CloakBrowser: I tested it against 5 bot detectors — here's what happened

If you work with browser automation — scraping, testing, or monitoring — you know the pain of getting blocked by Cloudflare or scoring 0.1 on reCAPTCHA v3. Playwright and Puppeteer out of the box basically scream "I'm a bot" to every detection system.

This week my timeline blew up with CloakBrowser. The claim is bold: a stealth Chromium with 33 C++ patches that passes every bot detection test. Free. Drop-in Playwright replacement. I was curious — so I tested it myself.

What is CloakBrowser?

CloakBrowser isn't a plugin or JS injection like playwright-stealth. It's a custom Chromium binary patched at the C++ source level. 33 patches that modify:

• Canvas fingerprint
• WebGL renderer & GPU info
• Audio fingerprint
• Font enumeration
• navigator.webdriver (removed at source level)
• CDP automation signals
• TLS fingerprint (ja3/ja4 match real Chrome)
• Hardware concurrency, device memory, screen properties

The difference from playwright-stealth or undetected-chromedriver: those tools inject JavaScript to override properties. CloakBrowser modifies the behavior before compilation. So detection checks that ask "was this property overridden from JS?" won't trigger.

Setup: 30 seconds, no joke

I tested with Python (Playwright API):

pip install cloakbrowser
# First run downloads the binary (~200MB, cached locally)

from cloakbrowser import launch

browser = launch()
page = browser.new_page()
page.goto("https://bot.incolumitas.com")
# ... that's it. Same Playwright API.
browser.close()

Literally just swap the import. Your existing Playwright code goes from from playwright.sync_api import sync_playwright to from cloakbrowser import launch. The API is identical.

Test 1: reCAPTCHA v3 score

reCAPTCHA v3 assigns a score from 0.0 (bot) to 1.0 (human). Vanilla Playwright typically gets 0.1 — instant flag.

from cloakbrowser import launch

browser = launch()
page = browser.new_page()
page.goto("https://antcpt.com/score_detector/")
page.wait_for_timeout(5000)

# Check the score displayed on page
score = page.locator(".score").text_content()
print(f"reCAPTCHA v3 score: {score}")
browser.close()

Test 2: Cloudflare Turnstile

Turnstile has two modes: non-interactive (invisible check) and managed (user must click). Vanilla Playwright fails both.

page.goto("https://2captcha.com/demo/cloudflare-turnstile")
page.wait_for_timeout(3000)

# For managed mode, just click the checkbox
turnstile = page.frame_locator("iframe[src*='challenges.cloudflare.com']")
turnstile.locator("#challenge-stage").click()
page.wait_for_timeout(2000)

# Check if passed
status = page.locator(".success-message").is_visible()
print(f"Turnstile passed: {status}")

Test 3: bot.incolumitas.com

This is one of the most comprehensive detection tests out there. It checks dozens of signals: WebDriver, CDP, headless indicators, fingerprint consistency, and more.

page.goto("https://bot.incolumitas.com")
page.wait_for_timeout(10000)  # Let all tests complete

# The page shows detection results
results = page.locator("#detection-results").text_content()
print(results)

Test 4: FingerprintJS

FingerprintJS (now Fingerprint.com) is one of the most widely used commercial bot detection services. They have a public demo at demo.fingerprint.com.

page.goto("https://demo.fingerprint.com")
page.wait_for_timeout(5000)

bot_detected = page.locator("[data-test='bot-detected']").is_visible()
print(f"Bot detected: {bot_detected}")

Test 5: BrowserScan.net

BrowserScan checks 4 categories: WebRTC leak, canvas fingerprint, WebGL fingerprint, and bot detection signals.

page.goto("https://browserscan.net/bot-detection")
page.wait_for_timeout(8000)

# Check overall status
status = page.locator(".detection-status").text_content()
print(f"BrowserScan status: {status}")

Summary: CloakBrowser vs vanilla Playwright

Why this matters

Before CloakBrowser, your options for stealth automation were:

• playwright-stealth — JS injection, breaks every Chrome update, reCAPTCHA score still 0.3-0.5
• undetected-chromedriver — config patches, Selenium only, also breaks frequently
• Multilogin/GoLogin — $29-199/month, closed source, data stored on their cloud
• Camoufox — C++ patches but on Firefox, not Chromium, different API

CloakBrowser gives you C++ level stealth on Chromium, using the Playwright API you already know, for free, self-hosted. That combination didn't exist before.

Things to know before using it

• Binary size ~200MB— it's a full Chromium build, not a patch on top of existing Chrome
• Doesn't solve CAPTCHAs— CloakBrowser prevents CAPTCHAs from appearing, it doesn't solve them. If a site forces CAPTCHAs on all users, you'll still get them
• Bring your own proxy— no built-in proxy rotation. But Playwright's API supports proxies natively so you just pass them in
• License — the wrapper is MIT, but the binary has its own license (CloakBrowser License). Free to use, but not fully open source on the binary side

Bonus: Browser Profile Manager

They also ship a self-hosted profile manager (alternative to Multilogin's GUI):

docker run -p 8080:8080 -v cloakprofiles:/data cloakhq/cloakbrowser-manager

Open localhost:8080, create profiles with unique fingerprints, set proxy per profile, persistent cookies. Basically Multilogin but free and your data stays on your machine.

Verdict

The hype is justified. I've tested various stealth solutions from playwright-stealth to paid Multilogin subscriptions, and CloakBrowser genuinely delivers what it promises. reCAPTCHA 0.9, Turnstile pass, FingerprintJS clean — all without paying and without changing your API.

If you use Playwright or Puppeteer for automation and you're tired of getting blocked, this is literally a 3-line change:

- from playwright.sync_api import sync_playwright
- pw = sync_playwright().start()
- browser = pw.chromium.launch()
+ from cloakbrowser import launch
+ browser = launch()

# Rest of your code stays exactly the same
page = browser.new_page()
page.goto("https://protected-site.com")

Links: cloakbrowser.dev | GitHub | PyPI | npm