for the following WebGL attributes:

RENDERER
SHADING_LANGUAGE_VERSION
VENDOR
VERSION
UNMASKED_VENDOR_WEBGL
UNMASKED_RENDERER_WEBGL

WEBGL_debug_renderer_info:

ALIASED_LINE_WIDTH_RANGE
ALIASED_POINT_SIZE_RANGE
ALPHA_BITS
BLUE_BITS
DEPTH_BITS
GREEN_BITS
MAX_COMBINED_TEXTURE_IMAGE_UNITS
MAX_CUBE_MAP_TEXTURE_SIZE
MAX_FRAGMENT_UNIFORM_VECTORS
MAX_RENDERBUFFER_SIZE
MAX_TEXTURE_IMAGE_UNITS
MAX_TEXTURE_SIZE
MAX_VARYING_VECTORS
MAX_VERTEX_ATTRIBS
MAX_VERTEX_TEXTURE_IMAGE_UNITS
MAX_VERTEX_UNIFORM_VECTORS
MAX_VIEWPORT_DIMS
STENCIL_BITS

getShaderPrecisionFormat:

VERTEX_SHADER
FRAGMENT_SHADER
VERTEX_SHADER
FRAGMENT_SHADER
HIGH_FLOAT
MEDIUM_FLOAT
LOW_FLOAT

Rendering fingerprint:

Execute the following shaders for WebGL fingerprinting:

Vertex Shader:

attribute vec2 attrVertex;
varying vec2 varyinTexCoordinate;
uniform vec2 uniformOffset;
void main(){
  varyinTexCoordinate = attrVertex + uniformOffset;
  gl_Position = vec4(attrVertex, 0, 1);
}

Fragment Shader:

precision mediump float;
varying vec2 varyinTexCoordinate;
void main() {
  gl_FragColor = vec4(varyinTexCoordinate, 0, 1);
}

Both are executed on a single program and then dumped using canvas.toDataURL.

Clipboard data

Not sure how much this influence the bypass success rate, but PerimeterX does look for Clipboard Data as part of their fingerprinting process.

Fonts presence & rendering

PerimeterX will attempt to render the text mmmmmmmmmmlli for the following fonts list:

