원클릭으로
stealth-browser-launch
Launch stealth Chromium with C++ fingerprint patches for anti-bot bypass.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Launch stealth Chromium with C++ fingerprint patches for anti-bot bypass.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Attack SAML SSO via XSW, signature strip, metadata extract.
Chain multiple vulns into critical impact attack paths.
Execute optimal kill chains for WordPress full compromise.
Escape Docker containers to host root via 5 techniques.
Catalog: 25 attacks, 18 WP, 8 CORS to match findings.
7-phase pentest pipeline from passive recon to exploitation.
| name | stealth-browser-launch |
| description | Launch stealth Chromium with C++ fingerprint patches for anti-bot bypass. |
| version | 1.0.0 |
| author | uphiago |
| license | MIT |
| platforms | ["linux"] |
| compatibility | Requires python3, pip, playwright |
| metadata | {"tags":["recon","stealth","browser","anti-bot","fingerprint","chromium","playwright"],"category":"recon","related_skills":["humanize-automation","tls-fingerprint-impersonation","http2-header-impersonation","proxy-geoip-automation"]} |
Launch a patched Chromium binary with C++ source-level fingerprint modifications that bypass anti-bot detection. The binary spoofs canvas, WebGL, audio, GPU, screen, WebRTC, network timing, and automation signals at the binary level — not via JavaScript injection or config patches that break with Chrome updates. Passes Cloudflare Turnstile, reCAPTCHA v3 (0.9 score), FingerprintJS, BrowserScan, and 30+ detection sites.
terminal tool with python3 and pip.playwright installed: pip install playwright && playwright install-deps chromium.cloakbrowser[geoip] for automatic timezone/locale resolution from proxy exit IP.pip install cloakbrowser
python3 -c "
from cloakbrowser import launch
browser = launch()
page = browser.new_page()
page.goto('https://target.com')
print(page.title())
browser.close()
"
The binary auto-generates a random fingerprint seed per launch. No flags needed for basic stealth:
from cloakbrowser import launch
browser = launch(
headless=True,
proxy="http://user:pass@residential-proxy:port",
geoip=True, # auto-detect timezone/locale from proxy exit IP
)
page = browser.new_page()
page.goto("https://target.com")
# Standard Playwright API from here
page.locator("input[name='username']").fill("test")
page.locator("button[type='submit']").click()
browser.close()
Use a fixed fingerprint seed when revisiting the same target to appear as a returning visitor:
browser = launch(
proxy="http://user:pass@residential-proxy:port",
geoip=True,
args=["--fingerprint=42069"], # fixed seed = same fingerprint every launch
)
Some sites detect headless even with C++ patches. Run headed with a virtual display:
# Start virtual display
Xvfb :99 -screen 0 1920x1080x24 &
export DISPLAY=:99
browser = launch(
headless=False, # real rendering
proxy="http://residential-proxy:port",
geoip=True,
humanize=True, # human-like mouse/keyboard/scroll
)
Override specific fingerprint values to match a target environment:
browser = launch(stealth_args=False, args=[
"--fingerprint=42069",
"--fingerprint-platform=windows",
"--fingerprint-gpu-vendor=NVIDIA Corporation",
"--fingerprint-gpu-renderer=NVIDIA GeForce RTX 3060/PCIe/SSE2",
"--fingerprint-hardware-concurrency=16",
"--fingerprint-device-memory=16",
"--fingerprint-screen-width=2560",
"--fingerprint-screen-height=1440",
"--fingerprint-timezone=America/Sao_Paulo",
"--fingerprint-locale=pt-BR",
"--fingerprint-webrtc-ip=auto",
"--fingerprint-noise=false", # disable noise for FingerprintJS ML bypass
])
Maintain cookies and localStorage across sessions to bypass "first-visit" challenges:
