Skip to content

Instantly share code, notes, and snippets.

@aravindanve

aravindanve/bypass-disable-devtool.md

Last active May 2, 2025 17:57
Show Gist options
  • Save aravindanve/3e13d995fac35e4a07c236b11cc432c7 to your computer and use it in GitHub Desktop.
Save aravindanve/3e13d995fac35e4a07c236b11cc432c7 to your computer and use it in GitHub Desktop.
Download ZIP
Bypass disable-devtool
Raw
bypass-disable-devtool.md

Bypass disable-devtool

(Working as of 2025-02-09)

There are websites that use disable-devtool to prevent you from opening or using devtools. They typically prevent you from right clicking or using the keyboard shortcut to open devtools. Even if you successfully do so, they detect it and redirect you elsewhere. You can bypass this by using one of the following ways.

Opening devtools

If the shortcut F12 on Windows or Option + ⌘ + I on Mac do not work. Press the three vertically aligned dots in the top right corner of your Google Chrome or Microsoft Edge window. Under the section "More Tools", you'll see the option to select "Developer Tools" which opens the toolkit in your window.

Once devtools is open, the script may also have debugger statements that may interrupt your browsing experience. You can disable all debugger statements by going to "Sources", and clicking on "Deactivate breakpoints"

Screenshot 2025-02-09 at 3 03 43 PM Screenshot 2025-02-09 at 3 05 10 PM

Bypass external script

When disable-devtool is included as an external script, it can be disabled with a single line of javascript or using an url blocker extension.

  • First try executing this line of javascript from your address bar as suggested here on reddit

    javascript:DisableDevtool.isSuspend = true

  • Or you can bypass it by finding the url in the page source, and blocking it using an url blocker extension, as suggested here on reddit

    1. If the website is thewebsite.com, go to view-source:https://thewebsite.com
    2. Find the url for the external script by searching for disable-devtool. It'll typically be 
      //cdn.jsdelivr.net/npm/disable-devtool
    3. Block the url using ublock or any browser url blocking extension of your choice

Bypass bundled script

If disable-devtool is bundled into the application, the solutions above will not work.

To bypass this, we'll have to modify the bundled script and disable it.

Prerequisites

We are going to make some changes to the script. To do this, we have to enable overriding scripts.

Go to a new tab, and open devtools. In "Sources", under "Overrides" tab, check "Enable Local Overrides" and pick a folder to save the modified scripts locally.

Screenshot 2025-02-09 at 3 18 03 PM

Steps

  1. We'll look for a literal from the source to find it's location in the bundle, I'm going to use already running

    Screenshot 2025-03-10 at 1 20 31 PM

  2. If the website is thewebsite.com, go to view-source:http://thewebsite.com

  3. Search for the string literal already running.

  4. If there is no match, find all included scripts by searching for .js

    Screenshot 2025-02-09 at 2 52 06 PM

  5. Follow the links to the bundled scripts and search within them, you'll usually find them in a script called main or app. I found mine in a script starting with _app-

    Screenshot 2025-03-10 at 1 31 05 PM

  6. Open devtools (there should be no issue here since we are viewing the source, not the actual page). In "Search", find already running again and click on the result

    Screenshot 2025-03-10 at 1 27 19 PM Screenshot 2025-03-10 at 1 37 54 PM

  7. Add a return statement after this line so that the package is never initialized. Make sure to hit save (Ctrl/Cmd + S) after modifying the file

    Screenshot 2025-03-10 at 1 20 00 PM

Now, if you open devtools using the methods described under the opening devtools section, you'll find that disable-devtool has been successfully disabled

@peres07
Copy link

peres07 commented Apr 28, 2025

This worked for this, thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment