Skip to content

Latest commit

 

History

History
138 lines (106 loc) · 4.01 KB

STEALTH_TESTS.md

File metadata and controls

138 lines (106 loc) · 4.01 KB

Stealth Detection Test Results

Verified bypass results for stealth-browser-mcp against major bot detection systems.

Test Date: 2026-02-10 Browser: Chrome 144 (nodriver) Platform: Windows 10 (Win64) Mode: Non-headless

1. Cloudflare Challenge (nowsecure.nl)

Result: PASSED

The browser navigated through Cloudflare's bot challenge without any manual intervention. The page resolved to the "NOWSECURE BY NODRIVER" victory screen, confirming full bypass of Cloudflare's JavaScript challenge, TLS fingerprinting, and behavioral analysis.

2. CreepJS Fingerprint Analysis

Result: PASSED

CreepJS performs deep browser fingerprinting across dozens of vectors. Key findings:

Detection Vector Result
Headless detected 0%
Stealth detected 0%
Like headless 25% (chromium flag, normal for real Chrome)
Privacy resistance unknown (no fingerprint blocking detected)
Security resistance unknown (clean)
Extension detected unknown (none)

Fingerprint consistency:

  • GPU: NVIDIA GeForce RTX 2070 SUPER (real hardware)
  • Platform: Windows 10 (64-bit), 16 cores, 8GB RAM
  • Timezone: America/New_York (Eastern Standard Time)
  • Language: en-US
  • WebRTC: Real local/STUN candidates exposed
  • Confidence: moderate (consistent fingerprint)

3. Sannysoft Bot Detection

Result: 20/20 TESTS PASSED

Every single detection vector returned "ok" or consistent values.

Test Result
PHANTOM_UA ok
PHANTOM_PROPERTIES ok
PHANTOM_ETSL ok
PHANTOM_LANGUAGE ok
PHANTOM_WEBSOCKET ok
MQ_SCREEN ok
PHANTOM_OVERFLOW ok
PHANTOM_WINDOW_HEIGHT ok
HEADCHR_UA ok
HEADCHR_CHROME_OBJ ok
HEADCHR_PERMISSIONS ok
HEADCHR_PLUGINS ok
HEADCHR_IFRAME ok
CHR_DEBUG_TOOLS ok
SELENIUM_DRIVER ok
CHR_BATTERY ok
CHR_MEMORY ok
TRANSPARENT_PIXEL ok
SEQUENTUM ok
VIDEO_CODECS ok

Additional consistent properties:

  • User Agent: Standard Chrome 144 UA string
  • WebDriver: missing (passed - not detected as automated)
  • Chrome object: present (passed - real Chrome API)
  • Permissions: prompt (normal behavior)
  • Plugins: 5 (standard Chrome PDF plugins)
  • Languages: en-US, en
  • WebGL Vendor: Google Inc. (NVIDIA)
  • Broken Image: 16x16 (correct dimensions)
  • Canvas fingerprints: All consistent hashes across contexts

4. Intoli Headless Detection (Round II)

Result: ALL TESTS PASSED

Test Result
User Agent (Old) Chrome/144.0.0.0 (clean)
WebDriver (New) missing (passed)
WebDriver Advanced pass
Chrome (New) present (passed)
Permissions (New) prompt (normal)
Plugins Length (Old) 5 (correct)
Plugins type PluginArray (pass)
Languages (Old) en-US, en (consistent)
WebGL Vendor Google Inc. (NVIDIA)
WebGL Renderer ANGLE (NVIDIA GeForce RTX 2070 SUPER)
Broken Image Dimensions 16x16 (correct)

5. X.com (Twitter) Login Wall Bypass

Result: BYPASSED

Navigated to x.com/elonmusk which presents a login modal blocking content. The browser loaded the full profile data behind the modal. After removing the overlay via DOM manipulation, all profile data was accessible:

  • Display name, handle, bio, join date
  • Follower/following counts (234.3M followers)
  • Full tweet timeline with engagement metrics
  • All data-testid attributes queryable

This demonstrates real-world scraping capability against a major platform with aggressive bot detection (Arkose Labs/FunCaptcha integration).

Summary

Detection System Type Result
Cloudflare JS Challenge + TLS PASSED
CreepJS Deep Fingerprinting 0% stealth / 0% headless
Sannysoft Bot Detection Suite 20/20 tests passed
Intoli Headless Detection All tests passed
X.com Login Wall + Arkose Bypassed, data scraped

All tests confirm that stealth-browser-mcp running on nodriver is undetectable by current industry-standard bot detection systems.