If you've ever tried to scrape or automate a website only to be blocked by invisibleCAPTCHAs, fingerprinting checks, or behavioral analysis — CloakBrowser is the tool you didn't know you needed.

CloakBrowser is a stealth Chromium browser that passes bot detection at the source level. It doesn't patch configuration files or inject JavaScript — it modifies fingerprints at the C++ source level inside the Chromium binary itself. Antibot systems score it as a normal human browser because, well, it is one.

It's a drop-in replacement for Playwright and Puppeteer. Swap the import, and your code just works — 3 lines of code, 30 seconds to unblock.

• 49 source-level C++ patches covering canvas, WebGL, audio, fonts, GPU, screen resolution, WebRTC, network timing, and automation signals. This isn't a config tweak — it's a fundamentally modified browser binary.
• humanize=True flag enables human-like mouse curves, keyboard timing, and scroll patterns with a single parameter. Behavioral detection passes without extra configuration.
• Achieves a 0.9 reCAPTCHA v3 score — human-level and server-verified. Passes Cloudflare Turnstile, FingerprintJS, and BrowserScan (30+ detection sites tested).
• Works with Python, Node.js, Docker. Auto-downloads the stealth Chromium binary (~200MB, cached locally) on first run. Zero config required.
• Includes a Browser Profile Manager (via Docker) — a self-hosted Multilogin/GoLogin/AdsPower alternative with unique fingerprints, proxies, and persistent sessions.

CloakBrowser has an active GitHub Issues page with real discussions from developers working through edge cases. Here are some highlights:

🔧 Issue #100 — BrowserScan Detection Results and CloakBrowser Issues (18 comments)

A user reported BrowserScan flags after noticing fingerprint authenticity warnings. The maintainer (@Cloak-HQ) gave a detailed breakdown showing that with the right config, CloakBrowser can reach 95% on BrowserScan's scoring:

• Use geoip=True to match timezone to proxy IP (avoids -10%)
• Use launch_persistent_context() instead of launch() to avoid incognito detection (-10%)
• Pass --fingerprint-noise=false to disable noise injection while keeping deterministic fingerprint seeds (-10%)

One user (@rooto3252) added a practical tip: for testing PerimeterX, try creating an Outlook account — if the browser is flagged, the "press and hold" step will never pass even with perfect proxy configuration. This surfaced a real gap around WebRTC handling that the team is actively working on (see Issue #95).

🐛 Issue #193 — CloakBrowser Being Detected by FingerprintJS (17 comments)

Users reported that launchPersistentContext() is flagged by FingerprintJS as "bot_type": "nodriver", while normal launch() works fine. The issue produced a detailed FingerprintJS API response showing a 0.99 confidence score and visitor_found: true — meaning the browser was definitively fingerprinted as a bot. One commenter noted they see this specifically with persistent contexts where user_data_dir is reused across sessions, suggesting BrowserScan/FingerprintJS may be tracking storage fingerprint correlations.

The maintainer acknowledged the persistent_context path needs extra hardening and is tracked in the ongoing fingerprint spoofing work.

🔌 Issue #157 — SOCKS5 with Username/Password Auth Silently Falls Back to Direct Connection (13 comments)

A developer found that when using SOCKS5 proxies with authentication, CloakBrowser was silently dropping the connection and routing traffic directly — not through the proxy. The maintainer quickly identified the root cause: the npm package's binary version constant wasn't bumped to match the updated Linux build, making it appear up-to-date when it wasn't. Within the same thread, the team confirmed the fix was in v0.3.24 with native SOCKS5 credential handling at the binary level. The developer (@dylanpulver) offered to retest immediately when the fix dropped — exactly the kind of fast feedback loop that keeps a small open-source project sharp.

CloakBrowser is a genuinely novel approach to the bot detection arms race. Instead of fighting the detection layer with workarounds, it goes straight to the source — modifying Chromium's fingerprint-generating internals. The community discussions show a project that's actively maintained, responsive to edge cases, and honest about its current limitations (e.g., persistent context handling, WebRTC). With 9.5k stars and growing, it's attracting serious attention from developers building web automation, data pipelines, and accessibility tools who are tired of being blocked. Worth a look if you're in that space.

@CloakHQ / CloakBrowser · ⭐ 9,477 · Python · MIT License