C
ChaoBro
Reviews

CloakBrowser: A Browser That Passes All Anti-Bot Detection — Is It Legal? Is It Good?

by ChaoBro
#Browser Automation #Anti-Bot #Playwright #CloakBrowser #Scraping
CloakBrowser: A Browser That Passes All Anti-Bot Detection — Is It Legal? Is It Good?

The Verdict

30 anti-bot detection tests, all passed. Cloudflare, PerimeterX, DataDome, F5 — all of them. This isn't marketing; the test scripts are in the repo and they actually run.

But don't star it yet. There are things to understand first.

Technical Approach

CloakBrowser modifies Chromium at the source level. Unlike standard stealth plugins that inject JS at runtime, it patches browser fingerprints at the C++ level.

Key modifications:

  • WebDriver flag: Removed from the C++ layer, not just navigator.webdriver = false
  • Canvas fingerprinting: Adds micro-random noise to each render
  • WebGL fingerprint: Modifies GPU renderer string
  • Font enumeration: Limits returned fonts to match real browsers
  • Chrome runtime objects: Fills in missing chrome.runtime in headless mode
  • TCP/IP fingerprint: Modifies TLS handshake (JA3 fingerprint) — this is the most aggressive step

The TLS modification is what most stealth solutions miss. You can perfectly mask JS-level fingerprints, but servers can still identify automation through TLS fingerprints.

Playwright Compatibility

Marked as "Drop-in Playwright replacement." Swap playwright.chromium for CloakBrowser's launcher and most code works unchanged. Some advanced Playwright APIs (like direct CDP session access) may not be compatible.

Legal vs Gray

Legitimate uses:

  • Testing your own site's anti-bot strategy (red team)
  • Competitor price monitoring (public data, respecting robots.txt)
  • Market research (publicly accessible information)

Gray area:

  • Large-scale data collection (depends on target ToS and local law)
  • Bypassing paywalls (clearly illegal)
  • Vote/click fraud (clearly illegal)

The README doesn't emphasize compliance boundaries. Technical capability is neutral; usage is not.

Performance

Modified Chromium is ~15-20% heavier than stock. Page load difference < 5%, memory +100MB. Running 50+ instances at scale requires accounting for this overhead.

Comparison

Solution Detection Pass Ease of Use Maintenance Compliance Risk
CloakBrowser 30/30 Medium High Medium
puppeteer-stealth 15/30 High Medium Low
undetected-chromedriver 20/30 Medium Low Low

My Take

If you're doing security testing, competitive analysis, or market research — this is the strongest open-source tool available. But the stronger the capability, the more you need to ask: what am I using it for?

Technically worth starring. Ethically, proceed with caution.

Primary sources:

Related

ACC: Compiling Agent Trajectories into Long-Context QA for Direct Reasoning

ACC compiles multi-turn agent tool-calling trajectories into long-context QA pairs, teaching models to integrate scattered evidence. Qwen3-30B-A3B gains +18.1 on MRCR after ACC training, approaching the 235B version.

RLVR Credit Assignment, Revisited: DelTA Takes a Discriminator View on Token-Level Rewards

Token-level credit assignment in RLVR has been a black box. DelTA reframes the policy gradient update as a linear discriminator, amplifying discriminative token-gradient directions and outperforming same-scale baselines by 2-3 points across 7 math benchmarks.

Do MLLMs Really Read People? MM-OCEAN Finds 51% of "Correct Ratings" Are Guessing

MM-OCEAN benchmarks 27 MLLMs on personality perception, finding 51% of correct ratings lack observable evidence grounding, with holistic grounding rates of only 0-33.5%. Getting the right score ≠ understanding why.