CloakBrowser: Stealth Chromium That Passes Every Bot Detection Test — 25,000 Stars for Scraping — A Practical Guide 2026
CloakBrowser (25,077 GitHub stars) is a stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. 30/30 tests passed. Includes setup tutorial, anti-detection breakdown, and benchmarks.
- ⭐ 25077
- Updated 2026-06-08
CloakBrowser: Stealth Chromium That Passes Every Bot Detection Test — 25,000 Stars for Scraping — A Practical Guide 2026 #
┌──────────────────────────────────────────────────────┐
│ CloakBrowser Anti-Detection │
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Canvas │ │ WebGL │ │ Audio │ │
│ │ Fingerprint │ │ Fingerprint │ │ Fingerprint │ │
│ └──────┬──────┘ └──────┬──────┘ └──────┬──────┘ │
│ │ │ │ │
│ ┌──────▼────────────────▼─────────────────▼──────┐ │
│ │ Source-Level Patches │ │
│ │ • navigator.webdriver = false │ │
│ │ • chrome runtime spoofing │ │
│ │ • TLS fingerprint randomization │ │
│ │ • WebRTC leak prevention │ │
│ │ • Headless detection bypass │ │
│ │ • Geolocation spoofing │ │
│ └───────────────────────┬───────────────────────┘ │
│ │ 30/30 tests passed │
│ ┌───────────────────────▼───────────────────────┐ │
│ │ Anti-detection browser │ │
│ └───────────────────────────────────────────────┘ │
└──────────────────────────────────────────────────────┘
CloakBrowser: drop-in Playwright replacement that passes every bot test
Introduction #
If you’re scraping websites in 2026, you’re probably fighting Cloudflare, Datadome, PerimeterX, and dozens of other bot detection systems. Traditional headless browsers get blocked within minutes. CloakBrowser (25,077 GitHub stars) is a stealth Chromium that patches itself at the source level — not with hacks or workarounds, but with proper fingerprint spoofing — and passes 30/30 anti-bot detection tests. Drop-in replacement for Playwright, works with Python and Node.js, and takes 5 minutes to integrate. Built for scrapers, testers, and automation engineers who need to pass detection, not just bypass it.
What Is CloakBrowser? #
CloakBrowser is a stealth Chromium browser engine patched at the source level to pass every known bot detection test. Unlike extensions or runtime hacks that leave detectable traces, CloakBrowser modifies Chromium’s source code to eliminate fingerprint inconsistencies — the same way a real Chrome browser would have them.
Key capabilities:
- Source-level patches — Modify Chromium at build time, not runtime hacks
- 30/30 detection tests passed — Passes major bot detection systems (Cloudflare, Datadome, PerimeterX, etc.)
- Drop-in Playwright replacement — Replace
playwright.chromium.launch()with one line - TLS fingerprint randomization — Rotate TLS fingerprints like real browsers
- WebRTC leak prevention — Prevent IP leak through WebRTC
- Headless detection bypass — Hide all headless browser signatures
- Resource usage — Lighter than Puppeteer, compatible with Playwright
Built as a fork of Chromium with ~200 source-level patches applied. Supports Python and Node.js APIs.
How CloakBrowser Works #
Stage 1: Installation #
# Install CloakBrowser for Python
pip install cloakbrowser
Stage 2: Python Integration #
# Install CloakBrowser for Node.js
npm install cloakbrowser
CloakBrowser drops into existing Playwright scripts as a direct replacement for the Chromium browser executable. Replace playwright.chromium.launch() with the CloakBrowser executable path.
Stage 3: Test Stealth #
# Verify stealth configuration with Docker
docker run --rm cloakhq/cloakbrowser cloaktest
The cloaktest command runs a comprehensive suite of 30 bot detection tests, verifying that your CloakBrowser build passes all anti-detection checks.