"Andale Mono", "Arial", "Arial Black", "Arial Hebrew", "Arial MT", "Arial Narrow", "Arial Rounded MT Bold", "Arial Unicode MS", "Bitstream Vera Sans Mono", "Book Antiqua", "Bookman Old Style", "Calibri", "Cambria", "Cambria Math", "Century", "Century Gothic", "Century Schoolbook", "Comic Sans", "Comic Sans MS", "Consolas", "Courier", "Courier New", "Geneva", "Georgia", "Helvetica", "Helvetica Neue", "Impact", "Lucida Bright", "Lucida Calligraphy", "Lucida Console", "Lucida Fax", "LUCIDA GRANDE", "Lucida Handwriting", "Lucida Sans", "Lucida Sans Typewriter", "Lucida Sans Unicode", "Microsoft Sans Serif", "Monaco", "Monotype Corsiva", "MS Gothic", "MS Outlook", "MS PGothic", "MS Reference Sans Serif", "MS Sans Serif", "MS Serif", "MYRIAD", "MYRIAD PRO", "Palatino", "Palatino Linotype", "Segoe Print", "Segoe Script", "Segoe UI", "Segoe UI Light", "Segoe UI Semibold", "Segoe UI Symbol", "Tahoma", "Times", "Times New Roman", "Times New Roman PS", "Trebuchet MS", "Verdana", "Wingdings", "Wingdings 2", "Wingdings 3", "Abadi MT Condensed Light", "Academy Engraved LET", "ADOBE CASLON PRO", "Adobe Garamond", "ADOBE GARAMOND PRO", "Agency FB", "Aharoni", "Albertus Extra Bold", "Albertus Medium", "Algerian", "Amazone BT", "American Typewriter", "American Typewriter Condensed", "AmerType Md BT", "Andalus", "Angsana New", "AngsanaUPC", "Antique Olive", "Aparajita", "Apple Chancery", "Apple Color Emoji", "Apple SD Gothic Neo", "Arabic Typesetting", "ARCHER", "ARNO PRO", "Arrus BT", "Aurora Cn BT", "AvantGarde Bk BT", "AvantGarde Md BT", "AVENIR", "Ayuthaya", "Bandy", "Bangla Sangam MN", "Bank Gothic", "BankGothic Md BT", "Baskerville", "Baskerville Old Face", "Batang", "BatangChe", "Bauer Bodoni", "Bauhaus 93", "Bazooka", "Bell MT", "Bembo", "Benguiat Bk BT", "Berlin Sans FB", "Berlin Sans FB Demi", "Bernard MT Condensed", "BernhardFashion BT", "BernhardMod BT", "Big Caslon", "BinnerD", "Blackadder ITC", "BlairMdITC TT", "Bodoni 72", "Bodoni 72 Oldstyle", "Bodoni 72 Smallcaps", "Bodoni MT", "Bodoni MT Black", "Bodoni MT Condensed", "Bodoni MT Poster Compressed", "Bookshelf Symbol 7", "Boulder", "Bradley Hand", "Bradley Hand ITC", "Bremen Bd BT", "Britannic Bold", "Broadway", "Browallia New", "BrowalliaUPC", "Brush Script MT", "Californian FB", "Calisto MT", "Calligrapher", "Candara", "CaslonOpnface BT", "Castellar", "Centaur", "Cezanne", "CG Omega", "CG Times", "Chalkboard", "Chalkboard SE", "Chalkduster", "Charlesworth", "Charter Bd BT", "Charter BT", "Chaucer", "ChelthmITC Bk BT", "Chiller", "Clarendon", "Clarendon Condensed", "CloisterBlack BT", "Cochin", "Colonna MT", "Constantia", "Cooper Black", "Copperplate", "Copperplate Gothic", "Copperplate Gothic Bold", "Copperplate Gothic Light", "CopperplGoth Bd BT", "Corbel", "Cordia New", "CordiaUPC", "Cornerstone", "Coronet", "Cuckoo", "Curlz MT", "DaunPenh", "Dauphin", "David", "DB LCD Temp", "DELICIOUS", "Denmark", "DFKai-SB", "Didot", "DilleniaUPC", "DIN", "DokChampa", "Dotum", "DotumChe", "Ebrima", "Edwardian Script ITC", "Elephant", "English 111 Vivace BT", "Engravers MT", "EngraversGothic BT", "Eras Bold ITC", "Eras Demi ITC", "Eras Light ITC", "Eras Medium ITC", "EucrosiaUPC", "Euphemia", "Euphemia UCAS", "EUROSTILE", "Exotc350 Bd BT", "FangSong", "Felix Titling", "Fixedsys", "FONTIN", "Footlight MT Light", "Forte", "FrankRuehl", "Fransiscan", "Freefrm721 Blk BT", "FreesiaUPC", "Freestyle Script", "French Script MT", "FrnkGothITC Bk BT", "Fruitger", "FRUTIGER", "Futura", "Futura Bk BT", "Futura Lt BT", "Futura Md BT", "Futura ZBlk BT", "FuturaBlack BT", "Gabriola", "Galliard BT", "Gautami", "Geeza Pro", "Geometr231 BT", "Geometr231 Hv BT", "Geometr231 Lt BT", "GeoSlab 703 Lt BT", "GeoSlab 703 XBd BT", "Gigi", "Gill Sans", "Gill Sans MT", "Gill Sans MT Condensed", "Gill Sans MT Ext Condensed Bold", "Gill Sans Ultra Bold", "Gill Sans Ultra Bold Condensed", "Gisha", "Gloucester MT Extra Condensed", "GOTHAM", "GOTHAM BOLD", "Goudy Old Style", "Goudy Stout", "GoudyHandtooled BT", "GoudyOLSt BT", "Gujarati Sangam MN", "Gulim", "GulimChe", "Gungsuh", "GungsuhChe", "Gurmukhi MN", "Haettenschweiler", "Harlow Solid Italic", "Harrington", "Heather", "Heiti SC", "Heiti TC", "HELV", "Herald", "High Tower Text", "Hiragino Kaku Gothic ProN", "Hiragino Mincho ProN", "Hoefler Text", "Humanst 521 Cn BT", "Humanst521 BT", "Humanst521 Lt BT", "Imprint MT Shadow", "Incised901 Bd BT", "Incised901 BT", "Incised901 Lt BT", "INCONSOLATA", "Informal Roman", "Informal011 BT", "INTERSTATE", "IrisUPC", "Iskoola Pota", "JasmineUPC", "Jazz LET", "Jenson", "Jester", "Jokerman", "Juice ITC", "Kabel Bk BT", "Kabel Ult BT", "Kailasa", "KaiTi", "Kalinga", "Kannada Sangam MN", "Kartika", "Kaufmann Bd BT", "Kaufmann BT", "Khmer UI", "KodchiangUPC", "Kokila", "Korinna BT", "Kristen ITC", "Krungthep", "Kunstler Script", "Lao UI", "Latha", "Leelawadee", "Letter Gothic", "Levenim MT", "LilyUPC", "Lithograph", "Lithograph Light", "Long Island", "Lydian BT", "Magneto", "Maiandra GD", "Malayalam Sangam MN", "Malgun Gothic", "Mangal", "Marigold", "Marion", "Marker Felt", "Market", "Marlett", "Matisse ITC", "Matura MT Script Capitals", "Meiryo", "Meiryo UI", "Microsoft Himalaya", "Microsoft JhengHei", "Microsoft New Tai Lue", "Microsoft PhagsPa", "Microsoft Tai Le", "Microsoft Uighur", "Microsoft YaHei", "Microsoft Yi Baiti", "MingLiU", "MingLiU_HKSCS", "MingLiU_HKSCS-ExtB", "MingLiU-ExtB", "Minion", "Minion Pro", "Miriam", "Miriam Fixed", "Mistral", "Modern", "Modern No. 20", "Mona Lisa Solid ITC TT", "Mongolian Baiti", "MONO", "MoolBoran", "Mrs Eaves", "MS LineDraw", "MS Mincho", "MS PMincho", "MS Reference Specialty", "MS UI Gothic", "MT Extra", "MUSEO", "MV Boli", "Nadeem", "Narkisim", "NEVIS", "News Gothic", "News GothicMT", "NewsGoth BT", "Niagara Engraved", "Niagara Solid", "Noteworthy", "NSimSun", "Nyala", "OCR A Extended", "Old Century", "Old English Text MT", "Onyx", "Onyx BT", "OPTIMA", "Oriya Sangam MN", "OSAKA", "OzHandicraft BT", "Palace Script MT", "Papyrus", "Parchment", "Party LET", "Pegasus", "Perpetua", "Perpetua Titling MT", "PetitaBold", "Pickwick", "Plantagenet Cherokee", "Playbill", "PMingLiU", "PMingLiU-ExtB", "Poor Richard", "Poster", "PosterBodoni BT", "PRINCETOWN LET", "Pristina", "PTBarnum BT", "Pythagoras", "Raavi", "Rage Italic", "Ravie", "Ribbon131 Bd BT", "Rockwell", "Rockwell Condensed", "Rockwell Extra Bold", "Rod", "Roman", "Sakkal Majalla", "Santa Fe LET", "Savoye LET", "Sceptre", "Script", "Script MT Bold", "SCRIPTINA", "Serifa", "Serifa BT", "Serifa Th BT", "ShelleyVolante BT", "Sherwood", "Shonar Bangla", "Showcard Gothic", "Shruti", "Signboard", "SILKSCREEN", "SimHei", "Simplified Arabic", "Simplified Arabic Fixed", "SimSun", "SimSun-ExtB", "Sinhala Sangam MN", "Sketch Rockwell", "Skia", "Small Fonts", "Snap ITC", "Snell Roundhand", "Socket", "Souvenir Lt BT", "Staccato222 BT", "Steamer", "Stencil", "Storybook", "Styllo", "Subway", "Swis721 BlkEx BT", "Swiss911 XCm BT", "Sylfaen", "Synchro LET", "System", "Tamil Sangam MN", "Technical", "Teletype", "Telugu Sangam MN", "Tempus Sans ITC", "Terminal", "Thonburi", "Traditional Arabic", "Trajan", "TRAJAN PRO", "Tristan", "Tubular", "Tunga", "Tw Cen MT", "Tw Cen MT Condensed", "Tw Cen MT Condensed Extra Bold", "TypoUpright BT", "Unicorn", "Univers", "Univers CE 55 Medium", "Univers Condensed", "Utsaah", "Vagabond", "Vani", "Vijaya", "Viner Hand ITC", "VisualUI", "Vivaldi", "Vladimir Script", "Vrinda", "Westminster", "WHITNEY", "Wide Latin", "ZapfEllipt BT", "ZapfHumnst BT", "ZapfHumnst Dm BT", "Zapfino", "Zurich BlkEx BT", "Zurich Ex BT", "ZWAdobeF"

