CloakBrowser

<p align="center"> <img src="https://i.imgur.com/cqkp6fG.png" width="500" alt="CloakBrowser"> </p> <p align="center"> <a href="https://pypi.org/project/cloakbrowser/"><img src="https://img.shields.io/pypi/v/cloakbrowser" alt="PyPI"></a> <a href="https://www.npmjs.com/package/cloakbrowser"><img src="https://img.shields.io/npm/v/cloakbrowser" alt="npm"></a> <a href="LICENSE"><img src="https://img.shields.io/github/license/cloakhq/cloakbrowser?v=1" alt="License"></a> <a href="https://github.com/CloakHQ/CloakBrowser"><img src="https://img.shields.io/github/last-commit/cloakhq/cloakbrowser" alt="Last Commit"></a> <br> <a href="https://github.com/CloakHQ/CloakBrowser"><img src="https://img.shields.io/github/stars/cloakhq/cloakbrowser" alt="Stars"></a> <a href="https://pypi.org/project/cloakbrowser/"><img src="https://img.shields.io/pepy/dt/cloakbrowser?label=pypi&logo=pypi&logoColor=white" alt="PyPI Downloads"></a> <a href="https://www.npmjs.com/package/cloakbrowser"><img src="https://img.shields.io/npm/dt/cloakbrowser?label=npm&logo=npm&logoColor=white" alt="npm Downloads"></a> <a href="https://hub.docker.com/r/cloakhq/cloakbrowser"><img src="https://img.shields.io/docker/pulls/cloakhq/cloakbrowser?label=docker&logo=docker&logoColor=white" alt="Docker Pulls"></a> </p> <p align="center"> <a href="https://ko-fi.com/cloakhq"><img src="https://ko-fi.com/img/githubbutton_sm.svg" alt="Support on Ko-fi"></a> </p> <br> <h3 align="center">Stealth Chromium that passes every bot detection test.</h3> <table><tr><td> Not a patched config. Not a JS injection. A real Chromium binary with fingerprints modified at the C++ source level. Antibot systems score it as a normal browser — because it <em>is</em> a normal browser. </td></tr></table> <br> <p align="center"> <img src="https://i.imgur.com/IvB0It7.gif" width="600" alt="Cloudflare Turnstile — 3 Tests Passing"> <br><em>Cloudflare Turnstile — 3 live tests passing (headed mode, macOS)</em> </p> <br> <p align="center"> Drop-in Playwright/Puppeteer replacement for Python and JavaScript.<br> Same API, same code — just swap the import. <strong>3 lines of code, 30 seconds to unblock.</strong> </p>

• 42 source-level C++ patches — canvas, WebGL, audio, fonts, GPU, screen, automation signals, CDP input behavior
• humanize=True — human-like mouse curves, keyboard timing, and scroll patterns. One flag, behavioral detection passes
• 0.9 reCAPTCHA v3 score — human-level, server-verified
• Passes Cloudflare Turnstile, FingerprintJS, BrowserScan — tested against 30+ detection sites
• Auto-updating binary — background update checks, always on the latest stealth build
• pip install cloakbrowser or npm install cloakbrowser — binary auto-downloads, zero config
• Free and open source — no subscriptions, no usage limits

Try it now — no install needed:

docker run --rm cloakhq/cloakbrowser cloaktest

Python:

from cloakbrowser import launch

browser = launch()
page = browser.new_page()
page.goto("https://protected-site.com")  # no more blocks
browser.close()

JavaScript (Playwright):

import { launch } from 'cloakbrowser';

const browser = await launch();
const page = await browser.newPage();
await page.goto('https://protected-site.com');
await browser.close();

Also works with Puppeteer: import { launch } from 'cloakbrowser/puppeteer' (details)

Install

Python:

pip install cloakbrowser

JavaScript / Node.js:

# With Playwright
npm install cloakbrowser playwright-core

# With Puppeteer
npm install cloakbrowser puppeteer-core

On first run, the stealth Chromium binary is automatically downloaded (~200MB, cached locally).

Optional: Auto-detect timezone/locale from proxy IP:

pip install cloakbrowser[geoip]

Migrating from Playwright? One-line change:

- from playwright.sync_api import sync_playwright
- pw = sync_playwright().start()
- browser = pw.chromium.launch()
+ from cloakbrowser import launch
+ browser = launch()

page = browser.new_page()
page.goto("https://example.com")
# ... rest of your code works unchanged

⭐ Star to show support — Watch releases to get notified when new builds drop.

Browser Profile Manager

Self-hosted alternative to Multilogin, GoLogin, and AdsPower. Create browser profiles with unique fingerprints, proxies, and persistent sessions. Launch and interact with them in your browser via noVNC.

docker run -p 8080:8080 -v cloakprofiles:/data cloakhq/cloakbrowser-manager

Open http://localhost:8080. Create a profile. Click Launch. Done.

