CloakBrowser: The Stealth Chromium That Passes Every Bot Detection Test

If you've ever tried automating a browser and hit a Cloudflare wall, a reCAPTCHA loop, or a "suspicious activity" block — you know the pain. The entire stealth browser industry exists because detection systems keep getting smarter, and browser automation keeps getting caught.

CloakBrowser takes a fundamentally different approach. Instead of injecting JavaScript patches or tweaking Chrome flags at runtime, it modifies Chromium's C++ source code before compilation. The result? A browser binary that doesn't just look legitimate — it is legitimate, right down to the TLS fingerprint.

With 7,700+ GitHub stars, 57 source-level patches, and a verified 0.9 reCAPTCHA v3 score, CloakBrowser is rapidly becoming the go-to tool for developers who need browser automation that simply doesn't get detected.

What Makes CloakBrowser Different?

The stealth browser market is crowded. Tools like playwright-stealth, undetected-chromedriver, and Camoufox all attempt to make automated browsers look human. But they all share a fundamental weakness: they patch at the surface level.

JavaScript injection tools (like playwright-stealth) override browser APIs at runtime. Detection systems can fingerprint the overrides themselves — detecting that navigator.webdriver was tampered with is trivial.

Config-level patches (like undetected-chromedriver) modify launch flags and remove automation indicators. But every Chrome update can break these patches, and sophisticated detectors check for inconsistencies between reported flags and actual browser behavior.

CloakBrowser avoids both traps by patching Chromium's C++ source code directly. When you launch CloakBrowser, the fingerprints aren't being spoofed — they're baked into the compiled binary. Detection systems see a real Chrome browser because the underlying binary is real Chrome, just with fingerprints normalized.

The Numbers: How Does It Stack Up?

Here's where CloakBrowser's source-level approach pays off. Tested against the most common detection services:

The 0.9 reCAPTCHA score is particularly notable — that's human-level verification, not just "passing." Most tools struggle to break 0.5.

What Exactly Gets Patched?

CloakBrowser's 57 C++ patches (as of v0.3.26, Chromium 146) cover every fingerprint vector that detection services probe:

• Canvas fingerprint — randomizes canvas rendering output without breaking visual quality
• WebGL renderer & vendor — spoofs GPU information consistently across all WebGL queries
• Audio context fingerprint — normalizes AudioContext output
• Font enumeration — returns a realistic font list matching the reported OS
• GPU & screen properties — consistent hardware reporting that matches the user agent
• WebRTC IP leakage — can auto-spoof WebRTC ICE candidates to match proxy exit IP
• Network timing — DNS/connect/SSL timing zeroed to eliminate proxy detection signals
• CDP automation signals — Chrome DevTools Protocol leaks fully patched
• Automation input behavior — CDP-driven keyboard and mouse events mimic real user input patterns
• Navigator properties — webdriver, plugins, chrome object all pass inspection

Drop-In Replacement: Three Lines to Migrate

One of CloakBrowser's strongest selling points is its API compatibility. It's a drop-in replacement for both Playwright and Puppeteer — same API, same methods, just swap the import.

Python (Playwright)

from cloakbrowser import launch

browser = launch()
page = browser.new_page()
page.goto("https://protected-site.com")  # no more blocks
browser.close()

JavaScript (Playwright)

import { launch } from 'cloakbrowser';

const browser = await launch();
const page = await browser.newPage();
await page.goto('https://protected-site.com');
await browser.close();

That's it. Your existing Playwright or Puppeteer code works unchanged. The stealth binary auto-downloads on first run (~200MB, cached locally), so there's zero configuration needed.

Humanize Mode: Behavioral Stealth

Fingerprint spoofing gets you past static detection. But modern antibot systems also analyze behavioral patterns — how you move your mouse, type text, and scroll pages.