How to bypass PerimeterX?

WIP

Screen Size

SVG

Docs

Web Scraping

Title here

PerimeterX

Recognize PerimeterX

PerimeterX’s Device Fingerprinting

General fingerprinting

Behavior Analysis

Canvas Fingerprinting

First test:

Second test:

Results:

WebGL fingerprinting:

Attributes fingerprint:

WEBGL_debug_renderer_info:

getShaderPrecisionFormat:

Rendering fingerprint:

Clipboard data

Fonts presence & rendering

How to bypass PerimeterX?

PerimeterX

Recognize PerimeterX#

PerimeterX’s Device Fingerprinting#

General fingerprinting#

Behavior Analysis#

Canvas Fingerprinting#

First test:#

Second test:#

Results:#

WebGL fingerprinting:#

Attributes fingerprint:#

WEBGL_debug_renderer_info:#

getShaderPrecisionFormat:#

Rendering fingerprint:#

Clipboard data#

Fonts presence & rendering#

How to bypass PerimeterX?#

Recognize PerimeterX

PerimeterX’s Device Fingerprinting

General fingerprinting

Behavior Analysis

Canvas Fingerprinting

First test:

Second test:

Results:

WebGL fingerprinting:

Attributes fingerprint:

WEBGL_debug_renderer_info:

getShaderPrecisionFormat:

Rendering fingerprint:

Clipboard data

Fonts presence & rendering

How to bypass PerimeterX?