Stealth Browser
Bypass bot detection and IP blocks with puppeteer-extra stealth plugin and optional Smartproxy residential proxy support.
When to Use
- - Websites blocking headless browsers or datacenter IPs
- Cloudflare/Vercel protection bypassing
- Sites detecting automation (Reddit, Twitter/X, signup flows, faucets)
- Protected content scraping
- Web automation requiring human-like behavior
Tested Working On
✅ Relay.link (was blocked by Vercel, now works)
✅ X/Twitter profiles
✅ Bot detection tests (sannysoft.com)
✅ Faucet sites with protection
✅ Reddit (datacenter IP blocks)
Quick Start
CODEBLOCK0
Setup
1. Install Dependencies
CODEBLOCK1
Required packages (automatically handled by npm install with included package.json):
- - �INLINECODE0
- INLINECODE1
- INLINECODE2
2. Configure Proxy (Optional but Recommended)
For bypassing IP-based blocks, set up Smartproxy residential proxy:
Create ~/.config/smartproxy/proxy.json:
CODEBLOCK2
Get credentials from Smartproxy dashboard: https://dashboard.smartproxy.com
Smartproxy session parameters:
- -
_area-US → Use US residential IPs - INLINECODE5� → Session lasts 30 minutes
- INLINECODE6� → Sticky session (same IP for duration)
Without proxy, the browser still uses stealth plugin to avoid detection, but may be blocked by IP-based protection.
How It Works
Stealth Features
The browser includes multiple anti-detection measures:
- 1. puppeteer-extra-plugin-stealth: Automatically applies all stealth evasions
- Removes
navigator.webdriver flag
- Spoofs Chrome user agent and headers
- Fakes plugins, languages, permissions
- Removes automation signatures
- 2. Human-like behaviors:
- Realistic viewport (1920x1080)
- Updated user agent (Chrome 121)
- Natural browser properties
- No automation control flags
- 3. Residential proxy (when
--proxy used):
- Routes through residential IPs
- Bypasses datacenter IP blocks
- Sticky sessions (same IP per session)
- Geographic targeting (US by default)
Detection Bypass Comparison
| Protection | Headless Puppeteer | Stealth Plugin | + Residential Proxy |
|---|
| navigator.webdriver | ❌ Detected | ✅ Hidden | ✅ Hidden |
| User Agent |
❌ Generic | ✅ Realistic | ✅ Realistic |
| WebGL/Canvas | ❌ Headless | ✅ Spoofed | ✅ Spoofed |
| IP Blocks | ❌ Datacenter | ❌ Datacenter | ✅ Residential |
| Cloudflare | ❌ Blocked | ⚠️ Sometimes | ✅ Usually works |
| Turnstile CAPTCHA | ❌ Blocked | ❌ Blocked | ⚠️ Reduced chance |
Usage Examples
Example 1: Check if Site Detects Automation
CODEBLOCK3
Look for green checkmarks = undetected, red = detected.
Example 2: Scrape Protected Page
CODEBLOCK4
Example 3: Monitor Site Changes
CODEBLOCK5
Example 4: Extract Structured Data
CODEBLOCK6
Proxy Cost Considerations
Smartproxy residential pricing:
- - ~$7.50/GB of traffic
- Average page load: 1-3 MB
- Rough cost: $0.01-0.03 per page
When to use proxy:
- - Site explicitly blocks datacenter IPs (Reddit, some faucets)
- Cloudflare/Vercel protection detected
- Multiple requests from same IP getting rate-limited
- Geographic targeting needed (US vs international)
When stealth-only is enough:
- - Site only checks for automation signatures, not IP
- Low-value scraping where IP blocks are acceptable
- Testing/development (proxy costs add up)
Troubleshooting
Browser Launch Fails
CODEBLOCK7
Solution: Install required system dependencies:
CODEBLOCK8
Proxy Authentication Fails
CODEBLOCK9
Solution: Check proxy credentials in ~/.config/smartproxy/proxy.json. Verify username/password are correct in Smartproxy dashboard.
Still Getting Detected
Try these:
- 1. Update session ID in proxy username (forces new IP):
�CODEBLOCK10
- 2. Increase wait time before interacting with page:
�CODEBLOCK11
- 3. Check detection test:
�CODEBLOCK12
- 4. Try different geographic area (if specific region is blocked):
�CODEBLOCK13
Limitations
- - CAPTCHAs: Stealth reduces but doesn't eliminate CAPTCHA challenges. For CAPTCHA solving, combine with 2captcha service.
