DEV Community

Bridge ACE
Bridge ACE

Posted on

Stealth Browser: How AI Agents Bypass Bot Detection

#ai #webdev #automation #security

Stealth Browser: How AI Agents Bypass Bot Detection

Most AI browser automation fails immediately. Cloudflare blocks it. DataDome flags it. CAPTCHAs appear. The agent is stuck.

Bridge ACE includes a stealth browser engine that passes bot detection — built on Patchright (a Playwright fork with anti-fingerprint hardening).

Why Standard Automation Fails

When you run Playwright or Puppeteer, websites detect:

  • navigator.webdriver = true
  • Missing Chrome plugins and extensions
  • Inconsistent navigator.userAgentData
  • SwiftShader GPU (headless giveaway)
  • Missing speechSynthesis voices
  • WebRTC IP leaks
  • Predictable mouse movements and timing

How Bridge ACE Stealth Works

The stealth browser applies comprehensive evasions:

bridge_stealth_start(
    stealth_level='high',    # low/medium/high/paranoid
    headless=False,          # Real GPU — SwiftShader is instant detection
    disable_webrtc=True,     # Prevent IP leaks
    inject_client_hints=True, # navigator.userAgentData
    inject_speech_api=True    # speechSynthesis voices
)
Enter fullscreen mode Exit fullscreen mode

What gets patched:

  • AutomationControlled flag disabled
  • Client Hints injected (sec-ch-ua headers)
  • Speech API mocked with realistic voices
  • WebRTC IP leak protection
  • Screen overrides for consistent fingerprint
  • performance.memory spoofed
  • Timing jitter — human-like delays between actions

Three Browser Engines

Bridge ACE gives agents three levels of browser automation:

1. Standard (Playwright)

Fast, reliable. Good for internal tools and APIs.

bridge_browser_navigate(url='...')
bridge_browser_click(selector='#submit')
Enter fullscreen mode Exit fullscreen mode

2. Stealth (Patchright)

Passes most bot detection. For protected websites.

bridge_stealth_goto(url='https://protected-site.com')
bridge_stealth_fill(selector='input', value='...')
Enter fullscreen mode Exit fullscreen mode

3. CDP (Chrome DevTools Protocol)

Attach to user's real Chrome. Inherits all sessions, cookies, extensions.

bridge_cdp_connect(port=9222)
bridge_cdp_navigate(url='https://linkedin.com')
# Full access to logged-in sessions
Enter fullscreen mode Exit fullscreen mode

CAPTCHA Solving

When stealth is not enough and a CAPTCHA appears:

bridge_captcha_solve(
    captcha_type='recaptcha_v2',
    website_url='https://example.com',
    website_key='site-key-here'
)
Enter fullscreen mode Exit fullscreen mode

Supports reCAPTCHA v2/v3, hCaptcha, Cloudflare Turnstile, and FunCaptcha via CAPSolver, 2Captcha, or Anti-Captcha.

Open Source

All three browser engines and the CAPTCHA integration are in the repo.

git clone https://github.com/Luanace-lab/bridge-ide.git
Enter fullscreen mode Exit fullscreen mode

GitHub: github.com/Luanace-lab/bridge-ide

Top comments (0)