Can a website detect that Firefox is running on Marionette?

Question

Running Firefox on Selenium requires the Geckodriver, since the Gecko Engine isn't really compatible with the JSON Wire Protocol. So the Geckodriver is running a HTTP-Server by serving all the commands between Selenium and the browser by translating with Marionette. Can a Website actually tell, that the current Browser is controlled by Marionette? I've seen that you can access a "Marionette Page" by using localhost and the Marionette Port in config, when Firefox is automated. Also Firefox shows that robot, that tells the user, the current Browser is automated. So some kind of automation detection is build in, but can it be accessed?

Edit: Yeah it's true, that different Browsers expose different things, but the javascript detection doesn't work anymore. It was able detect Selenium RC, because to work it had to inject some Javascript Code into the Browser. Since Selenium 2.0, the Webdriver communicates directly with the Browser, so simple Javascript-Variable-Detection won't work. Also i found and explained some of those exposes, but can a website actually access them somehow? As another difference of exposing: Chrome sets the navigator.webdriver attribute to true, but firefox doesn't.

Answer 1

When you start modern firefox with the --marionette option or MOZ_MARIONETTE=1 env variable, you will enable marionette control for Firefox. You can just open the source code of the latest Firefox release and find out how it works:

moz.configure

set_define("ENABLE_WEBDRIVER", webdriver)

nsCertOverrideService.cpp and similar core files:

#ifdef ENABLE_WEBDRIVER
#  include "nsIMarionette.h"
#endif

#ifdef ENABLE_WEBDRIVER
nsCOMPtr<nsIMarionette> marionette = do_GetService(NS_MARIONETTE_CONTRACTID);
if (marionette) {
  bool marionetteRunning = false;
  marionette->GetRunning(&marionetteRunning);
  if (marionetteRunning) {
    return true;
  }
}

nsCOMPtr<nsIRemoteAgent> agent = do_GetService(NS_REMOTEAGENT_CONTRACTID);
if (agent) {
  bool remoteAgentRunning = false;
  agent->GetRunning(&remoteAgentRunning);
  if (remoteAgentRunning) {
    return true;
  }
}
#endif

Meanwhile remote/components/moz.build:

XPIDL_SOURCES += [
    "nsIMarionette.idl",
    "nsIRemoteAgent.idl",
]

remote/components/RemoteAgent.sys.mjs:

const port = cmdLine.handleFlagWithParam("remote-debugging-port", false);
if (port !== null) {
  enabled = true;

remote/components/Marionette.sys.mjs

// Complements -marionette flag for starting the Marionette server.
// We also set this if Marionette is running in order to start the server
// again after a Firefox restart.
const ENV_ENABLED = "MOZ_MARIONETTE";

this.enabled = Services.env.exists(ENV_ENABLED);

It means --enable-webdriver is a configuration option, and --marionette and --remote-debugging-port are runtime options. Is it possible to detect marionette somehow? You can go deeper and verify that it is not possible.

However, I can't understand a reason why you want to detect Marionette this way. If customers come, pay me a penny and say, "Please purge any possible detection mechanisms from my version of Firefox." I will do it immediately. For example, Marionette and the remote debugging agent may just work without exposing any information about their status. It means, in particular, that the Marionette local page and the funny robot icon in the browser search bar will disappear.

It was able detect Selenium RC, because to work it had to inject some Javascript Code into the Browser

I know a number of lines of code in selenium that you are talking about.

Please just stop your attempts to detect bots using client-side application inspections; this method is not reliable. You may be able to detect some silly cases, but you will bypass any severe bots. You may receive a situation when you are fighting with another developer directly. You will always lose because another developer can modify the application on his own, and you can't stop this modification.