Anyone doing web automation and scraping knows a major pain point: anti-detection systems are getting smarter.
Cloudflare Turnstile, reCAPTCHA v3, FingerprintJS, and various custom bot detectors no longer just check the User-Agent and JavaScript execution. They analyze whether your canvas rendering is consistent, if your WebGL fingerprint is normal, whether the audio context shows anomalies, if mouse movement trajectories look human, and if keyboard input timing matches human patterns.
Most "anti-detection browsers" just tweak a few parameters in a config file or inject some JS to spoof fingerprints. Anti-detection systems quickly see through these tricks.
CloakBrowser takes a completely different approach.
It Modifies the C++ Source Code
CloakBrowser is not a tweaked Chromium configuration, nor is it a script that injects JS. It is a Chromium binary with 58 fingerprint characteristics modified at the C++ source code level.
Specifically, it modifies:
- Canvas Fingerprint – Each GPU has slight variations in canvas rendering; CloakBrowser aligns these variations with those of real users.
- WebGL Fingerprint – GPU rendering characteristics, extension lists, precision parameters.
- Audio Fingerprint – Quantization noise characteristics of the audio context.
- Font List – Detection and enumeration of system-installed fonts.
- GPU Information – Renderer, vendor, GPU model.
- Screen Information – Resolution, color depth, touch support.
- WebRTC – Protection against local IP leaks.
- Network Timing – Microsecond-level characteristics of Resource Timing and Navigation Timing.
- Automation Signals –
navigator.webdriver, CDP input behavior.
This isn't 58 configuration options—it's 58 patches to the Chromium source code. This means anti-detection systems can't identify it by "checking if these configs have been tampered with," because the underlying binary itself is fundamentally different.
30/30 Tests Passed
The project underwent comprehensive testing across 30 anti-detection sites and passed them all. This includes:
- Cloudflare Turnstile – Not just a pass, but scoring similarly to human users.
- reCAPTCHA v3 – Score of 0.9, placing it in the "highly trusted human" tier.
- FingerprintJS – Returns a consistent fingerprint that looks like a real browser.
- BrowserScan – Passes all checks.
The 30/30 figure isn't just a claim—the project README includes GIFs demonstrating three consecutive passes on Cloudflare Turnstile (headed mode, macOS).
humanize=True, One Line to Handle Behavioral Detection
Many anti-detection systems have moved past "checking browser characteristics" to "checking user behavior." They look for straight-line mouse movements (a bot trait), uniform typing intervals (non-human pattern), and perfectly constant-speed scrolling.
CloakBrowser provides a humanize=True parameter that automatically adds:
- Human-like mouse curves – Not straight lines; includes acceleration, deceleration, and micro-deviations.
- Keyboard input timing – Simulates natural variations in human typing rhythm.
- Scrolling patterns – Non-uniform scrolling with natural pauses.
One line of code, and behavioral detection is bypassed.
Replace Playwright/Puppeteer in 3 Lines of Code
For developers, the migration cost is virtually zero.
Python:
from cloakbrowser import launch
browser = launch()
# Other APIs are identical to Playwright
JavaScript:
const { launch } = require('cloakbrowser');
const browser = await launch();
// Other APIs are identical to Puppeteer
Same APIs, same code—just change the import.
Installation is also straightforward: pip install cloakbrowser or npm install cloakbrowser. The binary downloads automatically with zero configuration.
If you want to try it out quickly without installing:
docker run --rm cloakhq/cloakbrowser cloaktest
The Controversy Around This Project
It must be stated clearly: CloakBrowser's use cases fall into a gray area.
Legitimate Uses:
- Competitor price monitoring
- Public web data collection
- Automated testing
- SEO auditing
Improper Uses:
- Bypassing anti-spam systems
- Bulk registration of fake accounts
- Scraping content explicitly prohibited by robots.txt
- Any large-scale scraping that violates Terms of Service
The project itself is open-source (MIT License) and the code is transparent. However, the ethical nature of the tool depends on the user. If you use it for improper purposes, the responsibility lies with you, not the project.
What 18,544 Stars Mean
This project was created on February 22, 2026, and has reached 18,544 stars in less than three months. This reflects two realities:
First, the demand for anti-detection is growing rapidly. As more websites deploy advanced bot detection, web automation practitioners need a reliable solution.
Second, existing anti-detection solutions are generally inadequate. If simply tweaking config files could solve the problem, this project wouldn't have gained 18,000 stars in three months. This indicates that most "anti-detection browsers" on the market are being identified by anti-detection systems, and developers are searching for a truly effective solution.
CloakBrowser's approach of modifying the source code is, at least for now, effective. But anti-detection systems are also evolving—it's an ongoing arms race. Patches that work today might be detected by new methods tomorrow.
Primary sources: GitHub - CloakHQ/CloakBrowser, cloakbrowser.dev