#
Leak Debugging
This is a flow chart demonstrating my process for determining leaks without deobfuscating WAF Javascript. The method incrementally reintroduces Camoufox's features into Firefox's source code until the testing site flags.
This process requires a Linux system and assumes you have Firefox build tools installed (see here).
#
Flowchart
flowchart TD
A[Start] --> B[Does website flag in the<br>official Firefox?]
B -->|Yes| C[Likely bad IP/rate-<br>limiting. If the website<br>fails on both headless and<br>headful mode on the official<br>Firefox distribution, the<br>issue is not with the browser.]
B -->|No| D["Run make ff-dbg(1) and<br>build(2) a clean<br>distribution of Firefox.<br>Does the website flag in<br>Firefox **headless** mode(4)?"]
D -->|Yes| E["Does the website flag in<br>headful mode(3) AND<br>headless mode(4)?"]
D -->|No| F["Open the developer UI(5),<br>apply config.patch, then<br>rebuild(2). Does the<br>website still flag(3)?"]
E -->|No| G["Enable privacy.resistFingerprinting<br>in the config(6). Does the<br>website still flag(3)?"]
E -->|Yes| C
G -->|No| H["In the config(6), enable<br>FPP and start omitting<br>overrides until you find<br>the one that fixed the leak."]
G -->|Yes| I[If you get to this point,<br>you may need to deobfuscate<br>the Javascript behind the website<br>to identify what it's testing.]
F -->|Yes| K["Open the developer UI,<br>apply the playwright<br>bootstrap patch, then<br>rebuild. Does it still flag?"]
F -->|No| J["Omit options from<br>camoufox.cfg(6) and<br>rerun(3) until you find the<br>one causing the leak."]
K -->|No| M[Juggler needs to be<br>debugged to locate the leak.]
K -->|Yes| L[The issue has nothing to do<br>with Playwright. Apply the<br>rest of the Camoufox patches<br>one by one until the one<br>causing the leak is found.]
M --> I