Just making a tools list for my project, feel free to send pull requests :) While looking around, it may be a good idea to sign up on all the Discord channels each product has to find some interesting insides from users.
Important: if you work on something related to undetection, like humanizing puppeteer actions, we may consider collaboration as I'm working currently on it too. My TG.
- NSTBrowser - 10 profiles opened / day free, $299 for 3000 open profiles per day, quite new on the market.
- Undetectable - 5 cloud profiles free, $49 for unlimited local with 25 "configs", 1 additional config $1 (API + driver automation)
- Multilogin - starts from €74 for 100 profiles
- Incogniton - 10 free, $29.99/Month for 50
- Octo Browser - starts from €21 for 10
- Gologin - 3 free, $24 for 100 profiles, no unlimited plan, free proxies
- AdsPower - 2 profiles free, $5.4 for 10 profiles, no unlimited plan
- Morelogin - 2 free, $9 for 10 profiles and 2 users
- Dolphin-anty - 10 free, $89 for 100
- Kameleo - starts €59/user with unlimited profiles
- Vmlogin - $99 for 200 profiles
- Indigo - €99 for 100 profiles
- GhostBrowser - 4 profiles free, $21 unlimited
- Bablosoft - free browser automation studio, for Puppeteer look at puppeteer-with-fingerprints, the only browser as I know that supports faking canvas (with PerfectCanvas. If you need a code for your website to generate own canvases I can sell you it. Then you can add it to your fingerprints (Their PerfectCanvas is very slow and you can get only 30-40 per day, otherwise will need to buy CustomServer).
- OctoBrowser - €21 for 10 profiles
- ixBrowser - free, but doesn't mask everything, for example, no GPU masking, API by request
- Gpmlogin - didn't check it yet, pricing is for unlimited use, for 1pc it is $125
- VektorT13 - anti-detect based on virtual machines
Useless:
- AntBrowser - too many lies detected by CreepJS
- Switch Antidetect - using Chrome 103 while 120 is out. Too slow updates.
- GhostBrowser - only user-agent switch, easily fingerprinted
- MarketerBrowser - can't even switch user-agent without detection
A bit old article on how anti-detect browsers can be detected. Example from the article: if( Object.getOwnPropertyNames(navigator)[0] ) alert('fake parameters detected');
- Creep JS - the most advanced detector
- Pixelscan - simple fingerprint checker
- F.vision - old f.vision
- NikolaiT/zardaxt - Passive TCP/IP fingerprinting (look for Live demo link)
- Coveryourtracks - test to see if you are protected from fingerprinting
- ReCaptha score - see you reCaptcha score
- AmIUnique Fingerprint - see your fingerprint
- Sannysoft Fingerprint - check your fingerprint
- BrowserLeaks
- Extension-detector
- Audio fingerprint
- Behavioral Bot Classification
- Canvas Tampering Detection
- ProxyDetect - detection of proxy/vpn
- WebbrowserTools - many tools to check fingerprint
- My own tool - the only benefit the code is plain, so you can find very easily how everything is tested.
- Rebrowser-bot-detector - interesting test where you have to do some automation tasks and it will try to detect you
- BotChecker
Others:
- BrowserScan
- Iphey
- Canvas inspector
- ipQualityScore - API for checking your IP reputation and other stuff. But it is dogshit, as I can't register there from real devices, it says Im using VPN/proxy. Maybe only for USA.
- FingerBank - API for checking TCP fingerprints by signature
- Cloudflare captcha - check if you are passing the captcha
More tools can be found: at https://github.com/kkoooqq/fakebrowser
Privacy Manager - 12 modules to change fingerprint of your computer.