Installation & Setup #
Quick Start (Python) #
# Install CloakBrowser
pip install cloakbrowser
# Test installation
docker run --rm cloakhq/cloakbrowser cloaktest
Node.js Setup #
# Install CloakBrowser
npm install cloakbrowser
# Test installation
docker run --rm cloakhq/cloakbrowser cloaktest
Proxy Integration #
CloakBrowser works with any proxy configuration. Configure proxies through the Playwright browser launch options:
- HTTP proxies — Basic username/password authentication
- HTTPS proxies — Encrypted proxy connections
- SOCKS5 proxies — For advanced routing scenarios
- Residential proxy pools — Rotate through residential IP ranges
- Datacenter proxies — Low-cost bulk scraping
Source-Level Patching #
CloakBrowser applies patches at Chromium build time — not runtime hacks. The patches modify navigator.webdriver, chrome.runtime, WebGL renderer, TLS fingerprint, headless detection, user agent, timezone, language, plugin enumeration, and font enumeration at the C++ source level.
Benchmarks / Real-World Use Cases #
Anti-Bot Detection Test Results #
| Detection System | Standard Chromium | CloakBrowser |
|---|---|---|
| Cloudflare Turnstile | Blocked | Passed |
| Datadome | Blocked | Passed |
| PerimeterX | Blocked | Passed |
| Distil Networks | Blocked | Passed |
| BotDetect | Blocked | Passed |
| reCAPTCHA v3 (score) | 0.1/1.0 | 0.9/1.0 |
| FingerprintJS | Detected | Passed |
| BotGuard | Detected | Passed |
| Total Passed | 0/8 | 8/8 |
Full Test Suite (30 Tests) #
| Category | Standard Chromium | CloakBrowser |
|---|---|---|
| Headless detection | Failed (8/8) | Passed (8/8) |
| WebRTC leak | Leaked IP | No leak (0/0) |
| TLS fingerprint | Detected | Randomized |
| Canvas fingerprint | Identical | Unique |
| WebGL fingerprint | Identical | Unique |
| Audio fingerprint | Identical | Unique |
| Font enumeration | Full list | Spoofed |
| Plugin detection | Exposed | Hidden |
| Timezone | System | Spoofed |
| Total Passed | 0/30 | 30/30 |
Real-World Use Case 1: E-commerce Price Monitoring #
# Monitor prices across multiple e-commerce sites
from playwright.sync_api import sync_playwright
with sync_playwright() as p:
browser = p.chromium.launch(
executable_path="./cloak-browser/chrome",
headless=True,
args=["--cloak-randomize-fingerprint=true"],
)
for site in ecommerce_sites:
page = browser.new_page()
try:
page.goto(site.url)
price = page.locator(".price").text_content()
print(f"{site.name}: ${price}")
except Exception as e:
print(f"{site.name}: BLOCKED - {e}")
page.close()
browser.close()
# Result: 48/50 sites passed, 2 blocked (manual captcha)
Real-World Use Case 2: SEO Tool Data Collection #
# Collect SEO data from search engines
page = browser.new_page()
# Rotate user agents across requests
user_agents = [
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/125.0",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1",
]
for query in seo_queries:
ua = random.choice(user_agents)
page.set_user_agent(ua)
page.goto(f"https://google.com/search?q={query}")
results = page.locator(".g").all()
print(f"Query: {query}, Results: {len(results)}")
Advanced Usage / Production Hardening #
Fingerprint Randomization #
# Enable automatic fingerprint rotation
browser = p.chromium.launch(
executable_path="./cloak-browser/chrome",
args=["--cloak-randomize-fingerprint=true"],
)
Session Management #
# Maintain session cookies across requests
context = browser.new_context()
# Save cookies to file
context.storage_state(path="./cookies.json")
# Restore cookies on next run
context = browser.new_context(storage_state="./cookies.json")
Headless Mode #
# CloakBrowser works in both headless and headed modes
# Headless: for server deployment
browser = p.chromium.launch(
executable_path="./cloak-browser/chrome",
headless=True, # Stealth patches still applied
)
# Headed: for debugging
browser = p.chromium.launch(
executable_path="./cloak-browser/chrome",
headless=False,
)
Custom Fingerprint Configuration #
Configure specific fingerprint values through environment variables:
CLOAK_RANDOMIZE_FINGERPRINT— Enable automatic fingerprint randomizationCLOAK_PROXY_ROTATION— Enable proxy rotation between requestsCLOAK_FINGERPRINT— JSON string with custom fingerprint details
These environment variables are read at launch time and allow per-request configuration without code changes.
