Honest, no-BS technical analysis of web scraping and anti-bot bypass tools.
Learn what actually works, how it works under the hood, and which tool fits your use case.
Sponsored by Scrappey
Scrappey.com — Anti-bot bypass API that handles Cloudflare, DataDome, and more. Skip the browser automation complexity and let Scrappey handle the hard parts.
Every anti-detection tool claims to be "undetectable" or bypass "all bot protection." Most of that is marketing.
This repository provides:
- Source code analysis - We read the actual code, not just the docs
- Technical breakdowns - How each evasion technique works at the protocol level
- Honest assessments - Real limitations, not just success stories
- Comparison guides - Pick the right tool for your specific use case
| Tool | Type | Language | Best For | Analysis |
|---|---|---|---|---|
| Camoufox | Custom Firefox build | Python | C++ level stealth, fingerprint rotation | Read → |
| Patchright | Playwright binary patch | Python, Node.js, .NET | Maximum stealth with Playwright API | Read → |
| SeleniumBase | Selenium + UC Mode | Python | CAPTCHA solving, testing framework | Read → |
| Botasaurus | Selenium wrapper | Python | Human-like mouse movements | Read → |
| XDriver | Playwright CDP patch | Python | Quick stealth without code changes | Read → |
| CloakBrowser | Custom Chromium build | Python, Node.js | C++ stealth + human behavior + Chromium API | Read → |
| Scrapling | All-in-one scraping framework | Python | TLS stealth + adaptive parsing + spider framework | Read → |
| Feature | Camoufox | Patchright | SeleniumBase | Botasaurus | XDriver | CloakBrowser | Scrapling |
|---|---|---|---|---|---|---|---|
navigator.webdriver bypass |
✅ C++ | ✅ | ✅ | ✅ | ✅ | ✅ C++ | ✅ (via Patchright/Camoufox) |
Runtime.enable bypass |
✅ Juggler | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ (via Patchright) |
| Fingerprint rotation | ⭐⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐ | ⭐⭐ | ❌ | ⭐⭐⭐⭐ | ❌ |
| Human mouse simulation | ⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐⭐⭐ | ❌ |
| CDP fingerprint evasion | N/A | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ (via Patchright) |
| Cross-platform parity | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐ | ⭐ | ⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ |
| CAPTCHA solving | ❌ | ❌ | ⭐⭐⭐⭐⭐ | ⭐⭐ | ❌ | ❌ | |
| Cloudflare bypass | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ (auto-solve) |
| Ease of use | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
| TLS fingerprint impersonation | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ curl_cffi (HTTP tier) |
| Built-in parser | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ (784x faster than BS4) |
| Spider/crawler framework | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ Scrapy-like |
| Cost | Free | Free | Free | Free | Free | Free* | Free |
* CloakBrowser wrapper is MIT open-source; the Chromium binary is proprietary but free to use. See security audit notes.
| Service | Camoufox | Patchright | SeleniumBase | Botasaurus | XDriver | CloakBrowser | Scrapling |
|---|---|---|---|---|---|---|---|
| Cloudflare WAF | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ (Stealth) / |
| Cloudflare Turnstile | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ (auto-solve) | |
| DataDome | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ (via Patchright/Camoufox) | |
| Kasada | ✅ | ✅ | ❌ | ✅ | ✅ | ✅ (via Patchright) | |
| PerimeterX | ✅ | ✅ | ❌ | ✅ | ✅ | ||
| Akamai | ❌ | ||||||
| Imperva | ✅ | ✅ | ❌ | ✅ | ✅ |
✅ = Reliably bypasses |
Note: Camoufox uses Firefox (~3% market share). Some WAFs may flag Firefox users more aggressively.
| Your Situation | Recommended Tool | Why |
|---|---|---|
| Undetectable fingerprint spoofing | Camoufox | C++ level = truly native, JS can't detect |
| Need fingerprint rotation | Camoufox | BrowserForge statistical accuracy |
| Enterprise-level anti-bot (Akamai, DataDome) | Patchright + Camoufox | Combine protocol stealth with fingerprint rotation |
| Need CAPTCHA solving | SeleniumBase | Built-in Turnstile/reCAPTCHA handling |
| Maximum Chromium stealth + free | Patchright | Protocol-level CDP bypass |
| C++ Chromium stealth + Playwright API | CloakBrowser | 33 source-level patches, 0.9 reCAPTCHA score |
| Human-like behavior (one flag) | CloakBrowser | humanize=True — Bézier mouse, typing, scroll |
| Human-like mouse movements | Botasaurus | Best Bézier curve implementation |
| Existing Playwright code | XDriver or CloakBrowser | No code changes needed (drop-in replacement) |
| Quick prototype | Botasaurus | Simplest API |
| Node.js / TypeScript | Patchright or CloakBrowser | Multi-language support |
| Testing framework needed | SeleniumBase | pytest/unittest integration |
| All-in-one scraping framework | Scrapling | Fetching + parsing + crawling + stealth in one package |
| HTTP-only stealth (no browser) | Scrapling | TLS impersonation via curl_cffi — fastest option |
