apunkt/invisible_playwright
1
0
Fork 0
mirror of https://github.com/feder-cr/invisible_playwright.git synced 2026-06-13 08:55:12 +02:00
Code Issues Projects Releases Packages Wiki Activity
invisible_playwright/README.md

203 lines
10 KiB
Markdown
Raw Normal View History

docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
# invisible_playwright
[![tests](https://github.com/feder-cr/invisible_playwright/actions/workflows/tests.yml/badge.svg)](https://github.com/feder-cr/invisible_playwright/actions/workflows/tests.yml)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![Firefox 150.0.1](https://img.shields.io/badge/firefox-150.0.1-orange.svg)](https://www.mozilla.org/firefox/)
[![GitHub release](https://img.shields.io/github/v/release/feder-cr/invisible_playwright.svg)](https://github.com/feder-cr/invisible_playwright/releases)
[![GitHub stars](https://img.shields.io/github/stars/feder-cr/invisible_playwright.svg?style=social)](https://github.com/feder-cr/invisible_playwright/stargazers)
docs(README): fix browser-launches badge to show only the number The per-asset shields.io endpoint rendered the asset filename next to the count ('1 [launch.txt]'). Switching to the per-tag total endpoint renders as just the integer.
2026-05-23 17:07:19 -07:00
[![browser launches](https://img.shields.io/github/downloads/feder-cr/invisible_firefox/usage-counter/total?label=browser%20launches&color=blue)](https://github.com/feder-cr/invisible_firefox/releases/tag/usage-counter)
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
docs: add LinkedIn badge
2026-05-16 17:16:14 -07:00
[![LinkedIn](https://img.shields.io/badge/LinkedIn-Federico%20Elia-0A66C2?logo=linkedin&logoColor=white)](https://it.linkedin.com/in/federico-elia-5199951b6)
docs(README): drop LLM-style typographic characters Replaced em-dashes (—) with commas, colons, or periods depending on context. Kept all emoji (✅/❌/⚠️) in the comparison table since those are scannable scoring cues, not stylistic. Net cleanup: 6 em-dashes removed from tagline, hero alt-text, "Why it's powerful" paragraph, and the comparison intro. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 22:57:29 -07:00
**Stealth Firefox that passes every bot detection test. Drop-in Playwright replacement, fingerprint patched at the C++ level, not a JavaScript shim.**
docs(README): tighten positioning + benchmark vs camoufox and CloakBrowser Three changes aimed at making the project's value legible in 5 seconds for someone landing from a Trending list or HN thread: - New tagline + quantified bullet hook at top. Concrete numbers (0.90 reCAPTCHA, 0 CreepJS lies, 5/5 detection suites passed) up front instead of generic "passes the hardest detectors" wording. - Comparison table rewritten. The commercial-stack columns (Multilogin, GoLogin, AdsPower, Dolphin Anty, Kameleo) were noise for the OSS audience we want to reach. Replaced with the two relevant source-level peers: Camoufox (Firefox, currently in a long maintenance gap) and CloakBrowser (Chromium, fresh, but capped at the Chromium reCAPTCHA ceiling). - "Why it's powerful" opens with explicit positioning vs the two peers, plus the reCAPTCHA v3 score that's the most defensible numeric claim. No code change. Repo homepage URL set separately via API to deep-link the "Why it's powerful" section so visitors from external links land on the value pitch rather than the badges row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 08:26:12 -07:00
docs(README): drop LLM-style typographic characters Replaced em-dashes (—) with commas, colons, or periods depending on context. Kept all emoji (✅/❌/⚠️) in the comparison table since those are scannable scoring cues, not stylistic. Net cleanup: 6 em-dashes removed from tagline, hero alt-text, "Why it's powerful" paragraph, and the comparison intro. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 22:57:29 -07:00
![invisible_playwright - 5/5 detection suites passed](docs/screenshots/hero.gif)
docs(README): add hero.gif above-the-fold + consolidate Results section Hero is a 5-frame slideshow (12.5s loop, 356KB, 1200x675) cycling through the five detection-test screenshots with a green-check caption per frame. Branded with the project name top-left and a github URL top-right so it works when embedded in tweets or blogs without context. Sits immediately after the tagline so the first thing a visitor sees above the fold is moving visual proof, before any text. Industry research on top-performing OSS READMEs in 2026 consistently puts GIF/video first as the single biggest conversion lever for star intent. Also collapsed the five expanded Results subsections down to a single section: the GIF already shows each tester live, so the prose now gives one short bullet per detector plus links to the original full-resolution screenshots for anyone who wants to inspect them. Net effect: roughly 200 lines of vertical scroll removed above the fold, hero visual added, deep-link to per-tester screenshot preserved. No new test surface. No behavior change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 09:28:18 -07:00
