DEV Community

Isaias Velasquez
Isaias Velasquez

Posted on

[BA-005] Stealth and anti-detection for browser automation

When you automate a browser, websites can tell you are not a real user. They check for things like navigator.webdriver, headless Chrome flags, screen size, font list and WebGL fingerprint.

Playwright normally sets some of these flags automatically, but advanced detection can still catch it.

Here is a basic Playwright launch that avoids the most common detection:

from playwright.sync_api import sync_playwright

with sync_playwright() as p:
    browser = p.chromium.launch(
        headless=False,
        args=[
            "--disable-blink-features=AutomationControlled"
        ]
    )
    context = browser.new_context(
        user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36",
        viewport={"width": 1920, "height": 1080},
        locale="en-US",
        timezone_id="America/New_York"
    )
    page = context.new_page()
    page.goto("https://bot.sannysoft.com")
    page.screenshot(path="stealth-test.png")
    browser.close()
Enter fullscreen mode Exit fullscreen mode

The two most important parts are disabling AutomationControlled and setting a realistic user agent and viewport.

For stronger protection there is a library called playwright-stealth:

pip install playwright-stealth

from playwright.sync_api import sync_playwright
from playwright_stealth import stealth_sync

with sync_playwright() as p:
    browser = p.chromium.launch(headless=False)
    page = browser.new_page()
    stealth_sync(page)
    page.goto("https://bot.sannysoft.com")
    page.screenshot(path="stealth-test.png")
    browser.close()
Enter fullscreen mode Exit fullscreen mode

The stealth plugin patches dozens of detection points including WebGL, chrome.runtime, permissions and plugins.

If you need even more protection, use a real browser profile instead of a fresh one:

with sync_playwright() as p:
    context = p.chromium.launch_persistent_context(
        user_data_dir="C:/Users/your-user/AppData/Local/Google/Chrome/User Data",
        headless=False,
        args=["--disable-blink-features=AutomationControlled"]
    )
    page = context.pages[0]
    page.goto("https://bot.sannysoft.com")
Enter fullscreen mode Exit fullscreen mode

This starts Chrome with your real profile, extensions, cookies and fonts. It looks much more like a real user.

You can test your stealth level at https://bot.sannysoft.com and https://browserleaks.com. The goal is to get green checks on everything.

That is the foundation of browser stealth. The next step is rotating fingerprints and proxies, which we will cover in a future post.

That's all for now.
Thanks for reading!

Top comments (0)