Supril Singh
Back to blog

Engineering

How I Reverse Engineered LinkedIn's Bot Detection and Parameter X

I tore apart LinkedIn's obfuscated PerimeterX security script, 14,130 lines, 440+ encoded strings, and a fingerprinting engine that watches your every move, to understand what "Parameter X" really was.

bot-detection / reverse-engineering / automation / perimeterx / javascript

Some investigations start with a clean error message. This one started with a quiet failure and a 414,610-character blob of deliberately broken JavaScript.

An automation flow that looked correct on the surface kept getting treated differently from a normal browser session. The requests were valid, the headers looked close enough, and the account state was not the issue. Something else was producing a signal I couldn’t see. I started calling it Parameter X.

What I didn’t know yet was that tracking it down would mean deobfuscating one of the most sophisticated client-side surveillance scripts I had ever seen: PerimeterX, version 379, App ID PXdOjV695v, baked directly into LinkedIn’s page load.

The crime scene: a 14,000-line JavaScript mess

The first thing you notice when you pull LinkedIn’s security script is that it is intentionally unreadable. No whitespace, no meaningful names, no comments. Every string that could give you a hint is Base64-encoded and retrieved through a single decoder function at runtime.

Here’s what a typical line looks like before you touch it:

var a = Q("T2JqZWN0");
var b = Q("Z2V0T3duUHJvcGVydHlEZXNjcmlwdG9y");

And here’s what those actually say:

var a = Q("T2JqZWN0" /* "Object" */);
var b = Q("Z2V0T3duUHJvcGVydHlEZXNjcmlwdG9y" /* "getOwnPropertyDescriptor" */);

Object.getOwnPropertyDescriptor. The script’s very first move is checking whether native browser APIs have been tampered with. Before it fingerprints you or sends a single byte to a server, it is already asking: is this browser lying to me?

That set the tone for everything that followed.

Step one: decode the dictionary

The entire script routes its string lookups through a single Base64 decoder, Q(t), a thin wrapper around atob with a manual fallback for environments where that’s missing. Once I understood that, I could write a deobfuscator to decode every call in the file and annotate it in place.

After processing 440+ Base64 strings across 14,130 lines, the real dictionary started to appear. It was organized by intent. Here’s a condensed version of what lives inside:

Automation detection:

  • cHVwcGV0ZWVypuppeteer
  • Q2hhdEdQVEJyb3dzZXI=ChatGPTBrowser
  • W0FhXW5vbnltb3Vz[Aa]nonymous
  • X2hhbmRsZQ==_handle
  • R29vZ2xlfGdvb2dsZXxDb29raWVib3Q=Google|google|Cookiebot

AI agent and browser extension detection:

  • pplx-agent-0_0-overlay-stop-button → Perplexity AI agent
  • GlobalSkyvernFrameIndex → Skyvern browser automation
  • __FELLOU_TAB_ID__ → Fellou extension
  • genspark-float-bar → Genspark AI extension
  • chrome-extension://mljmkmodkfigdopcpgboaalildgijkoc/content.ts.js → a specific, hardcoded extension ID

That last one stopped me cold. PerimeterX isn’t just looking for categories of automation. It’s maintaining a curated blocklist of specific Chrome extensions by their exact extension ID. Someone at PerimeterX is actively monitoring the AI tooling ecosystem and adding new entries. The script is a living document of the bot-detection arms race.

Step two: map the fingerprinting engine

Once the strings were decoded, the real architecture came into focus. The script is not one thing. It’s a pipeline with five distinct stages.

Stage 1: Tamper detection

Before collecting any data, the script validates the integrity of the JavaScript environment itself. It does this by calling getOwnPropertyDescriptor on core native functions and hashing their descriptors. If Array.prototype.push, JSON.parse, or document.querySelector have been monkey-patched, even subtly, the descriptor hash won’t match expected values and the session is flagged.

This is why naive Puppeteer setups fail instantly. Any tool that injects helpers into page.evaluateOnNewDocument is touching property descriptors. PerimeterX sees the fingerprints of that injection.