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
## Why it's powerful
docs(README): tighten positioning + benchmark vs camoufox and CloakBrowser Three changes aimed at making the project's value legible in 5 seconds for someone landing from a Trending list or HN thread: - New tagline + quantified bullet hook at top. Concrete numbers (0.90 reCAPTCHA, 0 CreepJS lies, 5/5 detection suites passed) up front instead of generic "passes the hardest detectors" wording. - Comparison table rewritten. The commercial-stack columns (Multilogin, GoLogin, AdsPower, Dolphin Anty, Kameleo) were noise for the OSS audience we want to reach. Replaced with the two relevant source-level peers: Camoufox (Firefox, currently in a long maintenance gap) and CloakBrowser (Chromium, fresh, but capped at the Chromium reCAPTCHA ceiling). - "Why it's powerful" opens with explicit positioning vs the two peers, plus the reCAPTCHA v3 score that's the most defensible numeric claim. No code change. Repo homepage URL set separately via API to deep-link the "Why it's powerful" section so visitors from external links land on the value pitch rather than the badges row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 08:26:12 -07:00
**Most other anti-detect browsers patch Chromium at the JavaScript level** - they override `navigator`, `WebGLRenderingContext.getParameter`, canvas APIs, and so on via injected scripts. This has two fatal problems:
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
1. **JS patches are detectable.** Anti-bots enumerate native function `.toString()`, check descriptor configurability, compare property enumeration order, watch for prototype mutations. Every patch leaves a fingerprint of its own. CreepJS has an entire battery of "lies detectors" built around this.
2. **Chromium itself is now suspect.** Residential-proxy bot traffic is overwhelmingly Chromium-based, so detectors weight anything Chromium-shaped as risky by default. Chromium-based forks inherit Chrome's open-source layers (BoringSSL, Blink, V8, ANGLE) cleanly, but they still cannot fully match Chrome in practice: Chrome ships closed-source components on top (Widevine, proprietary codecs, Google Update / Safe Browsing endpoints) that flip detectable JS feature flags and network signals, and forks lag Chrome's release cadence by days to weeks, leaving telltale version-specific behaviours that detectors lock onto.
**invisible_playwright patches Firefox at the C++ level.** The spoofed values come back out through the normal Gecko paths - there is no JS shim, no override, no `Object.defineProperty`. **From the page's point of view, the browser is just telling the truth.** Anti-bot lie-detectors have nothing to latch onto.
docs(README): drop LLM-style typographic characters Replaced em-dashes (—) with commas, colons, or periods depending on context. Kept all emoji (✅/❌/⚠️) in the comparison table since those are scannable scoring cues, not stylistic. Net cleanup: 6 em-dashes removed from tagline, hero alt-text, "Why it's powerful" paragraph, and the comparison intro. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 22:57:29 -07:00
invisible_playwright spoofs **all the layers that matter, together, coherently**: Navigator, screen, GPU/WebGL, Canvas, fonts, audio, WebRTC, timezone, DevTools detection, SOCKS5 auth, and the rest. See [feder-cr/invisible_firefox](https://github.com/feder-cr/invisible_firefox) for the full per-layer breakdown of which C++ files are patched and why.
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
Everything is driven by preferences - no hardcoded values in the binary. You change one pref, you change the spoofed value.
---
## How it compares
Update README.md
2026-06-06 15:24:23 +02:00
**CloakBrowser** ships a similar pitch for Chromium, but its binary is **closed source** (the source-level patches are not published, you only get the compiled output), and it still hits the Chromium reCAPTCHA ceiling. The commercial anti-detect browsers (**Multilogin**, **GoLogin**, AdsPower, Dolphin, Kameleo) are paid SaaS that overlay JS-layer spoofing on a patched Chromium. Managed profiles are nice but raw detection bypass sits below both Camoufox and us.
