Just making a tools list for my project, feel free to send pull requests :) While looking around, it may be a good idea to sign up on all the Discord channels each product has to find some interesting insides from users.
Important: if you work on something related to undetection, like humanizing puppeteer actions, we may consider collaboration as I'm working currently on it too. My TG.
- NSTBrowser - 1000 profiles opened / day free, $299 unlimited, quite new on the market.
- Undetectable - 5 cloud profiles free, $49 for unlimited local with 25 "configs", 1 additional config $1 (API + driver automation)
- Multilogin - starts from €74 for 100 profiles
- Incogniton - 10 free, $29.99/Month for 50
- Octo Browser - starts from €21 for 10
- Gologin - $24 for 100 profiles, no unlimited plan, free proxies
- AdsPower - 2 profiles free, $5.4 for 10 profiles, no unlimited plan
- Morelogin - 2 free, $9 for 10 profiles and 2 users
- Dolphin-anty - 10 free, $89 for 100
- Kameleo - starts €59/user with unlimited profiles
- Vmlogin - $99 for 200 profiles
- Indigo - €99 for 100 profiles
- GhostBrowser - 4 profiles free, $21 unlimited
- Bablosoft - free browser automation studio, for Puppeteer look at puppeteer-with-fingerprints, the only browser as I know that supports faking canvas (with PerfectCanvas
- OctoBrowser - €21 for 10 profiles
- ixBrowser - free, but doesn't mask everything, for example, no GPU masking, API by request
- Gpmlogin - didn't check it yet, pricing is for unlimited use, for 1pc it is $125
Useless:
- AntBrowser - too many lies detected by CreepJS
- Switch Antidetect - using Chrome 103 while 120 is out. Too slow updates.
- GhostBrowser - only user-agent switch, easily fingerprinted
- MarketerBrowser - can't even switch user-agent without detection
A bit old article on how anti-detect browsers can be detected. Example from the article: if( Object.getOwnPropertyNames(navigator)[0] ) alert('fake parameters detected');
- Creep JS - the most advanced detector
- Pixelscan - simple fingerprint checker
- Cloudflare captcha - check if you are passing the captcha
- Coveryourtracks - test to see if you are protected from fingerprinting
- ReCaptha score - see you reCaptcha score
- AmIUnique Fingerprint - see your fingerprint
- Sannysoft Fingerprint - check your fingerprint
- BrowserLeaks
- F.vision
- Extension-detector
- Audio fingerprint
- Behavioral Bot Classification
- Canvas Tampering Detection
- My own tool - the only benefit the code is plain, so you can find very easily how everything is tested.
Others:
More tools can be found: at https://github.com/kkoooqq/fakebrowser
Privacy Manager - 12 modules to change fingerprint of your computer.
For Puppeteer:
- Imposter - my package that emulates human actions on the page, currently in development, join me :)
- Secure-puppeteer
- Extra stealth - trash, as easily detected by CreepJS
- Fingerprints from Bablosoft - free and paid fingerprints to use
- Perfect Canvas from Bablosft - emulating real canvas data
For Selenium/Python:
For request libs:
Chrome launch arguments:
--profile-directory=${dir_name}
// should be together withuserDataDir
--accept-lang=en,en-US,
// th,en,en-GB,en-US works only on new profile dirs--user-agent=${user_agent}
// properly changes user-agent in headers and JS runtime--disable-extensions-except=${EXTENSION_PATH}
--load-extension=${EXTENSION_PATH}
--disable-site-isolation-trials
helps to detect all iframes on the page for Puppeteer, without it frames from another domain will be inaccessible--aggressive-cache-discard
// useful in case u want more time for a debugger to attach or an extension to modify something--disable-gpu
// less detectable canvas fingerprint, but GPU vendor/renderer still will be present
- Fake-browser Based on Puppeteer, with human-like interactions
- Bezier mouse movements
- Definitely-not-a-robot
- Puppeteer-Humanize
- Ghost-Cursor - generate realistic, human-like mouse movement data between coordinates
As each service differs with different captchas support, I took the most popular one: reCaptcha v2 1000 captchas to compare the price:
- Capsolver - AI. $0.8. Supports Outlook & Arksose captchas.
- 2captcha - human. Libs: JS, GO, PHP, Python, Ruby, C#, Java. $1-2.99 (doesn't work for Outlook)
- CaptchaAI - AI, fixed price from $13.5/month for 5 captcha treads.
- CapMonster - AI. $0.6
- SolveCaptcha - human. Many ready-to-use libs. $1
- CapGuru - unsure. Same API as Rucaptcha. $0.55
- NopeCha - AI. Starts from $5/month for 2k captchas/day.
- MetaBypass - AI. Libs: Go, PHP, Python. $3
- EzCaptcha - AI. $0.6
- AntiCaptcha - $0.95, AI
- HardCaptcha - start from $79/month, AI.
- SmsActivate
- OnlineSim
- VakSms
- SmsHub - looks like the cheapest but has a lot of low-quality numbers(at least in Thailand), sometimes specifying an operator helps
- GrizzlySms
- 5Sim
- DataImpulse - from $1/GB (has $5/5Gb welcome package, but normally from $50). IMAP/SMTP blocked.
- WebShare - $6/Gb (from 4.5), cheap status: from $6/month per 20. IMAP/SMTP works.
- GeoNode - $4/Gb (from $1.7)
- LunaProxy - $3/Gb (from $0.8), has static too ($3/week, $5/month), IMAP/SMTP blocked.
- Piaproxy
- Soax - starts at $6.6/GB and less
- IPRoyal - starts at around 5.25/GB for 10GB, less too expensive (IMAP only if spending 5k)
- 922proxy - $3/GB (up to 60 min), $0.22/IP, $5/30 days
- BrightData - around $8/GB
- Script to collect visitors' fingerprints on your website.
- Article How to bypass “slider CAPTCHA” with JS and Puppeteer
- Library of research papers and presentations for counter-detection and web privacy
- CPU fingerprinting gives a model of the CPU with 60% accuracy
- How to bypass PerimeterX
- Article BotOrNot
- Your request fingerprint
Browser - use separately downloaded version of Chrome instead of Chromium, and pass it in executablePath
in Puppeteer.
- Screen width/height + Window height/width - can be emulated by attaching a debugger via Chrome extension, but
screen.availHeight
and width will be wrong. So, it is better to change screen size on a virtual machine or use an anti-detect browser. - Disable WebRTC when using proxies/mask public IP: puppeteer/puppeteer#6377
- Match all proper browser headers in the same order
- Autocontext api https://habr.com/ru/companies/globalsign/articles/475586/ https://fb-killa.pro/threads/povyshaem-svoju-anonimnost-putem-kontrolja-nad-audiocontext-fingerprint.2759/#post-19349
Worker is another sneaky way to detect real browser data, as you can't modify object properties in it with some extension.
window
, screen
, and access to DOM are not available (and therefor canvas)
- Timezone (
Intl.DateTimeFormat().resolvedOptions().timeZone
) - Language (
navigator.language || navigator.userLanguage
) - User agent (
navigator.userAgent
) - Hardware Concurrency (
navigator.hardwareConcurrency
) - GPU data (except Linux & Firefox upd 30.01.2024)