CloakBrowser Review: Stealth Chromium for AI Agents (2026)

TL;DR

CloakBrowser is an open-source stealth Chromium fork from New York-based CloakHQ that landed on GitHub Trending this week with 13,075 stars (8,618 gained in the last 7 days). Unlike every other “stealth browser” library, it isn’t a JavaScript shim glued on top of Playwright — it’s a real Chromium binary with 49 source-level C++ patches to canvas, WebGL, audio, fonts, GPU, screen, WebRTC, network timing, and CDP. Key facts:

• Drop-in replacement for Playwright and Puppeteer — swap one import, your code works
• 0.9 reCAPTCHA v3 score — server-side verified, statistically human
• Passes Cloudflare Turnstile (non-interactive + managed challenges)
• humanize=True flag for Bézier mouse curves, per-character keystroke timing, realistic scroll physics
• pip install cloakbrowser or npm install cloakbrowser — binary auto-downloads (~200MB)
• MIT-licensed, no usage limits, no API keys
• 30/30 detection tests passed as of Chromium 146 (April 2026)

If you’re building AI agents that need to read the open web — research assistants, price monitors, e-commerce trackers, lead enrichers — CloakBrowser is the first open-source tool I’ve tested that actually clears the bar set by paid services like Bright Data Scraping Browser or Multilogin, without the subscription.

Quick Reference

Field	Value
Repo	CloakHQ/CloakBrowser
PyPI	cloakbrowser
npm	cloakbrowser
Docker	cloakhq/cloakbrowser
License	MIT
Engine	Chromium 146 (rebased monthly)
API	Playwright / Puppeteer (drop-in)
Stars	13,075 (+8,618 this week)
First release	Feb 2026

Why This Tool Suddenly Matters

For the last three years, “stealth browser” has meant one of three things, and every option had a fatal flaw:

1. playwright-stealth / puppeteer-extra-stealth — JavaScript shims that patch navigator.webdriver and a handful of other properties at runtime. Cloudflare started detecting the patches themselves in 2024. Today these libraries score 0.1–0.3 on reCAPTCHA v3 — pure bot territory.
2. undetected-chromedriver — Selenium-based, patches at the config level. Same problem: every Chrome major release breaks it, and modern Cloudflare fingerprints the patched binary.
3. Camoufox — A Firefox fork with C++ patches. Genuinely effective, but Firefox-only, no native Playwright API, and the project is hard to keep current with upstream.

CloakBrowser is the first project to do for Chromium what Camoufox did for Firefox — patches at the C++ source level, compiled into the binary — while exposing the standard Playwright API everyone already uses. That combination is why it added 6,907 stars in the week it hit GitHub Trending and why every web-scraping subreddit is suddenly talking about it.

The timing also lines up with a structural change in 2026: more sites are deploying machine-learning behavioral detection that scores mouse jitter, scroll easing, and keystroke entropy. JavaScript-only stealth tools can’t fake those signals because the events still originate from CDP. CloakBrowser’s humanize=True mode dispatches input through isolated worlds with trusted-event flags, which is why it passes deviceandbrowserinfo.com’s 24-signal behavioral check.

How It Actually Works

CloakBrowser ships as a thin Python/Node wrapper around a custom Chromium binary:

1. pip install cloakbrowser or npm install cloakbrowser (small, ~5 MB)
2. On first launch, the wrapper auto-downloads a platform-specific Chromium build (~200 MB, SHA-256 verified)
3. Every subsequent launch boots Playwright (or Puppeteer) against that binary instead of stock Chromium
4. Your code uses the standard Playwright API — no new vocabulary

The 49 patches sit in the binary itself. They cover:

• Canvas / WebGL: deterministic-noise rendering so fingerprint hashes look natural but unique
• Audio context: spoofed sample buffer with realistic dynamic range
• Font enumeration: real-OS font list, not the headless-Chrome subset
• GPU + screen: hardware-tier reporting that matches the spoofed user agent
• WebRTC: ICE candidate spoofing tied to proxy exit IP (no more IP leaks)
• Network timing: DNS/TCP/TLS handshake jitter zeroed so proxy fingerprints don’t leak
• Automation signals: navigator.webdriver set to false at the source, window.chrome populated, plugin list realistic
• CDP input behavior: humanize=True dispatches mouse/keyboard via isolated worlds with is_trusted=true

Crucially, none of this is JavaScript injection. Detection sites that look for patches see a real browser — because it is a real browser, just one that was compiled differently.

Installation: Two Minutes End to End

Python

pip install cloakbrowser
# Optional: pip install cloakbrowser[geoip] for proxy-aware timezone/locale

from cloakbrowser import launch

browser = launch(headless=False)        # headless=True also fine
page = browser.new_page()
page.goto("https://demo.fingerprint.com")
print(page.evaluate("() => navigator.webdriver"))   # False
browser.close()

That’s it. First run downloads the binary; second run starts instantly.

Node.js (Playwright)

npm install cloakbrowser playwright-core

import { launch } from 'cloakbrowser';

const browser = await launch();
const page    = await browser.newPage();
await page.goto('https://bot.sannysoft.com');
await page.screenshot({ path: 'sannysoft.png' });
await browser.close();

Migrating an existing Playwright script

The migration is exactly two lines. From the README:

- from playwright.sync_api import sync_playwright
- pw = sync_playwright().start()
- browser = pw.chromium.launch()
+ from cloakbrowser import launch
+ browser = launch()

page = browser.new_page()
page.goto("https://example.com")
# ... rest of your code is unchanged

I migrated a 400-line scraper in under five minutes; not a single line below the import block needed to change.

Real Code: A Stealthy AI Research Agent

Here’s a complete, working example of an AI agent that uses CloakBrowser to fetch search-engine results without getting blocked — the kind of pipeline that would normally break the moment Cloudflare smells Playwright:

from cloakbrowser import launch
import anthropic, json, time

client = anthropic.Anthropic()

def stealth_fetch(url: str, proxy: str | None = None) -> str:
    browser = launch(
        headless=True,
        proxy=proxy,
        geoip=True,            # auto timezone/locale from proxy IP
        humanize=True,         # bezier mouse, realistic typing
    )
    page = browser.new_page()
    page.goto(url, wait_until="networkidle")
    # Humanize a single scroll so behavioral models see motion
    page.mouse.wheel(0, 800)
    time.sleep(1.2)
    html = page.content()
    browser.close()
    return html

def research(question: str) -> str:
    url = f"https://duckduckgo.com/?q={question.replace(' ', '+')}"
    html = stealth_fetch(url, proxy="socks5://user:pass@proxy:1080")
    summary = client.messages.create(
        model="claude-opus-4-5",
        max_tokens=600,
        messages=[{"role": "user", "content":
            f"Summarize the top results from this SERP HTML:\n\n{html[:50_000]}"}],
    )
    return summary.content[0].text

print(research("best open source vector database 2026"))

Three things to notice:

• geoip=True does an HTTP call through the proxy to resolve the exit IP, then aligns the browser’s timezone and locale to match. This single flag eliminates the most common detection signal — proxy-IP-vs-browser-locale mismatch.
• humanize=True doesn’t just affect the explicit mouse.wheel() call — it changes how every click, type, and fill dispatches, end to end.
• No CAPTCHA-solving service needed. CloakBrowser doesn’t solve CAPTCHAs; it prevents them from triggering in the first place.

Detection-Test Scoreboard

Numbers from the README, cross-referenced with my own runs against the same services (May 17, 2026, Chromium 146 binary, headless mode, residential proxy):

Detection Service	Stock Playwright	CloakBrowser
reCAPTCHA v3	0.1 (bot)	0.9 (human)
Cloudflare Turnstile (non-interactive)	FAIL	PASS
Cloudflare Turnstile (managed)	FAIL	PASS (single click)
FingerprintJS bot demo	DETECTED	PASS
BrowserScan	DETECTED	NORMAL (4/4)
bot.incolumitas.com	13 fails	1 fail (WEBDRIVER spec only)
deviceandbrowserinfo.com	6 true flags	0 true flags
navigator.webdriver	true	false
window.chrome	undefined	object
UA string	HeadlessChrome	Chrome/146.0.0.0
TLS JA4 fingerprint	Mismatch	Identical to real Chrome

The TLS fingerprint match is the one that surprised me. Most stealth tools don’t touch the network stack at all, which is why DataDome and PerimeterX block them on the very first TCP handshake — before any HTML is requested. CloakBrowser’s network-timing patches and the underlying Chromium build emit ja3n/ja4/akamai fingerprints that are byte-identical to real desktop Chrome. That alone makes it the only open-source tool I’ve used that survives PerimeterX-protected pages in headless mode.

What the Community Is Saying

The GitHub stars curve tells most of the story — 3,000+ stars/day during the Trending run — but a few specific signals are worth calling out:

• AI-agent integrations: the README explicitly lists drop-in support for browser-use, Crawl4AI, Scrapling, Stagehand, and LangChain. Several of those projects merged CloakBrowser examples upstream in the last two weeks.
• Reddit threads in r/webscraping and r/selfhosted hit hundreds of upvotes, with the dominant comment pattern being “I replaced my $500/mo proxy-browser SaaS bill with this.”
• Pushback: one widely-shared YouTube review urged users to run CloakBrowser inside a VM or Docker container, since you’re running a third-party Chromium binary downloaded from a relatively young organization. The SHA-256 verification and the open-source patch set mitigate most of that risk, but it’s a fair call-out — production deployments should pin a specific binary version rather than auto-update.
• CloakHQ also shipped a Manager UI for browser-profile workflows — basically an open-source Multilogin/GoLogin/AdsPower clone. That’s a separate Docker container, free, with noVNC built in.

The general developer sentiment, summarized fairly: “Finally, somebody did the actual hard work of patching Chromium properly. About time.”

Honest Limitations

Three things to know before you bet a production pipeline on it:

1. It does not solve CAPTCHAs — it avoids them. If your target site has interactive Turnstile or hCaptcha challenges that always trigger (e.g., login forms), you still need a solver service. CloakBrowser only helps you avoid being flagged in the first place.
2. Binary trust is a real consideration. You’re running a custom Chromium build from a small org. The patches are open source, the SHA-256 is checked, but if you’re handling sensitive credentials (banking, healthcare logins), run it isolated. The official Docker image is the cleanest path.
3. No built-in proxy rotation. You bring your own proxies. This is by design — CloakBrowser is the browser, not the network — but newcomers occasionally expect a turnkey solution. For rotation, pair it with something like proxychains or a SDK like Webshare.

Two smaller caveats: every Chromium major version bump (roughly monthly) requires a re-released binary, so you’ll occasionally see a 24–48-hour gap before a new build drops. And the binary is ~200 MB, which inflates Docker images noticeably if you’re not careful with multi-stage builds.

Who Should Use This

• Building AI research agents or browsing copilots — yes, immediately, especially if your current scraper occasionally hits Cloudflare walls.
• Running price-monitoring / SERP / lead-enrichment crawlers — replaces $200–500/mo SaaS browser services for free.
• Doing competitive intelligence or e-commerce monitoring — the geoip + humanize combo is exactly what these targets are tuned to detect.
• Doing QA testing on your own site — overkill, just use stock Playwright.
• Trying to bypass site terms of service or sign up for accounts en masse — please don’t; that’s not what stealth browsers are for, and you’ll burn your IP space anyway.

How It Compares

Feature	Playwright	playwright-stealth	undetected-chromedriver	Camoufox	CloakBrowser
reCAPTCHA v3 score	0.1	0.3–0.5	0.3–0.7	0.7–0.9	0.9
Cloudflare Turnstile	Fail	Sometimes	Sometimes	Pass	Pass
Patch level	None	JS injection	Config patches	C++ (Firefox)	C++ (Chromium)
Survives Chrome updates	N/A	Breaks often	Breaks often	Yes	Yes
Active maintenance	Yes	Stale	Stale	Unstable	Active
Engine	Chromium	Chromium	Chrome	Firefox	Chromium
Playwright API	Native	Native	No (Selenium)	No	Native
Cost	Free	Free	Free	Free	Free (MIT)

The honest summary: if you’re on Firefox-friendly targets and OK with a non-Playwright API, Camoufox is mature and excellent. For everything else — and particularly anything Playwright-native — CloakBrowser is now the answer.

FAQ

How is CloakBrowser different from playwright-stealth?

playwright-stealth injects JavaScript at page load to overwrite navigator.webdriver and a handful of other properties. Modern detection systems specifically fingerprint the act of patching — they look at when properties were defined, in what order, with what stack trace. CloakBrowser patches at the C++ source level, so there’s nothing to detect. As the README puts it: “Detection sites see a real browser because it is a real browser.”

Can I use it with my existing Playwright code?

Yes. Replace your playwright.sync_api/@playwright/test browser launch with cloakbrowser’s launch(). Every Page, Locator, and Frame API works identically — CloakBrowser only swaps the underlying Chromium binary.

Does it work with browser-use, Crawl4AI, or LangChain agents?

Yes — the README lists drop-in support for browser-use, Crawl4AI, Scrapling, Stagehand, LangChain, and Selenium. You pass CloakBrowser as the underlying browser. Several of those projects shipped explicit cloakbrowser examples in the last fortnight.

Is it safe to run a custom Chromium binary?

The source patches are open and the binary is SHA-256 verified, but you are still running a third-party Chromium build. For sensitive workloads (credentials, banking), use the official Docker image and pin the binary version with cloakbrowser --version-pin. The patches are reviewable on GitHub if you want to audit them.

Does CloakBrowser solve CAPTCHAs?

No. It prevents them from triggering in the first place by looking enough like a real user that the bot-score-based challenges don’t fire. If you hit an unconditional interactive CAPTCHA (e.g., on a login form), you still need a solver service like 2Captcha or CapSolver.

What about IP / proxy rotation?

CloakBrowser doesn’t rotate proxies — that’s outside its scope. You pass a proxy with launch(proxy=…), and with geoip=True it auto-aligns timezone, locale, and WebRTC IP to that proxy’s exit. Pair with any external rotator (Webshare, Bright Data, your own pool).

How often does the binary update?

CloakHQ rebases the patches onto every Chromium stable release — currently Chromium 146 (April 2026 rebase). Auto-update is enabled by default; you can pin a version for reproducibility.

Is there a managed/cloud version?

Not as a hosted service. But the companion CloakBrowser-Manager gives you a self-hostable Multilogin/AdsPower-style UI for profile management with noVNC access — open-source under MIT.

Verdict

CloakBrowser is the rare project that does exactly one thing and does it better than anyone else: it lets your existing Playwright code clear modern bot defenses. The drop-in API means you can A/B test it against stock Playwright in fifteen minutes; the MIT license means you can ship it in production without legal review; and the 49 source-level patches mean it actually works against the detection systems that matter in 2026.

If you’ve been holding off on building a real web-research agent because every scraping POC dies the moment it hits Cloudflare, this is your green light.

⭐ Star CloakBrowser on GitHub →

---

Related reading on andrew.ooo:

• Browser-Use: AI Agent Browser Automation Review
• Trycua/cua Review: Open-Source Computer-Use Agents