Bots are software’s that automate web requests for various tasks without human intervention. Some are beneficial for the Internet but many of them represent a plague for ecommerce websites. Bad bots traffic represents around a quarter of the whole Internet traffic today and is predicted to increase. This traffic includes website content scanning, stolen credit card checking, denial of service, inventory…
In this talk, we will describe how we decided to tackle this variety of threats, how we decided to start our research, the challenges that we faced and the solutions we provided.
Best known and less known key places for bots will be presented as well as how we succeeded to constitute a strong repository of bots. From there will be shown an overview of the general trend in terms of popular bot programming languages, software development frameworks. Eventually, we will show practical examples taken from the most prevalent bots from the OWASP top 10 automated threats. The general architecture of those bots will be presented. The main components explained before drilling down to the key features they include to remain undetected. How do they evade captcha systems? How do they avoid fingerprinting? From the naive approaches we will introduce you to the stealthiest features.