For Puppeteer:
- Imposter - my package that emulates human actions on the page, currently in development, join me :)
- Rebrowser - isolated environment
- Secure-puppeteer - isolated environment, outdated, so XPath and some feautures doesnt work
- Extra stealth - trash, as easily detected by CreepJS
- Fingerprints from Bablosoft - free and paid fingerprints to use
- Perfect Canvas from Bablosft - emulating real canvas data
For Playwright:
- Rebrowser - isolated environment
For Selenium/Python:
- Undetected-chromedriver
- Pyautogui - control the mouse and keyboard to automate interactions with other applications
- Selenium-Driverless - use selenium without chromedriver
For request libs:
Chrome launch arguments:
--profile-directory=${dir_name}
// should be together withuserDataDir
--accept-lang=en,en-US,
// th,en,en-GB,en-US works only on new profile dirs--user-agent=${user_agent}
// properly changes user-agent in headers and JS runtime--disable-extensions-except=${EXTENSION_PATH}
--load-extension=${EXTENSION_PATH}
--disable-site-isolation-trials
helps to detect all iframes on the page for Puppeteer, without it frames from another domain will be inaccessible--aggressive-cache-discard
// useful in case u want more time for a debugger to attach or an extension to modify something--disable-gpu
// less detectable canvas fingerprint, but GPU vendor/renderer still will be present
- Fake-browser Based on Puppeteer, with human-like interactions
- Bezier mouse movements
- Definitely-not-a-robot
- Puppeteer-Humanize
- Ghost-Cursor - generate realistic, human-like mouse movement data between coordinates
- SmsActivate - min top up ~$2.5, high commissions
- VakSms - not every country is available
- SmsHub - looks like the cheapest but has a lot of low-quality numbers(at least in Thailand), sometimes specifying an operator helps
- GrizzlySms
- 5Sim - expensive for some countries but has activation rate data available (Thailand for example)
- OnlineSim - very expensive
- SmsBower - min top up $2.86, low commission
- 365sms - top up from $1
- List of mobile proxies
- DataImpulse - from $1/GB (has $5/5Gb welcome package, but normally from $50). IMAP/SMTP blocked.
- WebShare - $6/Gb (from 4.5), cheap status: from $6/month per 20. IMAP/SMTP works.
- GeoNode - $4/Gb (from $1.7)
- LunaProxy - $3/Gb (from $0.8), has static too ($3/week, $5/month), IMAP/SMTP blocked.
- Piaproxy
- Soax - starts at $6.6/GB and less
- IPRoyal - starts at around 5.25/GB for 10GB, less too expensive (IMAP only if spending 5k)
- 922proxy - $3/GB (up to 60 min), $0.22/IP, $5/30 days
- BrightData - around $8/GB
- 9proxy.com - $0.07-0.2/IP
- Script to collect visitors' fingerprints on your website.
- Article How to bypass “slider CAPTCHA” with JS and Puppeteer
- Library of research papers and presentations for counter-detection and web privacy
- CPU fingerprinting gives a model of the CPU with 60% accuracy
- How to bypass PerimeterX
- Article BotOrNot
- Your request fingerprint
Browser - use separately downloaded version of Chrome instead of Chromium, and pass it in executablePath
in Puppeteer.
- Screen width/height + Window height/width - can be emulated by attaching a debugger via Chrome extension, but
screen.availHeight
and width will be wrong. So, it is better to change screen size on a virtual machine or use an anti-detect browser. - Disable WebRTC when using proxies/mask public IP: puppeteer/puppeteer#6377
- Match all proper browser headers in the same order
- Autocontext api https://habr.com/ru/companies/globalsign/articles/475586/ https://fb-killa.pro/threads/povyshaem-svoju-anonimnost-putem-kontrolja-nad-audiocontext-fingerprint.2759/#post-19349
- Make sure nothing of your scripts if visible in global score, some websites collect all data (like window.*) and analyze it
- Did you know if you go directly on the website without googling it it will be visible by using window.history.length?
Worker is another sneaky way to detect real browser data, as you can't modify object properties in it with some extension.
window
, screen
, and access to DOM are not available (and therefor canvas)
- Timezone (
Intl.DateTimeFormat().resolvedOptions().timeZone
) - Language (
navigator.language || navigator.userLanguage
) - User agent (
navigator.userAgent
) - Hardware Concurrency (
navigator.hardwareConcurrency
) - GPU data (except Linux & Firefox upd 30.01.2024)