I built ChromiumFish, a fingerprint-hardened Chromium fork with drop-in Playwright support for Python and Node, and built-in AI Agent support at the C++ level.
I know most of you are gonna smell the chromium the moment it boots. That's fair. But rest assured, this fork tries its best to pretend it's a plain old Chrome running on a Windows machine.
Why I built this
The short version: running a browser on a Linux box leaves fingerprints everywhere.
You can swap out the User-Agent string all you want, but that's the easy part. The harder part is everything the User-Agent doesn't cover. The WebGL renderer string quietly says "Mesa" or "llvmpipe" instead of an ANGLE/Direct3D string a real Windows Chrome would report. navigator.platform says Linux x86_64. The font stack is different. Audio and canvas rendering come out subtly wrong in ways that any half-decent fingerprinting script can pick up on. None of these are loud on their own, but stack them together and the verdict is obvious: this is a Chrome running on Linux, which usually means it's a bot.
That's the whole category of problems ChromiumFish tries to clean up. Instead of patching one signal at a time from the JavaScript layer (where the patches themselves become a fingerprint), the masking happens deeper in the browser, so the surface a detector sees lines up with what an actual Windows Chrome would expose.
The AI Agent
There's also a built-in AI Agent. But how is this different from every other "AI agent for browsers" floating around right now?
The main difference is where it lives. With most setups, the agent drives the browser from the outside through CDP or Playwright. The problem is that CDP usage is detectable, and Playwright leaves its own traces. So the very thing that's supposed to make you look human is the thing that gives you away.
ChromiumFish moves the critical AI tooling down to the C++ level, inside the browser itself. That makes it much harder to detect than instrumentation sitting up at the CDP/Playwright layer, because there's no external automation channel lighting up for a detector to notice.
You can point it at any OpenAI-compliant provider and model that supports tool calling, so you're not locked into a single vendor.
canvas-bridge (for the advanced folks)
This one is for people dealing with the nastier bot-mitigation setups, where canvas fingerprinting is doing the heavy lifting.
Canvas is one of the most reliable tells out there, because the exact pixels a machine produces when it draws to a canvas depend on the GPU, drivers, and OS underneath. A Linux box and a Windows box rendering the same canvas will hash differently, every time. You can't really fake your way around that from JavaScript without leaving even more obvious traces.
So canvas-bridge doesn't fake it. It renders the canvas on an actual Windows machine and ships the result back to Chrome over a socket connection. The pixels are real Windows pixels because they were drawn on real Windows. If canvas fingerprinting is the wall you keep hitting, this is the thing for you.
It's opt-in and a bit more involved to set up than the rest, hence the "advanced users" label, but for the hard scenarios it's the difference between blending in and getting flagged.
Getting it
It's available for both Python and Node, via pip and npm. If you'd rather not go through the wrappers, you can grab the built binary and drive it with whatever framework you like, or build the whole thing yourself.
It's completely open-source and MIT-licensed.
Repo: https://github.com/arman-bd/chromiumfish
If you give it a spin, I'd love to hear how it holds up against whatever you're throwing it at. Issues and PRs welcome.
Top comments (0)