Built this Go library over the past few weeks it takes a browser fingerprint from your frontend JS and scores how bot-like it looks.
Basically you collect stuff like navigator.webdriver, screen size, WebGL renderer, canvas hash, timezone, fonts, plugins etc. on the client, send it as JSON to your server, and the library runs it through a bunch of detection rules and gives you back a score and an explanation.
Caught things like headless Chrome pretending to be a real browser, SwiftShader GPU (dead giveaway in CI), timezone mismatches where the JS offset doesn't match the IANA name, missing fonts that every real desktop browser has stuff like that.
No API calls, no sending data anywhere, just a Go package. Useful if you want to add bot detection to a login or signup flow without paying for a third party service.
Still pretty early, signal weights are hand-tuned not trained, but it works well enough that I wanted to put it out there.
https://github.com/slyt3/gofin
Would love to know if anyone's done something like this before and what signals I'm missing.
Top comments (0)