Curated anti-detect tools list

Just making a tools list for my project, feel free to send pull requests :) While you are looking around, it may be a good idea to sign up on all the Discord channels each product has can find some interesting insides from users.

Important: if you work on something related to undetection, like humanizing puppeteer actions, we may consider collaboration as I'm working currently on it too. My TG.

Anti-detect browsers

• NSTBrowser - 1000 profiles opened / day free, $299 unlimited, quite new on the market.
• Undetectable - 5 cloud profiles free, $49 for unlimited local with 25 "configs", 1 additional config $1 (API + driver automation)
• Multilogin - starts from €74 for 100 profiles
• Incogniton - 10 free, $29.99/Month for 50
• Octo Browser - starts from €21 for 10
• Gologin - $24 for 100 profiles, no unlimited plan, free proxies
• AdsPower - 2 profiles free, $5.4 for 10 profiles, no unlimited plan
• Morelogin - 2 free, $9 for 10 profiles and 2 users
• Dolphin-anty - 10 free, $89 for 100
• Kameleo - starts €59/user with unlimited profiles
• Vmlogin - $99 for 200 profiles
• Indigo - €99 for 100 profiles
• GhostBrowser - 4 profiles free, $21 unlimited
• Bablosoft - free browser automation studio, for Puppeteer look at puppeteer-with-fingerprints, the only browser as I know that supports faking canvas (with PerfectCanvas
• OctoBrowser - €21 for 10 profiles
• ixBrowser - free, but doesn't mask everything, for example, no GPU masking, API by request
• Gpmlogin - didn't check it yet, pricing is for unlimited use, for 1pc it is $125

Useless:

• AntBrowser - too many lies detected by CreepJS
• Switch Antidetect - using Chrome 103 while 120 is out. Too slow updates.
• GhostBrowser - only user-agent switch, easily fingerprinted
• MarketerBrowser - can't even switch user-agent without detection

A bit old article on how anti-detect browsers can be detected. Example from the article: if( Object.getOwnPropertyNames(navigator)[0] ) alert('fake parameters detected');

Detection tests

• Creep JS - the most advanced detector
• Pixelscan - simple fingerprint checker
• Cloudflare captcha - check if you are passing the captcha
• Coveryourtracks - test to see if you are protected from fingerprinting
• ReCaptha score - see you reCaptcha score
• AmIUnique Fingerprint - see your fingerprint
• Sannysoft Fingerprint - check your fingerprint
• BrowserLeaks
• F.vision
• Extension-detector
• Audio fingerprint
• Behavioral Bot Classification
• Canvas Tampering Detection
• My own tool - the only benefit the code is plain, so you can find very easily how everything is tested.

Others:

• BrowserScan
• Iphey
• Canvas inspector

More tools can be found: at https://github.com/kkoooqq/fakebrowser

Anti-detect libs

Privacy Manager - 12 modules to change fingerprint of your computer.

For Puppeteer:

• Imposter - my package that emulates human actions on the page, currently in development, join me :)
• Secure-puppeteer
• Extra stealth - trash, as easily detected by CreepJS
• Fingerprints from Bablosoft - free and paid fingerprints to use
• Perfect Canvas from Bablosft - emulating real canvas data

For Selenium/Python:

• Undetected-chromedriver

For request libs:

• Curl-impersonate
• For GO
• CycleTLS for NodeJS/GO
• curl_cffi for Python
• Got-Scraping for NodeJS

Chrome launch arguments:

• --profile-directory=${dir_name} // should be together with userDataDir
• --accept-lang=en,en-US, // th,en,en-GB,en-US works only on new profile dirs
• --user-agent=${user_agent} // properly changes user-agent in headers and JS runtime
• --disable-extensions-except=${EXTENSION_PATH}
• --load-extension=${EXTENSION_PATH}
• --disable-site-isolation-trials helps to detect all iframes on the page for Puppeteer, without it frames from another domain will be inaccessible
• --aggressive-cache-discard // useful in case u want more time for a debugger to attach or an extension to modify something
• --disable-gpu // less detectable canvas fingerprint, but GPU vendor/renderer still will be present