| Adaptive scraping (sites change often) | Scrapling | Auto-relocates selectors when DOM changes |
| AI-integrated scraping | Scrapling | MCP server for Claude/Cursor workflows |
Understanding detection helps you choose the right tool:
┌──────────────────────────────────────────────────────────────────────┐
│ DETECTION LAYERS │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 1: Protocol Detection │
│ ├─ Runtime.enable timing [Patchright, XDriver, CloakBrowser]│
│ ├─ Execution context leaks [Patchright] │
│ ├─ Binding exposure [XDriver] │
│ ├─ CDP input behavior mimicking [CloakBrowser - 5 C++ patches] │
│ └─ Juggler isolation (Firefox) [Camoufox - unique] │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 2: Browser Fingerprinting │
│ ├─ navigator.webdriver [All tools] │
│ ├─ Canvas/WebGL fingerprints [Camoufox C++, CloakBrowser C++] │
│ ├─ Screen/Window properties [Camoufox C++, CloakBrowser C++] │
│ ├─ Audio context spoofing [Camoufox C++, CloakBrowser C++] │
│ └─ Font enumeration [Camoufox, CloakBrowser] │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 3: Behavioral Analysis │
│ ├─ Mouse movement patterns [Botasaurus, Camoufox, CloakBrowser]│
│ ├─ Click timing distribution [Botasaurus, SeleniumBase, CloakBrowser]│
│ └─ Scroll/navigation patterns [Botasaurus, CloakBrowser] │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 4: Network Analysis │
│ ├─ TLS fingerprinting (JA3/JA4) [Scrapling Fetcher - curl_cffi] │
│ ├─ WebRTC/UDP leakage [Camoufox, XDriver, Scrapling] │
│ ├─ IP reputation scoring [Use proxies] │
│ └─ DNS leakage [Use SOCKS5H proxies] │
└──────────────────────────────────────────────────────────────────────┘
No tool is truly undetectable. Here's what the marketing won't tell you:
| Reality | Implication |
|---|---|
| Detection is an arms race | What works today may fail tomorrow |
| Enterprise ≠ Free tier | Cloudflare Free vs Enterprise are different beasts |
| IP reputation matters most | Best stealth fails with datacenter IPs |
| Behavioral patterns accumulate | Same scraping pattern = eventual detection |
| TLS fingerprinting exists | Browser TLS signatures are nearly impossible to spoof |
| Protection Level | Tools Alone | + Residential Proxies |
|---|---|---|
| Basic (CF Free, simple checks) | 90%+ | 99%+ |
| Medium (CF Pro, PerimeterX) | 60-80% | 90%+ |
| Enterprise (Akamai, DataDome) | 20-40% | 70-85% |
| Custom ML-based | <20% | 50-70% |
Test your setup against these:
| Test | What It Checks | URL |
|---|---|---|
| Sannysoft | Automation detection | bot.sannysoft.com |
| BrowserScan | Comprehensive fingerprint | browserscan.net |
| Fingerprint.com | Bot detection | fingerprint.com |
| CreepJS | Browser fingerprint | abrahamjuliot.github.io/creepjs |
| Pixelscan | Leak detection | pixelscan.net |
For maximum effectiveness, consider combining tools:
Camoufox (C++ spoofing + BrowserForge) + Residential Proxies
= Statistically accurate fingerprints + clean IPs
= Best for: High-volume scraping with identity rotation
Botasaurus (human mouse) + Patchright (CDP stealth)
= Human-like behavior + protocol-level evasion
SeleniumBase UC Mode + Residential Proxies
= Automatic CAPTCHA solving + clean IP reputation
XDriver (one-command activation) + Sannysoft test
= Fast iteration on stealth configuration
Camoufox (Juggler isolation) + geoip auto-detection
= No automation artifacts visible + locale consistency
= Best for: Sites that don't discriminate against Firefox
CloakBrowser (33 C++ patches + humanize=True) + Residential Proxies
= Source-level fingerprint spoofing + behavioral evasion + clean IPs
= 0.9 reCAPTCHA v3 score + Cloudflare Turnstile pass
= Best for: Chromium-required sites with behavioral detection
Scrapling (Fetcher for bulk HTTP + StealthyFetcher for protected pages)
= TLS-impersonated HTTP for 90% of pages + browser stealth for the rest
= Adaptive selectors survive site redesigns + spider handles crawling
= Best for: Large-scale scraping with mixed protection levels
Found a tool worth analyzing? Open an issue with:
- Tool name and repository URL
- What anti-detection approach it uses
- What protection systems it claims to bypass
This repository is for educational and legitimate purposes:
- Security research and testing
- Academic study
- Authorized penetration testing
- Personal data retrieval from your own accounts
Always respect robots.txt, rate limits, and terms of service.
Add these topics to your GitHub repository for better SEO:
web-scraping, anti-detection, bot-bypass, cloudflare-bypass, captcha-bypass,
playwright, selenium, puppeteer, browser-automation, fingerprint-spoofing,
anti-bot, stealth-browser, datadome-bypass, kasada-bypass, akamai-bypass,
camoufox, patchright, seleniumbase, botasaurus, undetected-chromedriver,
cloakbrowser, scrapling, web-automation, scraping-tools, antibot-bypass, turnstile-bypass,
browser-fingerprinting, cdp-stealth, perimeter-x, imperva-bypass
Stop believing marketing claims. Read the source code.