Honest, no-BS technical analysis of web scraping and anti-bot bypass tools.
Learn what actually works, how it works under the hood, and which tool fits your use case.
Every anti-detection tool claims to be "undetectable" or bypass "all bot protection." Most of that is marketing.
This repository provides:
- Source code analysis - We read the actual code, not just the docs
- Technical breakdowns - How each evasion technique works at the protocol level
- Honest assessments - Real limitations, not just success stories
- Comparison guides - Pick the right tool for your specific use case
| Tool | Type | Language | Best For | Analysis |
|---|---|---|---|---|
| Camoufox | Custom Firefox build | Python | C++ level stealth, fingerprint rotation | Read → |
| Patchright | Playwright binary patch | Python, Node.js, .NET | Maximum stealth with Playwright API | Read → |
| SeleniumBase | Selenium + UC Mode | Python | CAPTCHA solving, testing framework | Read → |
| Botasaurus | Selenium wrapper | Python | Human-like mouse movements | Read → |
| XDriver | Playwright CDP patch | Python | Quick stealth without code changes | Read → |
| Feature | Camoufox | Patchright | SeleniumBase | Botasaurus | XDriver |
|---|---|---|---|---|---|
navigator.webdriver bypass |
✅ C++ | ✅ | ✅ | ✅ | ✅ |
Runtime.enable bypass |
✅ Juggler | ✅ | ✅ | ❌ | ✅ |
| Fingerprint rotation | ⭐⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐ | ⭐⭐ | ❌ |
| Human mouse simulation | ⭐⭐⭐⭐ | ⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐ |
| CDP fingerprint evasion | N/A | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ |
| Cross-platform parity | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐ | ⭐ | ⭐⭐ |
| CAPTCHA solving | ❌ | ❌ | ⭐⭐⭐⭐⭐ | ⭐⭐ | ❌ |
| Cloudflare bypass | ⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐ |
| Ease of use | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
| Cost | Free | Free | Free | Free | Free |
| Service | Camoufox | Patchright | SeleniumBase | Botasaurus | XDriver |
|---|---|---|---|---|---|
| Cloudflare WAF | ✅ | ✅ | ✅ | ✅ | ✅ |
| Cloudflare Turnstile | ✅ | ✅ | ✅ | ✅ | |
| DataDome | ✅ | ✅ | ✅ | ✅ | |
| Kasada | ✅ | ✅ | ❌ | ✅ | |
| PerimeterX | ✅ | ✅ | ❌ | ✅ | |
| Akamai | ❌ | ||||
| Imperva | ✅ | ✅ | ❌ | ✅ |
✅ = Reliably bypasses |
Note: Camoufox uses Firefox (~3% market share). Some WAFs may flag Firefox users more aggressively.
| Your Situation | Recommended Tool | Why |
|---|---|---|
| Undetectable fingerprint spoofing | Camoufox | C++ level = truly native, JS can't detect |
| Need fingerprint rotation | Camoufox | BrowserForge statistical accuracy |
| Enterprise-level anti-bot (Akamai, DataDome) | Patchright + Camoufox | Combine protocol stealth with fingerprint rotation |
| Need CAPTCHA solving | SeleniumBase | Built-in Turnstile/reCAPTCHA handling |
| Maximum Chromium stealth + free | Patchright | Protocol-level CDP bypass |
| Human-like mouse movements | Botasaurus | Best Bézier curve implementation |
| Existing Playwright code | XDriver | No code changes needed |
| Quick prototype | Botasaurus | Simplest API |
| Node.js / TypeScript | Patchright | Multi-language support |
| Testing framework needed | SeleniumBase | pytest/unittest integration |
Understanding detection helps you choose the right tool:
┌──────────────────────────────────────────────────────────────────────┐
│ DETECTION LAYERS │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 1: Protocol Detection │
│ ├─ Runtime.enable timing [Patchright, XDriver] │
│ ├─ Execution context leaks [Patchright] │
│ ├─ Binding exposure [XDriver] │
│ └─ Juggler isolation (Firefox) [Camoufox - unique] │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 2: Browser Fingerprinting │