| | invisible_playwright | Camoufox | CloakBrowser | Multilogin |
|---|---|---|---|---|
| Engine | Firefox 150 | Firefox (~1 year old base) | Chromium | Chromium fork |
Update README.md
2026-06-08 06:16:49 +02:00
| Patch depth | C++ source | C++ source | C++ source | JS overrides |
| Maintenance | Active | Gap (~1 year) | Active | Active SaaS |
Update README.md
2026-06-06 15:24:23 +02:00
| Open source | ✅ MIT | ✅ MPL | ❌ Closed source | ❌ Closed source |
| `.toString()` clean | ✅ | ✅ | ✅ | ❌ Detectable shims |
| Canvas / WebGL / Audio | ✅ C++ | ⚠️ Drift vs current FF | ✅ C++ | ⚠️ JS override |
| SOCKS5 auth | ✅ Patched | ❌ | ⚠️ Playwright proxy | ⚠️ Varies |
| **reCAPTCHA v3 score** | **0.90** | ~0.3-0.5 | ~0.3-0.5 | ~0.3-0.6 |
| FP Pro - bot detected | ✅ Not detected | ❌ Detected | ❌ Detected | ❌ Detected |
| CreepJS lies | ✅ 0 | ❌ Multiple | ✅ 0 | ❌ Multiple |
| Cost | Free | Free | Free | From $99/mo |
docs(README): add hero.gif above-the-fold + consolidate Results section Hero is a 5-frame slideshow (12.5s loop, 356KB, 1200x675) cycling through the five detection-test screenshots with a green-check caption per frame. Branded with the project name top-left and a github URL top-right so it works when embedded in tweets or blogs without context. Sits immediately after the tagline so the first thing a visitor sees above the fold is moving visual proof, before any text. Industry research on top-performing OSS READMEs in 2026 consistently puts GIF/video first as the single biggest conversion lever for star intent. Also collapsed the five expanded Results subsections down to a single section: the GIF already shows each tester live, so the prose now gives one short bullet per detector plus links to the original full-resolution screenshots for anyone who wants to inspect them. Net effect: roughly 200 lines of vertical scroll removed above the fold, hero visual added, deep-link to per-tester screenshot preserved. No new test surface. No behavior change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-25 09:28:18 -07:00
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
---
## Install
```bash
pip install git+https://github.com/feder-cr/invisible_playwright.git
python -m invisible_playwright fetch # one-time ~100 MB download, SHA256-verified
```
docs: README lists all 5 supported platforms + fetch --force firefox-9 ships linux x86_64/arm64, windows x86_64 and macOS arm64/x86_64 since the CI pipeline; the README still said Windows+Linux only. Also document the macOS quarantine step (ad-hoc signed, not notarized) and the fetch --force flag added with firefox-9.
2026-06-10 11:10:49 +02:00
Supported platforms: **Windows x86_64**, **Linux x86_64 / arm64**, **macOS arm64 / x86_64**. On macOS the app is ad-hoc signed (not notarized): if Gatekeeper complains, clear the quarantine flag once with `xattr -dr com.apple.quarantine` on the cached `Firefox.app`.
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
---
## Usage
### Random fingerprint per session
**100% Playwright-compatible** - sync and async, all methods, zero API changes. If you already use Playwright, switching is two lines:
```diff
- from playwright.sync_api import sync_playwright
- with sync_playwright() as p:
- browser = p.firefox.launch()
+ from invisible_playwright import InvisiblePlaywright
+ with InvisiblePlaywright() as browser:
```
Every session gets a unique, coherent fingerprint drawn from real-world Firefox telemetry (GPU / audio / fonts / ~400 other fields) and Bezier-curve mouse motion baked into the browser itself.
**Sync**
```python
from invisible_playwright import InvisiblePlaywright
with InvisiblePlaywright(proxy={"server": "socks5://...", "username": "u", "password": "p"}) as browser:
page = browser.new_page()
page.goto("https://example.com")
page.click("#submit") # mouse arcs to the button on a Bezier curve
```
**Async**
```python
from invisible_playwright.async_api import InvisiblePlaywright
async with InvisiblePlaywright(proxy={"server": "socks5://...", "username": "u", "password": "p"}) as browser:
page = await browser.new_page()
await page.goto("https://example.com")
await page.click("#submit")
```
The `browser` object is a `playwright.sync_api.Browser` / `playwright.async_api.Browser` - every Playwright method works as-is.
