Visibilty API Bypass

Intercepts and kills the Event constructor itself
줄 바꿈
// ==UserScript==
// @name         Visibilty API Bypass
// @version      1.0
// @description  Intercepts and kills the Event constructor itself
// @author       Hayshemi
// @match        *://*/*
// @grant        none
// @run-at       document-start
// @license      MIT
// @namespace https://greasyfork.org/users/1570244
// ==/UserScript==

(function() {
    'use strict';

    const forbidden = ['visibilitychange', 'blur', 'fullscreenchange', 'webkitfullscreenchange', 'mouseleave', 'focusout'];

    // 1. Intercept the Event Constructor
    // If a script tries to create or trigger one of these events, we return a "dead" event
    const RawEvent = window.Event;
    window.Event = function(type, dict) {
        if (forbidden.includes(type)) {
            console.warn(`[Stealth] Neutered event creation: ${type}`);
            return new RawEvent('UNUSED');
        }
        return new RawEvent(type, dict);
    };

    // 2. Kill addEventListener at the root
    const orgAdd = EventTarget.prototype.addEventListener;
    EventTarget.prototype.addEventListener = function(type, cb, options) {
        if (forbidden.includes(type)) {
            console.warn(`[Stealth] Blocked listener for: ${type}`);
            return;
        }
        return orgAdd.apply(this, [type, cb, options]);
    };

    // 3. Fake the properties (Hard-Lock)
    const lock = (obj, prop, value) => {
        Object.defineProperty(obj, prop, {
            get: () => value,
            set: () => {}, // Prevent the site from changing it back
            configurable: false
        });
    };

    lock(document, 'visibilityState', 'visible');
    lock(document, 'hidden', false);
    lock(window, 'onblur', null);
    lock(document, 'onvisibilitychange', null);

    // 4. Spoof Fullscreen
    lock(document, 'fullscreenElement', document.documentElement);
    lock(document, 'webkitFullscreenElement', document.documentElement);

    console.log("Bypass Active");
})();