│ ├─ navigator.webdriver [All tools] │
│ ├─ Canvas/WebGL fingerprints [Camoufox C++] │
│ ├─ Screen/Window properties [Camoufox C++ - undetectable] │
│ ├─ Audio context spoofing [Camoufox C++] │
│ └─ Font enumeration [Camoufox] │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 3: Behavioral Analysis │
│ ├─ Mouse movement patterns [Botasaurus, Camoufox] │
│ ├─ Click timing distribution [Botasaurus, SeleniumBase] │
│ └─ Scroll/navigation patterns [Botasaurus] │
├──────────────────────────────────────────────────────────────────────┤
│ Layer 4: Network Analysis │
│ ├─ TLS fingerprinting (JA3/JA4) [Hard to spoof - use real browser] │
│ ├─ WebRTC/UDP leakage [Camoufox, XDriver] │
│ ├─ IP reputation scoring [Use proxies] │
│ └─ DNS leakage [Use SOCKS5H proxies] │
└──────────────────────────────────────────────────────────────────────┘
No tool is truly undetectable. Here's what the marketing won't tell you:
| Reality | Implication |
|---|---|
| Detection is an arms race | What works today may fail tomorrow |
| Enterprise ≠ Free tier | Cloudflare Free vs Enterprise are different beasts |
| IP reputation matters most | Best stealth fails with datacenter IPs |
| Behavioral patterns accumulate | Same scraping pattern = eventual detection |
| TLS fingerprinting exists | Browser TLS signatures are nearly impossible to spoof |
| Protection Level | Tools Alone | + Residential Proxies |
|---|---|---|
| Basic (CF Free, simple checks) | 90%+ | 99%+ |
| Medium (CF Pro, PerimeterX) | 60-80% | 90%+ |
| Enterprise (Akamai, DataDome) | 20-40% | 70-85% |
| Custom ML-based | <20% | 50-70% |
Test your setup against these:
| Test | What It Checks | URL |
|---|---|---|
| Sannysoft | Automation detection | bot.sannysoft.com |
| BrowserScan | Comprehensive fingerprint | browserscan.net |
| Fingerprint.com | Bot detection | fingerprint.com |
| CreepJS | Browser fingerprint | abrahamjuliot.github.io/creepjs |
| Pixelscan | Leak detection | pixelscan.net |
For maximum effectiveness, consider combining tools:
Camoufox (C++ spoofing + BrowserForge) + Residential Proxies
= Statistically accurate fingerprints + clean IPs
= Best for: High-volume scraping with identity rotation
Botasaurus (human mouse) + Patchright (CDP stealth)
= Human-like behavior + protocol-level evasion
SeleniumBase UC Mode + Residential Proxies
= Automatic CAPTCHA solving + clean IP reputation
XDriver (one-command activation) + Sannysoft test
= Fast iteration on stealth configuration
Camoufox (Juggler isolation) + geoip auto-detection
= No automation artifacts visible + locale consistency
= Best for: Sites that don't discriminate against Firefox
Found a tool worth analyzing? Open an issue with:
- Tool name and repository URL
- What anti-detection approach it uses
- What protection systems it claims to bypass
This repository is for educational and legitimate purposes:
- Security research and testing
- Academic study
- Authorized penetration testing
- Personal data retrieval from your own accounts
Always respect robots.txt, rate limits, and terms of service.
Add these topics to your GitHub repository for better SEO:
web-scraping, anti-detection, bot-bypass, cloudflare-bypass, captcha-bypass,
playwright, selenium, puppeteer, browser-automation, fingerprint-spoofing,
anti-bot, stealth-browser, datadome-bypass, kasada-bypass, akamai-bypass,
camoufox, patchright, seleniumbase, botasaurus, undetected-chromedriver,
web-automation, scraping-tools, antibot-bypass, turnstile-bypass,
browser-fingerprinting, cdp-stealth, perimeter-x, imperva-bypass
Stop believing marketing claims. Read the source code.