Humanizing

• Fake-browser Based on Puppeteer, with human-like interactions
• Bezier mouse movements
• Definitely-not-a-robot
• Puppeteer-Humanize
• Ghost-Cursor - generate realistic, human-like mouse movement data between coordinates

Captha solvers

As each service differs with different captchas support, I took the most popular one: reCaptcha v2 1000 captchas to compare the price:

• Capsolver - AI. $0.8. Supports Outlook & Arksose captchas.
• 2captcha - human. Libs: JS, GO, PHP, Python, Ruby, C#, Java. $1-2.99 (doesn't work for Outlook)
• CaptchaAI - AI, fixed price from $13.5/month for 5 captcha treads.
• CapMonster - AI. $0.6
• SolveCaptcha - human. Many ready-to-use libs. $1
• CapGuru - unsure. Same API as Rucaptcha. $0.55
• NopeCha - AI. Starts from $5/month for 2k captchas/day.
• MetaBypass - AI. Libs: Go, PHP, Python. $3
• EzCaptcha - AI. $0.6
• AntiCaptcha - $0.95, AI
• HardCaptcha - start from $79/month, AI.

SMS confirmations

• SmsActivate
• OnlineSim
• VakSms
• SmsHub - looks like the cheapest but has a lot of low-quality numbers(at least in Thailand), sometimes specifying an operator helps
• GrizzlySms
• 5Sim

Residential proxies

• DataImpulse - from $1/GB (has $5/5Gb welcome package, but normally from $50). IMAP/SMTP blocked.
• WebShare - $6/Gb (from 4.5), cheap status: from $6/month per 20. IMAP/SMTP works.
• GeoNode - $4/Gb (from $1.7)
• LunaProxy - $3/Gb (from $0.8), has static too ($3/week, $5/month), IMAP/SMTP blocked.
• Piaproxy
• Soax - starts at $6.6/GB and less
• IPRoyal - starts at around 5.25/GB for 10GB, less too expensive (IMAP only if spending 5k)
• 922proxy - $3/GB (up to 60 min), $0.22/IP, $5/30 days
• BrightData - around $8/GB

Other

• Script to collect visitors' fingerprints on your website.
• Article How to bypass “slider CAPTCHA” with JS and Puppeteer
• Library of research papers and presentations for counter-detection and web privacy
• CPU fingerprinting gives a model of the CPU with 60% accuracy
• How to bypass PerimeterX
• Article BotOrNot
• Your request fingerprint

Antidetection ideas

Browser - use separately downloaded version of Chrome instead of Chromium, and pass it in executablePath in Puppeteer.

• Screen width/height + Window height/width - can be emulated by attaching a debugger via Chrome extension, but screen.availHeight and width will be wrong. So, it is better to change screen size on a virtual machine or use an anti-detect browser.
• Disable WebRTC when using proxies/mask public IP: puppeteer/puppeteer#6377
• Match all proper browser headers in the same order
• Autocontext api https://habr.com/ru/companies/globalsign/articles/475586/ https://fb-killa.pro/threads/povyshaem-svoju-anonimnost-putem-kontrolja-nad-audiocontext-fingerprint.2759/#post-19349

What is available in a JS worker:

Worker is another sneaky way to detect real browser data, as you can't modify object properties in it with some extension. window, screen, and access to DOM are not available (and therefor canvas)

• Timezone ( Intl.DateTimeFormat().resolvedOptions().timeZone )
• Language ( navigator.language || navigator.userLanguage )
• User agent ( navigator.userAgent )
• Hardware Concurrency ( navigator.hardwareConcurrency )
• GPU data (except Linux & Firefox upd 30.01.2024)