→ CloakBrowser Manager — free, open source (MIT)

---

Latest: v0.3.19 (Chromium 145.0.7632.159.8)

• humanize=True — one flag makes all mouse, keyboard, and scroll interactions behave like a real user. Bézier curves, per-character typing, realistic scroll patterns. Two presets: default and careful
• CDP input behavior mimicking — input events sent via CDP now produce the same signals as real user interactions. 4 source-level patches covering pointer, keyboard, and mouse behavior
• Native locale spoofing — new C++ patch replaces detectable CDP-level locale emulation
• WebGPU fingerprint hardening — adapter features, limits, and device ID spoofed for cross-API consistency
• 42 fingerprint patches (Linux x64) — all 4 platforms on Chromium 145
• Stealthy with zero flags — binary auto-generates a random fingerprint seed at startup. No configuration required
• Timezone & locale from proxy IP — launch(proxy="...", geoip=True) auto-detects timezone and locale
• Persistent profiles — launch_persistent_context() keeps cookies and localStorage across sessions, bypasses incognito detection

See the full CHANGELOG.md for details.

Why CloakBrowser?

• Config-level patches break — playwright-stealth, undetected-chromedriver, and puppeteer-extra inject JavaScript or tweak flags. Every Chrome update breaks them. Antibot systems detect the patches themselves.
• CloakBrowser patches Chromium source code — fingerprints are modified at the C++ level, compiled into the binary. Detection sites see a real browser because it is a real browser.
• Source-level stealth — C++ patches handle fingerprints (GPU, screen, UA, hardware reporting) at the binary level. No JavaScript injection, no config-level hacks. Most stealth tools only patch at the surface.
• Same behavior everywhere — works identically local, in Docker, and on VPS. No environment-specific patches or config needed.
• Works with AI agents and automation frameworks — drop-in stealth for browser-use, Crawl4AI, Scrapling, Stagehand, LangChain, Selenium, and more. See integrations.

CloakBrowser doesn't solve CAPTCHAs — it prevents them from appearing. No CAPTCHA-solving services, no proxy rotation built in — bring your own proxies, use the Playwright API you already know.

Test Results

All tests verified against live detection services. Last tested: Mar 2026 (Chromium 145).

| Detection Service | Stock Playwright | CloakBrowser | Notes | |---|---|---|---| | reCAPTCHA v3 | 0.1 (bot) | 0.9 (human) | Server-side verified | | Cloudflare Turnstile (non-interactive) | FAIL | PASS | Auto-resolve | | Cloudflare Turnstile (managed) | FAIL | PASS | Single click | | ShieldSquare | BLOCKED | PASS | Production site | | FingerprintJS bot detection | DETECTED | PASS | demo.fingerprint.com | | BrowserScan bot detection | DETECTED | NORMAL (4/4) | browserscan.net | | bot.incolumitas.com | 13 fails | 1 fail | WEBDRIVER spec only | | deviceandbrowserinfo.com | 6 true flags | 0 true flags | isBot: false | | navigator.webdriver | true | false | Source-level patch | | navigator.plugins.length | 0 | 5 | Real plugin list | | window.chrome | undefined | object | Present like real Chrome | | UA string | HeadlessChrome | Chrome/145.0.0.0 | No headless leak | | CDP detection | Detected | Not detected | isAutomatedWithCDP: false | | TLS fingerprint | Mismatch | Identical to Chrome | ja3n/ja4/akamai match | | | | Tested against 30+ detection sites | |

Proof

<p align="center"> <img src="https://i.imgur.com/hvIQyMv.png" width="600" alt="reCAPTCHA v3 — Score 0.9"> <br><em>reCAPTCHA v3 score 0.9 — server-side verified (human-level)</em> </p> <p align="center"> <img src="https://i.imgur.com/qMIRfhq.png" width="600" alt="Cloudflare Turnstile — Success"> <br><em>Cloudflare Turnstile non-interactive challenge — auto-resolved</em> </p> <p align="center"> <img src="https://i.imgur.com/PRsw6rT.png" width="600" alt="BrowserScan — Normal"> <br><em>BrowserScan bot detection — NORMAL (4/4 checks passed)</em> </p> <p align="center"> <img src="https://i.imgur.com/9n2C7tu.png" width="600" alt="FingerprintJS — Passed"> <br><em>FingerprintJS web-scraping demo — data served, not blocked</em> </p> <p align="center"> <img src="https://i.imgur.com/srCcFtK.png" width="600" alt="deviceandbrowserinfo.com — You are human!"> <br><em>deviceandbrowserinfo.com behavioral bot detection — "You are human!" with humanize=True (24/24 signals passed)</em> </p>

Comparison

| Feature | Playwright | playwright-stealth | undetected-chromedriver | Camoufox | CloakBrowser | |---|---|---|---|---|---| | reCAPTCHA v3 score | 0.1 | 0.3-0.5 | 0.3-0.7 | 0.7-0.9 | 0.9 | | Cloudflare Turnstile | Fail | Sometimes | Sometimes | Pass | Pass | | Patch level | None | JS injection | Config patches | C++ (Firefox) | C++ (Chromium) | | Survives Chrome updates | N/A | Breaks often | Breaks often | Yes | Yes | | Maintained | Yes | Stale | Stale | Unstable | Active | | Browser engine | Chromium |