Fabien Vauchelles
Cracking the Code: Decoding Anti-Bot Systems!
#1about 5 minutes
The fundamental challenge of web scraping as a turing test
Web scraping is fundamentally a Turing test where automated scripts must mimic natural human behavior to avoid detection by anti-bot systems.
#2about 10 minutes
How anti-bot systems analyze the browser stack for signals
Anti-bot systems analyze signals from the entire browser stack, including IP address, TCP/TLS/HTTP2 fingerprints, JavaScript execution, and user navigation patterns.
#3about 2 minutes
Exploiting the business need to minimize false positives
The necessity for websites to avoid blocking real customers (false positives) forces anti-bot systems to focus on a limited set of the most effective signals.
#4about 5 minutes
Tools and techniques to identify anti-bot systems
Use tools like Wappalyzer, browser dev tools, and proxy interceptors to identify the specific anti-bot protection and analyze its architecture and encrypted payloads.
#5about 7 minutes
A step-by-step methodology for building robust scrapers
Follow an incremental approach to bypass protections, starting with basic scraper tuning and progressively adding proxies, headless browsers, and unblocker APIs.
#6about 4 minutes
Designing a scalable architecture for data collection
Build a scalable scraping infrastructure using a central data store, an orchestrator, a proxy management layer, and a farm of diverse browsers.
#7about 7 minutes
Decoding common javascript obfuscation techniques
Anti-bot systems use JavaScript obfuscation techniques like string concealing, code flow confusion, and control flow flattening to make their code unreadable.
#8about 3 minutes
Identifying the five key signal types after deobfuscation
After deobfuscating the code, identify the five main types of signals collected: configuration details, automation flags, rendering fingerprints, reverse engineering checks, and integrity controls.
#9about 1 minute
The next frontier in anti-bot is javascript virtual machines
The next evolution in anti-bot technology involves JavaScript virtual machines that execute proprietary, undocumented bytecode, making reverse engineering significantly more difficult.
#10about 14 minutes
Answering questions on scraping legality, VPNs, and rate limits
The Q&A session addresses common questions about the legality of web scraping, the effectiveness of VPNs, managing rate limits, and the cat-and-mouse game with anti-bot providers.
Related jobs
Jobs that call for the skills explored in this talk.
Technoly GmbH
Berlin, Germany
€50-60K
Intermediate
Network Security
Security Architecture
+2
VECTOR Informatik
Stuttgart, Germany
Senior
Java
IT Security
Dirk Rossmann GmbH
Burgwedel, Germany
Intermediate
IT Security
Matching moments
01:06 MIN
Malware campaigns, cloud latency, and government IT theft
Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre
01:15 MIN
Crypto crime, EU regulation, and working while you sleep
Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre
06:33 MIN
The security challenges of building AI browser agents
AI in the Open and in Browsers - Tarek Ziadé
04:17 MIN
Playing a game of real or fake tech headlines
WeAreDevelopers LIVE – You Don’t Need JavaScript, Modern CSS and More
02:49 MIN
Using AI to overcome challenges in systems programming
AI in the Open and in Browsers - Tarek Ziadé
05:01 MIN
Comparing the security models of browsers and native apps
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
03:45 MIN
Preventing exposed API keys in AI-assisted development
Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2
06:23 MIN
The trend of browsers depending on online services
Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof
Featured Partners
Related Videos
2:08:06The attacker's footprint
Antonio de Mello & Amine Abed
43:56Getting under the skin: The Social Engineering techniques
Mauro Verderosa
1:06:14WeAreDevelopers LIVE – Web Scraping, Agents, Actors and more
Chris Heilmann, Daniel Cranney, Ondra Urban & COO & GTM at Apify
56:03WeAreDevelopers LIVE - Chrome for Sale? Comet - the upcoming perplexity browser Stealing and leaking
Chris Heilmann & Daniel Cranney & Ramona Schwering
31:19Skynet wants your Passwords! The Role of AI in Automating Social Engineering
Wolfgang Ettlinger & Alexander Hurbean
1:01:44WeAreDevelopers LIVE: Scammer Payback with Python, Grok Goes Unhinged, The Future of Chromium and mo
Dan Cranney, Chris Heilmann & Brian Rountree
1:01:25WeAreDevelopers Live: Browser Extensions, Honey Scam, Jailbreaking LLMs and more
Chris Heilmann & Daniel Cranney
28:41101 Typical Security Pitfalls
Alexander Pirker
Related Articles
View all articles
From learning to earning
Jobs that call for the skills explored in this talk.
Visonum GmbH
Remote
Junior
Intermediate
React
Redux
TypeScript
TryHackMe
Charing Cross, United Kingdom
Remote
£34K
Intermediate
PHP
Bash
Python
+1
Abnormal AI
Intermediate
API
Spark
Kafka
Python
aXite Security Tools
Amsterdam, Netherlands
Node.js
Angular
JavaScript
TryHackMe
Charing Cross, United Kingdom
£38K
Intermediate
NoSQL
React
Python
Docker
+1