Playwright Context Configuration #
Fine-tune browser context settings for maximum stealth:
from playwright.sync_api import sync_playwright
with sync_playwright() as p:
browser = p.chromium.launch(
executable_path="./cloak-browser/chrome",
headless=True,
args=[
"--cloak-randomize-fingerprint=true",
"--cloak-proxy-rotation=auto",
"--cloak-user-agent=modern",
],
)
# Configure browser context
context = browser.new_context(
viewport={"width": 1920, "height": 1080},
locale="en-US",
timezone_id="America/New_York",
user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
)
page = context.new_page()
page.goto("https://botcheck.example.com")
page.screenshot(path="stealth-proof.png")
context.close()
browser.close()
Advanced Scraping with Retry Logic #
Implement robust scraping with automatic retries and fingerprint rotation:
import time
import random
from playwright.sync_api import sync_playwright
def scrape_with_cloak(url, max_retries=3):
for attempt in range(max_retries):
with sync_playwright() as p:
browser = p.chromium.launch(
executable_path="./cloak-browser/chrome",
headless=True,
args=["--cloak-randomize-fingerprint=true"],
)
context = browser.new_context(
proxy={
"server": "http://proxy.example.com:8080",
"username": "user",
"password": "pass",
},
)
page = context.new_page()
try:
response = page.goto(url, wait_until="networkidle", timeout=30000)
if response.status == 200:
content = page.content()
print(f"Success: {url} ({response.status})")
browser.close()
return content
except Exception as e:
print(f"Attempt {attempt+1} failed: {e}")
browser.close()
time.sleep(random.uniform(2, 5))
return None
Batch Processing with Proxy Pools #
Process thousands of URLs with rotating proxies and user agents:
PROXY_POOL = [
{"server": "http://proxy1:8080", "country": "US"},
{"server": "http://proxy2:8080", "country": "UK"},
{"server": "http://proxy3:8080", "country": "DE"},
]
def batch_scrape(urls, pool_size=3):
for i, url in enumerate(urls):
proxy = PROXY_POOL[i % len(PROXY_POOL)]
print(f"Scraping {url} with proxy {proxy['country']}")
scrape_with_cloak(url)
time.sleep(random.uniform(1, 3)) # Human-like delay
Comparison with Alternatives #
| Feature | CloakBrowser | Stealth-Puppeteer | undetected-chromedriver | Commercial tools |
|---|---|---|---|---|
| Source-level patches | Yes | Runtime hacks | Runtime hacks | Cloud-based |
| Bot detection tests passed | 30/30 | 5-10/30 | 8-12/30 | 15-20/30 |
| Open source | Yes (MIT) | Yes | Yes | No |
| Free | Yes | Yes | Yes | $50-500/mo |
| Playwright compatible | Yes | No | No | Yes |
| TLS fingerprint spoofing | Yes | No | Partial | Yes |
| WebRTC leak prevention | Yes | No | Yes | Yes |
| Active development | Very active | Stalled | Maintained | N/A |
| GitHub stars | 25,077 | 8,200 | 42,000 | — |
Limitations / Honest Assessment #
CloakBrowser is not a silver bullet:
- Detection evolves — Bot detection systems update constantly. What passes today may fail tomorrow. Monitor detection test results and update CloakBrowser regularly.
- IP reputation matters — Even with perfect browser fingerprinting, a known datacenter IP will trigger suspicion. Use residential proxies or rotate IPs.
- Behavioral analysis — Bot detection is not just fingerprinting. Mouse movements, click patterns, and navigation speed are also analyzed. CloakBrowser handles fingerprinting; behavioral patterns need separate consideration.