- JavaScript fingerprinting: Advanced fingerprinting (Canvas, WebGL hash analysis) may still detect automation on highly protected sites.
- Cost: Residential proxy adds per-request cost. Use strategically.
- Speed: Proxy routing and stealth evasions add latency vs direct requests.
Security Notes
Capabilities: This skill is read-only — it fetches web pages, captures screenshots, and extracts text/HTML. It does not perform any financial operations, value transfers, or wallet interactions.
Authentication: Proxy credentials are used solely for routing HTTP traffic through residential IPs. They do not grant access to any financial accounts or value-bearing systems.
- - Proxy credentials contain sensitive auth tokens. Keep
~/.config/smartproxy/proxy.json with 600 permissions. - Never commit proxy credentials to git repositories.
- Residential proxy traffic is routed through real residential IPs. Respect rate limits and terms of service.
- No value-transfer risk: this tool cannot send transactions, move funds, or interact with smart contracts.
See Also
- - 2captcha skill: For solving CAPTCHAs when stealth isn't enough
- Smartproxy dashboard: https://dashboard.smartproxy.com for usage monitoring
- Bot detection test: https://bot.sannysoft.com to verify stealth effectiveness
隐身浏览器
利用puppeteer-extra隐身插件和可选的Smartproxy住宅代理支持,绕过机器人检测和IP封锁。
适用场景
- - 网站屏蔽无头浏览器或数据中心IP
- 绕过Cloudflare/Vercel保护
- 检测自动化操作的网站(Reddit、Twitter/X、注册流程、水龙头网站)
- 受保护内容抓取
- 需要类人行为的网页自动化
已验证可用的网站
✅ Relay.link(曾被Vercel屏蔽,现可正常访问)
✅ X/Twitter个人资料页
✅ 机器人检测测试网站(sannysoft.com)
✅ 带保护机制的水龙头网站
✅ Reddit(数据中心IP封锁)
快速开始
bash
基础用法(仅隐身模式)
node scripts/browser.js https://example.com
使用住宅代理(绕过IP封锁)
node scripts/browser.js https://example.com --proxy
截图
node scripts/browser.js https://example.com --proxy --screenshot output.png
获取HTML内容
node scripts/browser.js https://example.com --proxy --html
获取文本内容
node scripts/browser.js https://example.com --proxy --text
设置
1. 安装依赖
bash
cd /path/to/skill
npm install
所需包(通过npm install自动处理,包含package.json):
- - puppeteer-extra
- puppeteer-extra-plugin-stealth
- puppeteer
2. 配置代理(可选但推荐)
为绕过基于IP的封锁,设置Smartproxy住宅代理:
创建~/.config/smartproxy/proxy.json:
json
{
host: proxy.smartproxy.net,
port: 3120,
username: smart-ppz3iii4l2qrarea-USlife-30_session-xxxxx,
password: your-password
}
从Smartproxy控制面板获取凭证:https://dashboard.smartproxy.com
Smartproxy会话参数:
- - area-US → 使用美国住宅IP
- life-30 → 会话持续30分钟
- _session-xxxxx → 粘性会话(持续使用同一IP)
不使用代理时,浏览器仍会使用隐身插件避免检测,但可能被基于IP的保护机制屏蔽。
工作原理
隐身功能
浏览器包含多种反检测措施:
- 1. puppeteer-extra-plugin-stealth:自动应用所有隐身规避技术
- 移除navigator.webdriver标志
- 伪造Chrome用户代理和请求头
- 模拟插件、语言、权限
- 移除自动化特征
- 2. 类人行为:
- 真实视口(1920x1080)
- 更新的用户代理(Chrome 121)
- 自然的浏览器属性
