PRICING
PRODUCT
SOLUTIONS
by use cases
AI Lead ManagementInvoicingSocial MediaProject ManagementData Managementby Industry
learn more
BlogTemplatesVideosYoutubeRESOURCES
COMMUNITIES AND SOCIAL MEDIA
PARTNERS
Want to bypass bot detection systems while automating Chrome? The puppeteer-extra-plugin-stealth
is a tool that helps hide automation fingerprints, making it harder for websites to detect bots.
navigator.webdriver
) and mimics real browser behavior.Puppeteer
, puppeteer-extra
, and the stealth plugin via npm or Yarn. Use the stealth plugin to configure your browser to behave like a real user.import puppeteer from 'puppeteer-extra';
import StealthPlugin from 'puppeteer-extra-plugin-stealth';
puppeteer.use(StealthPlugin());
(async () => {
const browser = await puppeteer.launch({ headless: true });
const page = await browser.newPage();
await page.goto('https://bot.sannysoft.com');
await browser.close();
})();
This tool is perfect for automating tasks on websites with strict bot detection. Learn how to set it up, optimize its settings, and simulate human-like behavior to stay undetected.
To get started, you'll need to install the necessary packages and configure them to minimize detection during automation. This section covers the installation process, initial setup, and testing to ensure everything works as intended.
First, install Puppeteer, Puppeteer Extra, and the Stealth plugin. Open your terminal and run the following command:
npm install puppeteer puppeteer-extra puppeteer-extra-plugin-stealth
If you're using Yarn, use this command instead:
yarn add puppeteer puppeteer-extra puppeteer-extra-plugin-stealth
After installation, set up your JavaScript file to integrate the stealth plugin. Here's the code you need:
import puppeteer from 'puppeteer-extra';
import StealthPlugin from 'puppeteer-extra-plugin-stealth';
puppeteer.use(StealthPlugin());
(async () => {
const browser = await puppeteer.launch({ headless: true });
const page = await browser.newPage();
await page.goto('https://nowsecure.nl/');
await browser.close();
})();
Important: Make sure to import Puppeteer from 'puppeteer-extra'
instead of 'puppeteer'
to access the added functionality.
Once you've completed the setup, it's time to verify that everything is working correctly.
Run these tests to confirm your setup is functioning as expected:
For a quick verification, use the following script:
(async () => {
const browser = await puppeteer.launch({ headless: true });
const page = await browser.newPage();
await page.goto('https://bot.sannysoft.com');
await page.waitForTimeout(5000);
await page.screenshot({ path: 'stealth-test.png' });
await browser.close();
})();
This script will take a screenshot of the test page. Check the screenshot to see if your browser behaves like a regular Chrome browser without revealing signs of automation.
Once your setup passes these tests, you're ready to dive into the plugin's advanced features, which are covered in the next section.
The puppeteer-extra-plugin-stealth
uses various techniques to make automated browsing harder to detect.
The plugin tweaks key browser properties to mimic a typical Chrome browser. These include:
HeadlessChrome
user-agent with a more natural oneAccept-Language
headersnavigator.vendor
to match standard Chrome behaviorThese changes help create a browser profile that looks like a regular user, not a bot. On top of this, the plugin employs anti-fingerprinting techniques to further reduce detection risk.
Feature | Method | Purpose |
---|---|---|
Processor Emulation | Limits logical processors to 4 | Mimics typical user hardware |
Plugin Emulation | Mocks navigator.mimeTypes and plugins |
Imitates standard Chrome functionality |
Window Properties | Adds outerWidth and outerHeight |
Completes the browser simulation |
Vendor Properties | Tweaks Chrome's Google identifier | Helps avoid automation detection |
These methods ensure the browser behaves in a way that aligns with what websites expect from real users.
To further disguise automation, the plugin removes or modifies tell-tale signs of bot activity:
navigator.webdriver
propertychrome.app
and chrome.csi
objects, which are present in regular Chrome browserssourceurl
attribute in Puppeteer scriptspermissions
properties to match natural browser behaviorThe plugin also helps reduce CAPTCHA challenges by maintaining consistent browser behavior and managing sessions effectively. This creates a browsing pattern that aligns with human activity, allowing it to bypass most bot detection tests on platforms like sannysoft.com. However, advanced anti-bot systems, such as those used by Cloudflare, may still detect automation in some cases.
Custom configuration allows you to tweak stealth settings and browser behavior, helping you avoid detection more effectively.