CloakBrowser's humanize=True flag addresses this with a single parameter:

browser = launch(humanize=True)

This enables:

• Bézier curve mouse movements — realistic, non-linear mouse paths
• Natural keyboard timing — per-character delays with thinking pauses
• Realistic scroll physics — variable-speed scrolling with momentum

All of this works through Playwright's standard API — page.click(), page.fill(), page.type() — without any code changes beyond setting the flag.

Proxy Support and GeoIP Auto-Detection

Proxy configuration is straightforward:

# HTTP proxy
browser = launch(proxy="http://user:pass@proxy:8080")

# SOCKS5 proxy
browser = launch(proxy="socks5://user:pass@proxy:1080")

But here's where it gets interesting. With the optional geoip dependency:

browser = launch(proxy="http://proxy:8080", geoip=True)

CloakBrowser will automatically detect your proxy's exit IP location and set the browser's timezone and locale to match. No more timezone mismatches that scream "I'm using a proxy." It even auto-injects WebRTC IP spoofing to prevent your real IP from leaking through WebRTC ICE candidates.

Browser Profile Manager

CloakBrowser also ships a companion tool: CloakBrowser Manager, a self-hosted alternative to commercial antidetect browsers like Multilogin ($29–199/mo), GoLogin ($24–199/mo), and AdsPower.

docker run -p 8080:8080 -v cloakprofiles:/data cloakhq/cloakbrowser-manager

Launch it, open localhost:8080, and you get a web GUI to create browser profiles with unique fingerprints, persistent cookies, per-profile proxies, and an in-browser noVNC view. All self-hosted, all open source (MIT), all free.

How It Compares to Alternatives

Camoufox is CloakBrowser's closest competitor — it also patches at the C++ level. But Camoufox uses Firefox, which some detection services treat differently from Chrome. CloakBrowser's Chromium base means it matches the most common browser fingerprint profile on the web.

Framework Integrations

Beyond Playwright and Puppeteer, CloakBrowser has been tested and confirmed working with:

• browser-use — AI browser agent framework
• Crawl4AI — AI-powered web crawling
• Scrapling — Stealth web scraping library
• Stagehand — Browser automation by Browserbase
• LangChain — LLM framework browser tools
• Selenium — Classic browser automation

If you're building AI agents that interact with the web (LLM-powered research tools, automated testing, data extraction), CloakBrowser eliminates the detection problem that typically forces developers into brittle workarounds.

Limitations and Considerations

CloakBrowser is transparent about what it doesn't do:

• It doesn't solve CAPTCHAs — it prevents them from appearing. If a CAPTCHA does trigger, you'll need a solving service.
• No built-in proxy rotation — bring your own proxies.
• Binary size is ~200MB — significant download on first run, though cached after that.
• Chromium-only — if you need Firefox fingerprints, Camoufox is the alternative.
• Puppeteer has limitations — Puppeteer's CDP protocol leaks automation signals that reCAPTCHA Enterprise can detect. The Playwright wrapper is recommended for best results.

Getting Started

Installation is straightforward:

# Python
pip install cloakbrowser

# JavaScript (Playwright)
npm install cloakbrowser playwright-core

# JavaScript (Puppeteer)
npm install cloakbrowser puppeteer-core

Or try it immediately with Docker — no install needed:

docker run --rm cloakhq/cloakbrowser cloaktest

This runs the full detection test suite and shows you CloakBrowser's scores against all major antibot services.

The Bottom Line

Commercial antidetect browsers charge $49–299/month for what CloakBrowser delivers for free. The source-level patching approach is genuinely different from what tools like playwright-stealth have been doing for years, and the test results back it up — 30+ detection sites passed, 0.9 reCAPTCHA score, Cloudflare Turnstile auto-resolved.

For developers building browser automation, web scraping pipelines, or AI agents that interact with protected websites, CloakBrowser is worth serious consideration. The drop-in API compatibility means you can test it in minutes, and the results speak for themselves.

GitHub: CloakHQ/CloakBrowser | PyPI: cloakbrowser | npm: cloakbrowser