- 无自动化控制标志
- 3. 住宅代理(使用--proxy时):
- 通过住宅IP路由
- 绕过数据中心IP封锁
- 粘性会话(每次会话使用同一IP)
- 地理定位(默认美国)
检测绕过对比
| 保护措施 | 无头Puppeteer | 隐身插件 | + 住宅代理 |
|---|
| navigator.webdriver | ❌ 被检测 | ✅ 隐藏 | ✅ 隐藏 |
| 用户代理 |
❌ 通用 | ✅ 真实 | ✅ 真实 |
| WebGL/Canvas | ❌ 无头 | ✅ 伪造 | ✅ 伪造 |
| IP封锁 | ❌ 数据中心 | ❌ 数据中心 | ✅ 住宅 |
| Cloudflare | ❌ 被屏蔽 | ⚠️ 有时可过 | ✅ 通常可过 |
| Turnstile验证码 | ❌ 被屏蔽 | ❌ 被屏蔽 | ⚠️ 概率降低 |
使用示例
示例1:检查网站是否检测自动化
bash
在机器人检测网站上测试
node scripts/browser.js https://bot.sannysoft.com --screenshot detection.png
绿色勾号 = 未被检测,红色 = 被检测。
示例2:抓取受保护页面
bash
获取页面文本内容
node scripts/browser.js https://protected-site.com --proxy --text > output.txt
示例3:监控网站变化
bash
每日截图用于对比
node scripts/browser.js https://target-site.com --proxy --screenshot $(date +%Y-%m-%d).png
示例4:提取结构化数据
javascript
import { browse } from ./scripts/browser.js;
const result = await browse(https://example.com, {
proxy: true,
html: true
});
// 使用cheerio等工具解析result.html
console.log(result.html);
代理成本考量
Smartproxy住宅代理定价:
- - 约$7.50/GB流量
- 平均页面加载:1-3 MB
- 大致成本:每页$0.01-0.03
何时使用代理:
- - 网站明确屏蔽数据中心IP(Reddit、某些水龙头网站)
- 检测到Cloudflare/Vercel保护
- 同一IP多次请求被限速
- 需要地理定位(美国vs国际)
仅隐身模式足够的情况:
- - 网站仅检查自动化特征,不检查IP
- 低价值抓取,IP封锁可接受
- 测试/开发(代理成本会累积)
故障排除
浏览器启动失败
Error: Failed to launch the browser process
解决方案:安装所需的系统依赖:
bash
Debian/Ubuntu
sudo apt-get install -y gconf-service libasound2 libatk1.0-0 libc6 libcairo2 \
libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 \
libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 \
libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 \
libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 \
libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation \
libappindicator1 libnss3 lsb-release xdg-utils wget
代理认证失败
Error: net::ERRPROXYAUTH_REQUESTED
解决方案:检查~/.config/smartproxy/proxy.json中的代理凭证。在Smartproxy控制面板中验证用户名/密码是否正确。
仍被检测到
尝试以下方法:
- 1. 更新代理用户名中的会话ID(强制更换新IP):
json
username: smart-ppz3iii4l2qr
area-USlife-30
session-NEWRANDOM_STRING
- 2. 增加与页面交互前的等待时间:
javascript
await page.goto(url, { waitUntil: networkidle2 });
await page.waitForTimeout(5000); // 等待5秒
- 3. 检查检测测试:
bash
node scripts/browser.js https://bot.sannysoft.com --proxy --screenshot test.png
- 4. 尝试不同的地理区域(如果特定区域被屏蔽):
json
username: smart-ppz3iii4l2qr
area-GBlife-30_session-xxxxx
局限性
- - 验证码:隐身模式可减少但无法消除验证码挑战。如需解决验证码,请结合2captcha服务使用。
- JavaScript指纹识别:高级指纹识别(Canvas、WebGL哈希分析)仍可能在高保护网站上检测到自动化。
- 成本:住宅代理增加每次请求的成本。请策略性使用。
- 速度:代理路由和隐身规避措施相比直接请求会增加延迟。
安全说明
能力范围: 此技能为只读——它获取网页、截取屏幕截图、提取文本/HTML。它不执行任何金融操作、价值转移或钱包交互。
认证: 代理凭证仅用于通过住宅IP路由HTTP流量。它们不授予任何金融账户或价值系统的访问权限。
- - 代理凭证包含敏感认证令牌。请将~/.config/smartproxy/proxy.json设置为600权限。
- 切勿将代理凭证提交到git仓库。
- 住宅代理流量通过真实住宅IP路由。请遵守速率限制和服务条款。
- 无价值转移风险:此工具无法发送交易、转移资金或与智能合约交互。
另请
