CloakBrowser: Open-Source Stealth Chromium That Passes Every Bot Detection Test
文章目录
- Source-level fingerprint patching — modifies Chromium's core rendering engine rather than relying on JavaScript-level workarounds, making patches far more resistant to detection Multi-version support (v142–v145) — maintains patched binaries across Chromium versions, with each version requiring specific configuration adjustments for headless vs. headed mode Active community-driven detection reporting — users continuously report new bot detection findings on GitHub Issues, with the team actively responding and iterating on fixes
- One of CloakBrowser's strengths is its active GitHub Issues section where developers share detection results, workarounds, and feature requests in detailed technical discussions. Issue #109 — "when are you adding quic support?" (25 comments) Original discussion: "hey when are you adding quic support? ... its the best way to get 99 botscore ... dont forget ja4 also matters" Developer response: "We're aware of this fork. It's a big patch touching SOCKS5 UDP relay, QUIC tunneling, and TLS fingerprinting at the network stack level. We're reviewing it to understand the full scope before committing to a timeline." This discussion highlights the ongoing arms race between stealth browsers and detection services — QUIC protocol support would eliminate another fingerprinting vector, as current HTTP/2 connections leave detectable patterns. The team confirmed they're actively evaluating the implementation effort. Issue #16 — "New versions detected by allegro.pl (DataDome)" (19 comments) Bug report: "I use version 0.2.1 on allegro.pl and after several hundred steps, they are detected by the service, but refreshing the page is enough to continue downloading data. After installing a newer version than 0.2.1, the browser is immediately blocked." Official response: "We tested allegro.pl with v0.3.2 on our end — homepage loads fine in headed mode. ... v145 needs proper configuration. Unlike v0.2.1, the v145 binary requires specific environment variables and proxy settings." This thread showcases the project's responsiveness — the maintainer requested detailed environment info, tested independently, and provided specific configuration guidance. The bug reporter then tested with Patchright as a comparison point, helping narrow down the issue. The thread evolved into a productive back-and-forth that resulted in actionable debugging steps. Issue #100 — "BrowserScan Detection Results and CloakBrowser Issues" (18 comments) Detection report: "In my scans on Browserscan.net, the same three results are consistently detected. Additionally, CloakBrowser is unable to pass PerimeterX protections." Community contributor's detailed analysis: "I am providing you with a detailed explanation and examples so you can investigate the detection issue. For hCaptcha: If you generate an hCaptcha token on the real Chrome browser and inject it into CloakBrowser, it should pass hCaptcha challenges." A community member went beyond simply reporting the issue — they provided a detailed technical breakdown with examples and a specific workaround (token injection from real Chrome). The maintainer acknowledged the detection flags and committed to investigating the fingerprint authenticity page separately from the bot score check.
- CloakBrowser stands out as a seriously maintained project that takes the anti-detect browser arms race seriously. Unlike most Playwright/Selenium wrappers that patch surface-level JavaScript, it digs into Chromium source code. The active GitHub Issues with substantive English technical discussions — ranging from TLS fingerprinting nuances to QUIC protocol plans — show a healthy, engaged community. For developers building AI agents or web automation at scale, this is worth watching closely. ⭐ Stars: 4,158 | 🔗 GitHub: github.com/CloakHQ/CloakBrowser | 📦 Language: Python, TypeScript
CloakBrowser is an open-source stealth Chromium project that replaces Playwright as a drop-in solution for bypassing bot detection systems. Built by CloakHQ, it applies source-level fingerprint patches to Chromium, making automated browsers indistinguishable from real human sessions. The project targets developers building AI agents, data scrapers, and automation tools that need to operate at scale without triggering anti-bot defenses.
Unlike traditional browser automation tools that can be easily flagged by services like DataDome, Cloudflare, or hCaptcha, CloakBrowser modifies the Chromium source code itself — patching Canvas, WebGL, TLS fingerprints, and dozens of other detection vectors at the binary level. Version support spans from v142 through v145, with ongoing work to add QUIC protocol support.
- Source-level fingerprint patching — modifies Chromium's core rendering engine rather than relying on JavaScript-level workarounds, making patches far more resistant to detection
- Multi-version support (v142–v145) — maintains patched binaries across Chromium versions, with each version requiring specific configuration adjustments for headless vs. headed mode
- Active community-driven detection reporting — users continuously report new bot detection findings on GitHub Issues, with the team actively responding and iterating on fixes
One of CloakBrowser's strengths is its active GitHub Issues section where developers share detection results, workarounds, and feature requests in detailed technical discussions.
Issue #109 — "when are you adding quic support?" (25 comments)
Original discussion:
"hey when are you adding quic support? ... its the best way to get 99 botscore ... dont forget ja4 also matters"
Developer response:
"We're aware of this fork. It's a big patch touching SOCKS5 UDP relay, QUIC tunneling, and TLS fingerprinting at the network stack level. We're reviewing it to understand the full scope before committing to a timeline."
This discussion highlights the ongoing arms race between stealth browsers and detection services — QUIC protocol support would eliminate another fingerprinting vector, as current HTTP/2 connections leave detectable patterns. The team confirmed they're actively evaluating the implementation effort.
Issue #16 — "New versions detected by allegro.pl (DataDome)" (19 comments)
Bug report:
"I use version 0.2.1 on allegro.pl and after several hundred steps, they are detected by the service, but refreshing the page is enough to continue downloading data. After installing a newer version than 0.2.1, the browser is immediately blocked."
Official response:
"We tested allegro.pl with v0.3.2 on our end — homepage loads fine in headed mode. ... v145 needs proper configuration. Unlike v0.2.1, the v145 binary requires specific environment variables and proxy settings."
This thread showcases the project's responsiveness — the maintainer requested detailed environment info, tested independently, and provided specific configuration guidance. The bug reporter then tested with Patchright as a comparison point, helping narrow down the issue. The thread evolved into a productive back-and-forth that resulted in actionable debugging steps.
Issue #100 — "BrowserScan Detection Results and CloakBrowser Issues" (18 comments)
Detection report:
"In my scans on Browserscan.net, the same three results are consistently detected. Additionally, CloakBrowser is unable to pass PerimeterX protections."
Community contributor's detailed analysis:
"I am providing you with a detailed explanation and examples so you can investigate the detection issue. For hCaptcha: If you generate an hCaptcha token on the real Chrome browser and inject it into CloakBrowser, it should pass hCaptcha challenges."
A community member went beyond simply reporting the issue — they provided a detailed technical breakdown with examples and a specific workaround (token injection from real Chrome). The maintainer acknowledged the detection flags and committed to investigating the fingerprint authenticity page separately from the bot score check.
CloakBrowser stands out as a seriously maintained project that takes the anti-detect browser arms race seriously. Unlike most Playwright/Selenium wrappers that patch surface-level JavaScript, it digs into Chromium source code. The active GitHub Issues with substantive English technical discussions — ranging from TLS fingerprinting nuances to QUIC protocol plans — show a healthy, engaged community. For developers building AI agents or web automation at scale, this is worth watching closely.
⭐ Stars: 4,158 | 🔗 GitHub: github.com/CloakHQ/CloakBrowser | 📦 Language: Python, TypeScript
微信扫一扫,分享到朋友圈