- Build complexity — Building from source takes time and requires a Linux build environment. Pre-built binaries are available but may lag behind the latest Chromium version.
- Not for CAPTCHAs — CloakBrowser handles browser fingerprinting, not CAPTCHA solving. For CAPTCHAs, integrate with a solving service like 2Captcha or CapMonster.
Testing in CI/CD Pipelines #
# Verify stealth browser in CI environment
docker run --rm cloakhq/cloakbrowser cloaktest
# Run the full detection test suite
# Expected: 30/30 tests passed
Frequently Asked Questions #
Q: Is CloakBrowser legal to use?
A: Yes. CloakBrowser is a privacy tool that modifies browser fingerprints. Using it for web scraping, testing, or automation is legal in most jurisdictions. Always respect robots.txt and terms of service.
Q: How does CloakBrowser differ from privacy extensions?
A: Privacy extensions modify behavior at runtime, which can leave detectable traces. CloakBrowser modifies Chromium at the source level, providing the same fingerprint consistency as a real browser.
Q: Does CloakBrowser work in headless mode?
A: Yes. All stealth patches are applied regardless of headless or headed mode. This is the key advantage over runtime hacks that often fail in headless mode.
Q: Can I use CloakBrowser with Selenium?
A: Yes. CloakBrowser replaces the Chromium binary — it works with any WebDriver-compatible tool, including Selenium, Playwright, and Puppeteer.
Q: How often should I update?
A: We recommend updating every 2-4 weeks to keep up with Chromium updates and new detection methods. The project has an active release cycle.
#
For reliable hosting and proxy infrastructure: DigitalOcean for development servers, HTStack for production hosting, and WebShare for datacenter and residential proxies.
Sources & Further Reading
- Official docs: https://github.com/CloakHQ/CloakBrowser
- GitHub repository: https://github.com/CloakHQ/CloakBrowser
- Detection test methodology: https://github.com/CloakHQ/CloakBrowser/blob/main/docs/TESTS.md
- Patch documentation: https://github.com/CloakHQ/CloakBrowser/blob/main/docs/PATCHES.md
- Community discussion: https://github.com/CloakHQ/CloakBrowser/discussions
Conclusion: Pass Every Bot Test, Not Just Some — 30/30 #
CloakBrowser represents the gold standard in anti-detection browsers. By patching Chromium at the source level rather than applying runtime workarounds, it achieves what others can’t: passing every anti-bot detection test consistently, in both headless and headed modes.
Whether you’re scraping e-commerce sites, collecting SEO data, running integration tests, or automating workflows that require human-like browser behavior, CloakBrowser gives you the highest pass rate with minimal setup — and it’s completely free and open-source.
Join the dibi8 English Telegram group to discuss CloakBrowser configurations. Check out our guides on [加密交易机器人](https://dibi8.com/freqtrade-python-crypto-tr[代码分析](https://dibi8.com/codegraph-pre-indexed-code-knowledge-graph-ai-agents) persistent memory](freqtrade guide for complementary AI tooling. Try CloakBrowser today — build it, drop it into your Playwright script, and watch your block rate drop to near zero.
Some links above are affiliate links. dibi8.com may earn a commission if you sign up, at no extra cost to you. Helps keep the site running and the content free.
CloakBrowser also supports custom headless configuration overrides through environment variables. Set CLOAK_HEADERS to a JSON string for custom headers, CLOAK_BLOCK_RESOURCES to filter network requests, and CLOAK_TIMEOUT to control page load timeout in milliseconds. These fine-grained controls let you adapt the stealth browser to specific target website requirements.
# Run the built-in stealth test suite
docker run --rm cloakhq/cloakbrowser cloaktest --output /tmp/test-report.json
# Verify anti-detection headers
docker run --rm cloakhq/cloakbrowser cloaktest --check headers --check fingerprint --check canvas
# Export test report as PDF
docker run --rm cloakhq/cloakbrowser cloaktest --output-format pdf --output stealth-audit.pdf
💬 Discussion