Stage 2: Custom JSON parser

This one is elegant and paranoid. The script ships its own complete JSON parser:

dt(t): Main JSON parse function
rt(): Parse JSON value (recursive)
at(): Parse JSON string
st(): Parse JSON number
it(): Skip whitespace
ut(e): JSON stringify implementation

Why? Because if you override JSON.parse (a common technique to intercept serialized payloads), the PerimeterX script simply doesn’t call it. It uses its own. The custom parser is a direct countermeasure to a well-known interception strategy. Whoever wrote this anticipated that someone would be watching the JSON layer.

Stage 3: Multi-layer fingerprinting

This is where the data collection actually happens. The script gathers signals across four dimensions simultaneously:

Canvas & WebGL fingerprinting:

canvasfp: O(t.canvas.toDataURL())   // MD5 of pixel data
webglRenderer: Sh(t, t.RENDERER)
webglVendor: Sh(t, t.VENDOR)
extensions: t.getSupportedExtensions()
shadingLanguageVersion: ...

Every GPU renders canvas pixel data slightly differently due to driver and hardware variations. The MD5 hash of canvas.toDataURL() is a remarkably stable identifier for real machines, and an obvious red flag for headless browsers that render identically across instances.

Video codec fingerprinting:

video/mp4; codecs="avc1.42801E"
video/mp4; codecs="avc1.4D401E"
video/mp4; codecs="avc1.64001E"
video/webm; codecs="vp8"
video/ogg; codecs="theora"
video/ogg; codecs="dirac"

It probes codec support across six formats. The combination of supported and unsupported codecs creates a unique profile. Most headless environments support a different subset than real user browsers, and support changes between OS, browser version, and hardware configuration.

WebRTC capabilities:

RTCRtpReceiver.getCapabilities()

WebRTC negotiation exposes detailed information about the audio/video codec stack. Real browsers have rich, hardware-specific capability sets. Headless environments typically return incomplete or generic capability lists.

JavaScript engine internals:

ArgumentsIterator
ArrayIterator
MapIterator
SetIterator

This one is subtle. The script checks the toString() output of iterator objects. Different JavaScript engines (V8, SpiderMonkey, JavaScriptCore) produce different string representations. Headless environments that emulate a browser can get the DOM right but still leak their real JS engine through these internal implementation details.

Stage 4: Behavioral signals

Static fingerprints can be spoofed. Behavioral signals are much harder to fake continuously.

The script tracks:

  • PX12108: mouse X position
  • PX12414: mouse Y position
  • PX11699: timestamp of each event
  • PX11892: clipboard items (kind and MIME type)
  • Page visibility state changes
  • Keyboard events
  • Touch events

Mouse movement patterns from real humans are noisy in a very specific way. They accelerate, decelerate, curve, occasionally overshoot and correct. Scripted mouse movements are either perfectly linear (obviously fake) or use simple easing curves (too smooth, too consistent). Building a behavioral profile from thousands of real users and comparing new sessions against it is quietly one of the most effective bot signals that exists.

The clipboard monitoring surprised me. If a session pastes content, PerimeterX sees the MIME type of what was pasted. Bots that programmatically inject text into form fields tend to use text/plain with no formatting. Real users copy rich content.

Stage 5: Cryptographic packaging

Before transmission, collected data goes through a specific pipeline:

  1. JSON stringified with the custom parser (not JSON.stringify)
  2. MD5 hashed using a full HMAC-MD5 implementation (not crypto.subtle)
  3. XOR-ciphered with rotating keys
  4. Base64-encoded for transmission
  5. Sent to /api/v2/collector on the PerimeterX CDN

The MD5 functions alone span seven internal functions: md5Hash, hmacMd5, md5Core, and four round functions (md5Round1_F, md5Round2_G, md5Round3_H, md5Round4_I). This isn’t off-the-shelf code. Someone wrote this from scratch, or ported a C implementation very carefully, to avoid any dependency on the host environment’s crypto APIs, which could also be tampered with.