from cloakbrowser import launch_persistent_context
ctx = launch_persistent_context(
"./target-profile",
headless=False,
proxy="http://residential-proxy:port",
geoip=True,
)
page = ctx.new_page()
page.goto("https://target.com")
# Session persists across restarts
ctx.close()
Run multiple browser identities from a single container using cloakserve:
docker run -d --name cloak -p 127.0.0.1:9222:9222 cloakhq/cloakbrowser cloakserve
from playwright.sync_api import sync_playwright
pw = sync_playwright().start()
# Each unique fingerprint seed spawns separate Chrome process with independent identity
b1 = pw.chromium.connect_over_cdp("http://localhost:9222?fingerprint=11111")
b2 = pw.chromium.connect_over_cdp("http://localhost:9222?fingerprint=22222")
# Full identity control via query params
b3 = pw.chromium.connect_over_cdp(
"http://localhost:9222?fingerprint=33333"
"&timezone=America/New_York&locale=en-US&platform=windows"
"&hardware-concurrency=4&device-memory=8"
)
# Each browser has independent cookies, localStorage, canvas noise
For aggressive sites (Kasada, Akamai) that check canvas emoji rendering:
apt install -y fonts-noto-color-emoji fonts-freefont-ttf fonts-unifont \
fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf
For CreepJS font enumeration evasion, install Windows fonts:
# Copy from Windows machine: C:\Windows\Fonts\
mkdir -p ~/.local/share/fonts/windows
cp /path/to/windows/fonts/SegoeUI*.ttf ~/.local/share/fonts/windows/
fc-cache -f
# Then launch with:
browser = launch(args=["--fingerprint-fonts-dir=/home/user/.local/share/fonts/windows"])
| Flag | Default | What it controls |
|---|---|---|
--fingerprint=SEED | Random 5-digit | Master seed for canvas/WebGL/audio/fonts |
--fingerprint-platform | windows/macos | navigator.platform, UA OS, GPU pool |
--fingerprint-gpu-vendor | Auto | WebGL UNMASKED_VENDOR_WEBGL |
--fingerprint-gpu-renderer | Auto | WebGL UNMASKED_RENDERER_WEBGL |
--fingerprint-hardware-concurrency | 8 | navigator.hardwareConcurrency |
--fingerprint-device-memory | 8 | navigator.deviceMemory |
--fingerprint-screen-width | 1920/1440 | Screen width |
--fingerprint-screen-height | 1080/900 | Screen height |
--fingerprint-timezone | — | IANA timezone |
--fingerprint-locale | — | BCP 47 locale |
--fingerprint-webrtc-ip | — | WebRTC ICE IP (auto for proxy exit IP) |
--fingerprint-noise=false | true | Disable canvas/WebGL/audio noise |
--fingerprint-fonts-dir | — | Target platform fonts path |
--fingerprint-windows-font-metrics | — | Align font metrics to Windows (v148+) |
--fingerprint-storage-quota | Auto | Storage quota in MB |
--fingerprint-taskbar-height | 48/95/0 | Taskbar height spoofing |
page.wait_for_timeout() leaks CDP traffic that reCAPTCHA detects. Use time.sleep() instead.--fingerprint-noise=false can cause ML-based detection on FingerprintJS. Only disable noise when specifically blocked by it.headless=False) for maximum stealth on aggressive sites.browser_version= if you need reproducibility.https://browserscan.net — all 4 bot checks should show NORMAL.https://demo.fingerprint.com/playground — should not show "nodriver" or "bot" detection.https://antcpt.com/eng/information/demo-form/recaptcha-3-test-score.html — score should be ≥ 0.7.https://deviceandbrowserinfo.com — isBot should be false with 0 true flags.navigator.webdriver is false with page.evaluate("navigator.webdriver").humanize-automation — Human-like mouse/keyboard/scroll for behavioral bypass.tls-fingerprint-impersonation — TLS/JA4 fingerprint spoofing at the HTTP client level.http2-header-impersonation — Browser-specific HTTP/2 pseudo-header ordering and SETTINGS frames.