// the find
CloakHQ/CloakBrowser
Stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. 30/30 tests passed.
CloakBrowser is a Playwright/Puppeteer drop-in replacement that wraps a custom-compiled Chromium binary with source-level C++ fingerprint patches to evade bot detection. It targets scraping engineers and AI agent developers who keep getting blocked by Cloudflare, reCAPTCHA, or DataDome. The wrapper is thin Python/JS; the real work happens in the pre-built binary.
- Source-level C++ patches are architecturally correct — JS-injection approaches like playwright-stealth are trivially detectable because the patches themselves create anomalies. Patching at compile time sidesteps this entire class of detection.
- The API is genuinely a one-line swap from Playwright. No new concepts, no separate browser management — the existing automation code keeps working unchanged.
- The humanize module covers the full interaction surface (mouse Bézier curves, per-character keyboard timing with typo correction, scroll easing) and is implemented as proper wrapper patches rather than sleep() calls sprinkled everywhere.
- Good operational story: Docker image ships pre-loaded, SHA-256 binary verification, background update checks, per-connection fingerprint seeds in CDP server mode, and a real test suite with both unit and live-detection tests.
- The binary is closed source — MIT covers only the Python/JS wrapper. You're trusting a pre-compiled Chromium from an anonymous team, auto-downloaded and auto-updated. The '58 C++ patches' cannot be audited, and CLOAKBROWSER_SKIP_CHECKSUM=true existing as an option is a bad sign for supply chain hygiene.
- Detection is an arms race and the test results table is dated 'Apr 2026' against static screenshots. There's no CI badge showing these 30 tests passing continuously against live endpoints — a site update can quietly break things between binary releases.
- macOS gets only 26 patches versus 58 on Linux/Windows, and is on Chromium 145 while others are on 146. This gap is not explained and means macOS users get a materially worse product without warning.
- The storage quota tradeoff for persistent contexts (default normalizes quota to pass FingerprintJS but gets flagged by BrowserScan as incognito) is a genuine design conflict with no clean solution, and the workaround table essentially admits you can't pass both checks simultaneously.