The XOR cipher uses a set of rotating keys that appear to be generated from the session config:

oVZU)3Qd    oVZU)9Yf    oVZU)=Xe
g^R]"6Wg    g^R]"5Qf    g^R]"6Ug
s*Fi6@MZ    w.Bm1KE^    cZVY%?Vl

These are not human-readable strings by accident. They’re the output of a secondary obfuscation layer on top of the Base64 encoding: XOR-encrypted keys, Base64-encoded again. Decoding the outer Base64 gets you the XOR’d bytes; you still need the XOR key to get the plaintext.

Finding Parameter X

After mapping the full pipeline, I went back to the original problem: the field that was changing session trust scores.

The clue was in the transmission timing. Parameter X didn’t appear in the initial page request. It appeared in a follow-up call, after enough page interaction had occurred to generate a behavioral profile. That ruled out static fingerprints and pointed directly to the behavioral analysis stage.

Cross-referencing the decoded mouse event fields (PX12108, PX12414, PX11699) with the timing of when the suspicious value first showed up confirmed it: Parameter X was a compact hash of the interaction profile, a signed behavioral fingerprint that the PerimeterX collector used to vouch for the session.

The session data was collected, hashed with HMAC-MD5 using a session-specific key derived from the App ID (PXdOjV695v) and config key (N24CankcCQEl), and embedded in subsequent requests as a compact proof token.

You can’t fake that token by inspecting headers. You have to generate it. And generating it correctly means running the real browser code path, which means your automation has to behave like a real browser, not just look like one at the HTTP layer.

What the script taught me about bot detection design

The PerimeterX script is a masterclass in defense-in-depth. No single signal is decisive. The architecture is explicitly designed so that defeating one layer only exposes you to the next:

  • Fake your User-Agent → caught by canvas fingerprint
  • Pass canvas fingerprint → caught by behavioral analysis
  • Script your mouse → caught by codec probe inconsistencies
  • Pass codec probes → caught by WebRTC capabilities
  • Pass WebRTC → caught by JS engine iterator fingerprint
  • Pass iterators → caught by property descriptor hashing
  • Patch descriptors → custom JSON parser doesn’t care

It’s a stack, not a gate. Every layer narrows the population of plausible sessions. By the end, the set of requests that pass every layer cleanly is very small, and suspiciously similar to what a real browser running on real hardware actually produces.

The AI agent detection list was the most revealing part. Seeing Puppeteer, Perplexity, Skyvern, Fellou, and ChatGPT Browser all explicitly named tells you that PerimeterX is actively monitoring what tooling people use to build automations and writing countermeasures. The script is not static. It’s a continuously updated intelligence database masquerading as a JavaScript file.

What changed in how I build automation

Understanding the full system changed the design direction completely.

The naive approach of capturing a request, replaying it, and injecting a copied header value breaks at the behavioral layer. The trust token is generated fresh every session from live interaction data. You can’t copy it.

The right approach is to make the automation run the actual page code path: real browser, real GPU, real codec stack, real interaction events. Not because you’re trying to trick the server, but because that’s the only way to generate a cryptographically valid trust signal.

That realization collapsed a lot of complexity. Once I stopped asking “how do I fake this?” and started asking “how do I run this correctly?”, most of the problems dissolved. The system isn’t built to catch browsers. It’s built to catch things that aren’t browsers. Run a real browser, generate real signals, and the gate mostly opens.

The constraints I built from this:

  • Never monkey-patch native APIs in an automated browser session
  • Preserve real interaction events; don’t inject synthetic mouse coordinates
  • Keep session state intact across requests (storage, cookies, referrer chain)
  • Validate the session looks consistent before acting on it
  • Fail closed when signals look wrong rather than trying to recover

Parameter X turned out to be a small field. But the investigation that started there ended up being one of the more useful deep dives I’ve done, not because I found a trick, but because I understood why the tricks don’t work.

The interesting engineering, as usual, was in the gap between “the request looks right” and “the system actually trusts it.”