Puppeteer Stealth lets you manage its evasion modules for specific websites. You can enable or disable modules as needed:
const StealthPlugin = require('puppeteer-extra-plugin-stealth')
const stealth = StealthPlugin({
webglVendor: "Google Inc. (Intel)",
webglRenderer: "Intel Iris OpenGL Engine",
navigator: {
platform: "MacIntel",
languages: ["en-US", "en"]
}
})
After setting up stealth modules, you can adjust browser behavior to better imitate real user activity.
Fine-tune browser parameters to mimic a genuine browsing experience:
Category | Options | Purpose |
---|---|---|
User Identity | User-Agent, Platform, Languages | Creates a consistent browser identity |
Hardware Profile | WebGL vendor, Screen dimensions | Imitates actual device characteristics |
Runtime Environment | Chrome runtime objects, Navigator properties | Emulates normal browser behavior |
Introduce natural delays between actions to make automation less detectable:
const randomDelay = (min, max) => {
return Math.floor(Math.random() * (max - min + 1) + min);
}
await page.waitForTimeout(randomDelay(1000, 3000));
Adding these delays helps your automation resemble human behavior.
Using proxies during browser launch enhances anonymity:
const browser = await puppeteer.launch({
args: [
`--proxy-server=http://proxy.example.com:8080`,
'--disable-features=IsolateOrigins,site-per-process'
]
});
"It's probably impossible to prevent all ways to detect headless chromium, but it should be possible to make it so difficult that it becomes cost-prohibitive or triggers too many false-positives to be feasible." - TiZho, GitHub contributor
Rotate proxies and set up automatic failover to maintain reliable connectivity. These configurations help minimize detection risks while ensuring stable performance.
To keep automated sessions under the radar, careful planning and execution are key.
Simulate realistic browsing by adding random delays and actions:
async function emulateHumanBehavior(page) {
// Random scrolling behavior
await page.evaluate(() => {
window.scrollBy({
top: Math.random() * 500,
behavior: 'smooth'
});
});
// Random pauses between actions
await page.waitForTimeout(1500 + Math.random() * 2500);
}
Behavior Pattern | Implementation | Purpose |
---|---|---|
Mouse Movement | Random curves and speeds | Imitates natural cursor movement |
Page Interaction | Vary scroll depths and pauses | Simulates reading habits |
Navigation Timing | Random delays (1.5–4 seconds) | Avoids predictable timing patterns |
Input Speed | Randomized keystroke intervals | Mimics human typing behavior |
These simulated interactions work alongside the configuration settings outlined earlier.
Proper session handling ensures that stealth settings remain consistent. Use persistent storage to save cookies and session data:
const browserContext = await browser.createIncognitoBrowserContext({
userDataDir: './sessions/user1',
persistentContext: true
});
You can also manage cookies effectively:
// Remove specific cookies but keep session-critical data
await page.deleteCookie({
name: '_ga',
domain: '.example.com'
});
Combine the above techniques with these practical steps for better automation:
const maxRetries = 3;
const baseDelay = 2000;
async function fetchWithRetry(page, url) {
for (let i = 0; i < maxRetries; i++) {
try {
return await page.goto(url);
} catch (error) {
await page.waitForTimeout(baseDelay * Math.pow(2, i));
}
}
}
"It's probably impossible to prevent all ways to detect headless chromium, but it should be possible to make it so difficult that it becomes cost-prohibitive or triggers too many false-positives to be feasible." - TiZho, GitHub contributor
Keep an eye on evolving anti-bot detection methods and adjust your settings as needed. These practices complement the stealth techniques covered earlier in the article.
Here's a quick summary of the main points and tips for using Puppeteer-extra-plugin-stealth effectively.
Puppeteer-extra-plugin-stealth helps automate browsing without being flagged. It works by hiding automation markers using built-in evasion modules.
Some key features include:
navigator.webdriver
.To refine your automation setup, keep these strategies in mind:
Focus Area | Strategy | Outcome |
---|---|---|
Evasion Modules | Enable only the features you need | Lower detection risk, better performance |
Error Management | Use retry logic with exponential backoff | More reliable handling of temporary issues |
Session Handling | Use persistent browser contexts | Consistent stealth profile across sessions |
Additional suggestions:
While no setup is 100% foolproof, combining multiple evasion tactics makes detection much harder. Success relies on careful setup and regular updates to your methods. These tips, paired with the plugin's features, create a strong foundation for undetectable automation.