---
### Random fingerprint per session
```python
from invisible_playwright import InvisiblePlaywright
with InvisiblePlaywright() as browser:
page = browser.new_page()
page.goto("https://creepjs-api.web.app")
```
Every call samples a new coherent profile. Log the seed to reproduce interesting runs:
```python
sf = InvisiblePlaywright()
with sf as browser:
print("seed =", sf.seed)
# ...
```
### Reproducible fingerprint
```python
with InvisiblePlaywright(seed=42) as browser:
... # same GPU, same canvas hash, same audio context, every run
```
### Proxies
```python
proxy = {
"server": "socks5://gate.example.com:1080",
"username": "user",
"password": "pass",
}
with InvisiblePlaywright(proxy=proxy) as browser:
...
```
Schemes supported: `socks5`, `socks4`, `http`, `https`. Auth works on all of them (SOCKS5 via patched `nsProtocolProxyService.cpp`, HTTP/HTTPS via Playwright). DNS is routed through the proxy by default, no local leak.
feat: timezone="auto" derives the zone from the proxy egress IP A proxy in a different country paired with the host timezone is the classic timezone_mismatch signal, so a session with a proxy and no explicit timezone now resolves the zone automatically. - discover the egress IP through the proxy (SOCKS via requests[socks]), map it to an IANA zone with an offline mmdb (daijro/geoip-all-in-one, downloaded + cached like the Firefox binary; GPL so not vendored) - precedence: explicit zone wins; ""+proxy and "auto"+proxy resolve; ""/"auto" without a proxy stay host; "host"/"local" force host TZ - fail-early when a proxy is set but the zone cannot be resolved, never a silent host-TZ fallback - deps: requests[socks], maxminddb, tzdata (zoneinfo ships no DB on Windows) - resolve_session_timezone / ensure_geoip_mmdb exported for integrations
2026-06-06 04:16:22 +02:00
### Timezone
The browser timezone follows `timezone=`:
```python
feat: timezone="auto" resolves from any egress + weekly geoip auto-update Refine timezone="auto" so it ALWAYS resolves (drop the "host" sentinel): - ""/"auto" resolve from the proxy egress when a proxy is set, else from the host own public IP (direct lookup); an explicit zone is the only opt-out. - on failure: with a proxy raise; without a proxy fall back to the host TZ. GeoIP DB now auto-updates against daijro/geoip-all-in-one weekly rebuild: cache the latest, re-check after GEOIP_REFRESH_DAYS (7), prune old tags, reuse a stale cache offline; GEOIP_MMDB_VERSION is only the cold fallback. tests: test_geo.py (37) + test_geoip_update.py; full unit suite 429 green plus 8 live combinations (proxy / no-proxy / explicit / failing / freshness).
2026-06-06 05:16:20 +02:00
# default: timezone is auto-derived from the egress IP (proxy egress if a
# proxy is set, otherwise the host's own public IP)
feat: timezone="auto" derives the zone from the proxy egress IP A proxy in a different country paired with the host timezone is the classic timezone_mismatch signal, so a session with a proxy and no explicit timezone now resolves the zone automatically. - discover the egress IP through the proxy (SOCKS via requests[socks]), map it to an IANA zone with an offline mmdb (daijro/geoip-all-in-one, downloaded + cached like the Firefox binary; GPL so not vendored) - precedence: explicit zone wins; ""+proxy and "auto"+proxy resolve; ""/"auto" without a proxy stay host; "host"/"local" force host TZ - fail-early when a proxy is set but the zone cannot be resolved, never a silent host-TZ fallback - deps: requests[socks], maxminddb, tzdata (zoneinfo ships no DB on Windows) - resolve_session_timezone / ensure_geoip_mmdb exported for integrations
2026-06-06 04:16:22 +02:00
with InvisiblePlaywright(proxy=proxy) as browser:
...
feat: timezone="auto" resolves from any egress + weekly geoip auto-update Refine timezone="auto" so it ALWAYS resolves (drop the "host" sentinel): - ""/"auto" resolve from the proxy egress when a proxy is set, else from the host own public IP (direct lookup); an explicit zone is the only opt-out. - on failure: with a proxy raise; without a proxy fall back to the host TZ. GeoIP DB now auto-updates against daijro/geoip-all-in-one weekly rebuild: cache the latest, re-check after GEOIP_REFRESH_DAYS (7), prune old tags, reuse a stale cache offline; GEOIP_MMDB_VERSION is only the cold fallback. tests: test_geo.py (37) + test_geoip_update.py; full unit suite 429 green plus 8 live combinations (proxy / no-proxy / explicit / failing / freshness).
