4.3k Stars! This open-source browser bypasses all anti-bot detection

Image

Getting Blocked by Anti-Bot Systems? You're Not Alone

If you're a developer working on web scraping, you've probably run into this situation—

You write your code, run it, and the website immediately throws up a challenge box:

"Sorry, we've detected unusual traffic..."

Or worse, it returns a straight-up 403 Forbidden, without even giving you a chance to prove you're human.

Cloudflare, reCAPTCHA, FingerprintJS… these anti-bot systems are getting smarter every day. Traditional tools like Selenium and Playwright are practically "transparent" in front of them—they get spotted instantly.

The open-source project we're introducing today might be the closest thing to a "perfect disguise" solution out there.

It's called CloakBrowser, and it has already racked up more than 4,300 stars on GitHub.

01 The Root of the Problem: Browser Fingerprinting

Why are tools like Selenium and Playwright detected so easily?

The answer lies in browser fingerprinting.

When you visit a site with a normal browser, the site collects a vast array of browser characteristics:

  • Canvas rendering results
  • WebGL rendering information
  • Font lists
  • Screen resolution
  • WebRTC IP address
  • Whether navigator.webdriver is true
  • Plugin lists
  • TLS fingerprint

These characteristics combine to form a unique "fingerprint" for your browser. Automation tools like Selenium and Playwright have fixed characteristics—for instance, navigator.webdriver is always true—so websites can easily identify them.

The traditional workaround is to patch things up: inject JavaScript into the code to modify these feature values.

But there's a problem—patches can break with every browser update. Plus, using patches is a detectable feature in itself, as sophisticated detection systems can recognize the "signs of being tampered with."

02 Core Mechanism: Source-Level Modification in C++

CloakBrowser takes a completely different approach.

Instead of patching at runtime, it directly modifies the Chromium C++ source code and recompiles it into new binaries.

What does that mean in practice?

Detection sites see a real browser — because it is a real browser.

Take a look at the test data (tested in April 2026, on Chromium 146):

Detection ServiceRegular PlaywrightCloakBrowser
reCAPTCHA v30.1 (Bot)0.9 (Human)
Cloudflare TurnstileFAILPASS
FingerprintJSDETECTEDPASS
BrowserScanDETECTEDNORMAL (4/4)

Image

Image

In tests against more than 30 detection sites, CloakBrowser passed all 30+ of them.

03 Core Features: What Can It Do?

3.1 49 Source-Level Patches

CloakBrowser implements 49 patches at the C++ source level for Chromium, covering:

  • Canvas fingerprinting
  • WebGL fingerprinting
  • Audio fingerprinting
  • Fonts fingerprinting
  • GPU fingerprinting
  • Screen fingerprinting
  • WebRTC IP
  • Network timing
  • Automation signals
  • CDP input behavior

Every fingerprint is modified at the source code level. Detection systems don't see "modified traits"—they see authentic browser characteristics.

3.2 humanize=True: Human-Like Behavior

Beyond hardware fingerprints, there's also behavioral detection to contend with.

When a real person operates a browser, the mouse doesn't move in a straight line but in a curved arc; there are micro-pauses between each keystroke while typing; scrolling is uneven in speed.

CloakBrowser's humanize=True parameter enables all these human-like behaviors in one go:

  • Bézier curve mouse movements
  • Character-by-character realistic typing
  • Simulating human-like scroll patterns

Image

3.3 WebRTC IP Spoofing

When using a proxy, a real browser might leak your local IP address instead of the proxy's.

CloakBrowser's --fingerprint-webrtc-ip=auto flag can automatically fetch and spoof the WebRTC IP based on your proxy connection, ensuring the detection system only sees the proxy IP.

3.4 Browser Profile Manager

CloakBrowser also offers a self-hosted browser profile manager, which can serve as a replacement for commercial tools like Multilogin, GoLogin, or AdsPower:

  • Create browser profiles with unique fingerprints
  • Proxy support
  • Persistent sessions
  • Launch and interact via noVNC in a browser

04 Quick Start: 3 Lines of Code, 30 Seconds

The biggest advantage of CloakBrowser is zero intrusion into your existing code.

If you're already using Playwright, you only need to change about three lines of code:

- from playwright.sync_api import sync_playwright
- pw = sync_playwright().start()
- browser = pw.chromium.launch()
+ from cloakbrowser import launch
+ browser = launch()

The rest of your code stays completely unchanged.

Installation is simple:

# Python
pip install cloakbrowser
# JavaScript
npm install cloakbrowser playwright-core

On the first run, CloakBrowser will automatically download the ~200MB stealth Chromium binary, which is then cached locally.

05 Supported Frameworks

CloakBrowser integrates well with a variety of frameworks:

  • browser-use: AI agent browser interactions
  • Crawl4AI: AI-friendly web crawling
  • Scrapling: High-performance scraping
  • Stagehand: AI-driven browser interactions
  • LangChain: LLM application framework
  • Selenium: Traditional automation testing

Basically, if a framework is based on Playwright or Puppeteer, CloakBrowser can seamlessly replace the underlying browser.

06 Important Considerations

Can this tool solve CAPTCHAs?

No. It's a preventive tool, not a solver.

CloakBrowser's goal is to prevent CAPTCHAs from appearing in the first place, not to automatically crack them after they show up. If a target site still requires a CAPTCHA input, you'll need an external CAPTCHA solving service.

You need to provide your own proxies

CloakBrowser does not include built-in proxy rotation. You'll need to provide your own proxy servers and pass them in via the proxy parameter when you call launch.

The browser will auto-update

CloakBrowser has an auto-update mechanism that checks for and downloads new versions in the background. For scenarios requiring a fixed version, you can specify a particular version during the launch process.

Final Thoughts

After running a scraping project with CloakBrowser for a week, my biggest takeaway is this:

A good tool should be transparent.

You don't need to study every website's detection mechanisms, write countless workarounds, or dread every browser update. CloakBrowser handles all these complexities under the hood. For the code on top, it's just a change of one import statement.

If you're battling anti-bot systems or if your AI agent needs a stable browser environment, CloakBrowser is well worth a try.

After all, with a migration cost of just 3 lines of code and 30 seconds, you have nothing to lose.

Image

Project Link

TechnologyWeb ScrapingCybersecurityBrowser AutomationOpen Source
Related Articles
1.
30MB Rust Headless Browser Obscura: Beats Chrome, Real V8 JS + Full CDP Compatibility, the Invisible Nuclear Weapon for AI Agents and CrawlersTechnology
2.
Ex-Anthropic Engineer Open-Sources AI Orchestration Powerhouse, Amassing 39,000+ GitHub Stars!Technology
3.
Codex Released a Chrome Plugin That Can Fill Forms, Process Expenses, Play Games... Control Your Entire BrowserArtificial Intelligence
4.
jina-embeddings-v5-omni Released! A Lightweight Omni-Modal Vector ModelTechnology
5.
HTML is Dead! Ex-OpenAI Engineer Sparks Web Revolution: AI Turns the Entire Screen into an Infinite Livestream Pixel Stream, Not a Single Line of HTML CodeArtificial Intelligence
分享網址
Original URLhttps://mp.weixin.qq.com/s/hY6G3ji-uB1rm9FICWUk0Q
AINews·AI 新聞聚合平台
© 2026 AINews. All rights reserved.