2026-06-06 05:16:20 +02:00
# explicit IANA zone always wins — the only way to force a specific zone
feat: timezone="auto" derives the zone from the proxy egress IP A proxy in a different country paired with the host timezone is the classic timezone_mismatch signal, so a session with a proxy and no explicit timezone now resolves the zone automatically. - discover the egress IP through the proxy (SOCKS via requests[socks]), map it to an IANA zone with an offline mmdb (daijro/geoip-all-in-one, downloaded + cached like the Firefox binary; GPL so not vendored) - precedence: explicit zone wins; ""+proxy and "auto"+proxy resolve; ""/"auto" without a proxy stay host; "host"/"local" force host TZ - fail-early when a proxy is set but the zone cannot be resolved, never a silent host-TZ fallback - deps: requests[socks], maxminddb, tzdata (zoneinfo ships no DB on Windows) - resolve_session_timezone / ensure_geoip_mmdb exported for integrations
2026-06-06 04:16:22 +02:00
with InvisiblePlaywright(proxy=proxy, timezone="America/New_York") as browser:
...
```
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
### Pinning specific fingerprint fields
By default everything comes from `seed`. To force specific values while the rest stays seed-derived:
```python
with InvisiblePlaywright(
seed=42,
pin={
"gpu.renderer": "ANGLE (NVIDIA, NVIDIA GeForce RTX 4090 Direct3D11)",
"gpu.vendor": "Google Inc. (NVIDIA)",
"screen.width": 2560,
"screen.height": 1440,
"hardware.concurrency": 16,
},
) as browser:
...
```
Full list of pinnable keys, how pinning interacts with the Bayesian sampler, and common patterns are in **[docs/pinning.md](docs/pinning.md)**.
---
## CLI
```bash
invisible_playwright fetch # download the binary if missing
docs: README lists all 5 supported platforms + fetch --force firefox-9 ships linux x86_64/arm64, windows x86_64 and macOS arm64/x86_64 since the CI pipeline; the README still said Windows+Linux only. Also document the macOS quarantine step (ad-hoc signed, not notarized) and the fetch --force flag added with firefox-9.
2026-06-10 11:10:49 +02:00
invisible_playwright fetch --force # re-download even if cached
docs: add Related projects section (arkenfox, LibreWolf, Camoufox)
2026-05-16 17:09:52 -07:00
invisible_playwright path # print the absolute path to the cached binary
invisible_playwright version # wrapper and binary versions
invisible_playwright clear-cache # remove all cached binaries
```
## Related projects
invisible_playwright takes a different angle than the major Firefox-hardening projects but stands on their shoulders:
- **[arkenfox/user.js](https://github.com/arkenfox/user.js)** - the canonical Firefox configuration for privacy/security hardening via prefs. Reading arkenfox is how you understand which `user.js` knobs matter; invisible_playwright goes further by patching the C++ source where prefs alone are insufficient (Canvas noise, WebGL parameter overrides, font whitelisting, WebRTC IP swap, DevTools detection bypass).
- **[LibreWolf](https://librewolf.net)** - a Firefox fork bundled with sensible privacy defaults. Same audience, different distribution model: LibreWolf ships a configured Firefox binary, invisible_playwright ships source patches + a wrapper for automation.
- **[Camoufox](https://github.com/daijro/camoufox)** - the most well-known open-source anti-detect Firefox project. We share design goals on the fingerprint-spoofing side; the implementation approach differs (Camoufox patches a wider surface and ships its own fingerprint database, while invisible_playwright sticks closer to vanilla and drives spoofing from a Bayesian sampler).
---
## License
docs: rename source-fork repo references invisible-firefox -> invisible_firefox The companion Firefox source-fork repo was renamed today from feder-cr/invisible-firefox to feder-cr/invisible_firefox so the two canonical project repos share the same underscore naming (invisible_playwright + invisible_firefox). GitHub redirects clones of the old URL transparently, so anyone with an existing clone keeps working without changes. New clones go through the underscore URL directly. This commit updates all in-repo references (README, CHANGELOG, CONTRIBUTING, SECURITY, ISSUE_TEMPLATE/config.yml) to the new name. No code, no version bump, no behavior change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 11:09:27 -07:00
MIT - see [LICENSE](LICENSE). The patched Firefox binary is distributed under the MPL-2.0 (Firefox upstream license). The C++ patches against mozilla-central that produce that binary are at [feder-cr/invisible_firefox](https://github.com/feder-cr/invisible_firefox).
Reference in a new issue Copy permalink