Camoufox and Other Patched Browsers

JS-level stealth (Lesson 2.28) patches what JS can patch. But canvas pixel output, WebGL renderer strings, and font lists come from the browser's C++ rendering pipeline, out of reach of JS injection. Anti-bot vendors increasingly fingerprint these. The answer: a custom-compiled browser binary with the fingerprint-emitting code itself modified. Camoufox is the leader in this space for Firefox; rebrowser-patches plays a similar role for Chromium.

Why JS-level stealth isn't enough

Recall the signal tiers from Lesson 2.27:

• Tier 1: trivial JS checks. JS stealth handles these.
• Tier 2: JS environment checks. JS stealth handles most.
• Tier 3: behavioural and pixel-level. JS stealth can't reach.

Canvas fingerprinting works by drawing into a canvas, reading back the bytes, and hashing them. The pixels are emitted by the GPU through Chromium's compositor. JS can't alter the bytes after they're computed, only before, which means changing what's drawn (which itself is a signal).

To produce convincing canvas variation, you need to patch the rendering pipeline. That requires modifying browser source code and rebuilding. Camoufox does this; you just install it.

What Camoufox is

Camoufox is a fork of Firefox with anti-fingerprinting patches baked into the binary. Specifically:

• Randomised but consistent canvas / WebGL fingerprints per profile.
• Spoofed font lists matched to OS/locale.
• Modified WebRTC behaviour (no IP leaks).
• Patched audio context, navigator features, screen dimensions.
• Realistic but unique values rather than known-bot patterns.

Crucially, the patches are at the C++ level. There's no Object.defineProperty for anti-bot to detect a stealth toolkit by.

Install (Python bindings)

pip install camoufox[geoip]
camoufox fetch

pip install camoufox[geoip] adds GeoIP data so Camoufox can lie consistently about timezone and locale. camoufox fetch downloads the patched Firefox binary (~150 MB).

Use Camoufox

The API mirrors Playwright Firefox:

from camoufox.sync_api import Camoufox

with Camoufox(headless=False) as browser:
  page = browser.new_page()
  page.goto("https://practice.scrapingcentral.com/challenges/antibot/canvas-fingerprint")
  print(page.locator(".result").inner_text())

That's it. Each run gets a fresh, consistent fingerprint. You can fix a fingerprint across runs with a seed:

with Camoufox(seed="account-1") as browser:
  # Same canvas/WebGL/fonts every time for this seed
  ...

Pin the seed per account/session and you look like the same returning user.

Geolocation, locale, timezone

Camoufox can spoof your apparent location:

with Camoufox(
  locale="de-DE",
  geoip="91.198.174.192",  # auto-derive country + timezone + lat/lng from IP
) as browser:
  page = browser.new_page()
  # ...

Pass an IP (or rely on the proxy's IP) and Camoufox aligns timezone, locale, geolocation, and Accept-Language to be consistent with that IP. Inconsistency (US proxy with en-GB locale and Asia/Tokyo timezone) is itself a signal.

Per-context profiles

with Camoufox() as browser:
  for seed in ["acct-a", "acct-b", "acct-c"]:
  context = browser.new_context(seed=seed)
  page = context.new_page()
  # ...
  context.close()

Different seeds → different fingerprints. The pattern from Lesson 2.5 (per-account contexts) extends naturally.

rebrowser-patches (Chromium)

For Playwright users wanting the same kind of low-level patching for Chromium, rebrowser-patches is the most active project:

npm install rebrowser-playwright

const { chromium } = require("rebrowser-playwright");

(async () => {
  const browser = await chromium.launch();
  // ... use as normal playwright ...
})();

It's a drop-in replacement for playwright that uses a patched Chromium. Patches focus on the Runtime.evaluate-based detections that catch JS-injected stealth (some anti-bot vendors specifically check for evidence of Object.defineProperty having been called on navigator).

Python equivalent: rebrowser-playwright-python (less mature, check the project's status).

Brave Beam and BrowserAutomationStudio

Two other names you'll see in this space:

• Brave Beam, Brave-team product positioned at anti-bot use cases. Commercial.
• BrowserAutomationStudio, Windows-only IDE + browser, popular in Eastern European scraping communities. Heavy GUI; closer to RPA than scraping in flavour.

These are niche. Camoufox + playwright-stealth + rebrowser cover ~95% of patched-browser use cases for typical scraping.

When patched browsers ARE enough

Patched browsers reliably beat:

• Canvas fingerprinting (tier 3 signal).
• WebGL renderer fingerprinting.
• Font-list fingerprinting.
• Most static + environment + low-effort behavioural checks.

Combined with realistic-looking interaction (occasional mouse moves, small wait_for_timeout between actions, reasonable per-IP request rates), they get you past Cloudflare's basic Bot Fight and DataDome's general protection.

When patched browsers AREN'T enough

The tier-3+ vendors (Akamai Bot Manager, Kasada, PerimeterX/HUMAN, Cloudflare Bot Management on its hardest settings) layer:

• Behavioural ML on mouse paths.
• Page-dwell timing distributions.
• Cross-session fingerprint correlation.
• IP reputation feeds.
• Account-level "is this human" reputation.

At this level, even a perfectly forged browser fingerprint sometimes isn't enough. Real options:

1. Realistic interaction emulation. Random mouse paths, slow scroll, reading pauses.
2. High-quality residential proxies. Account for IP reputation.
3. Commercial SERP/proxy services. Pay someone whose business is solving this. Sub-Path 5 has the catalog.
4. Reverse-engineer the anti-bot challenge. Sometimes feasible (Cloudflare's JS challenge has been solved by community libraries) but a constant cat-and-mouse.

The diminishing returns curve

Each tier of stealth costs more and helps less:

Stage	Cost (engineering hours)	Sites unblocked
Vanilla Playwright	1	~70% of sites
+ playwright-stealth	1	~85%
+ headed mode + realistic UA	2	~90%
+ Camoufox / rebrowser	4	~95%
+ behavioural emulation	20+	~97%
+ commercial proxy + SERP	$$$	~99%

Past the third row, the absolute number of additional sites unblocked is small. For most scrapers, "85-95%" is fine and the rest gets a commercial service or a "we don't scrape that one." For a business specifically built on scraping tough targets, every percentage point matters.

Detection of stealth itself

Modern anti-bot doesn't just check signals, it checks whether the signals look TOO clean. A browser with perfect plugins, perfect fonts, perfect canvas, perfect everything is suspicious in its own way. Real users have weird edge-case fingerprints. Camoufox's per-profile randomisation is more convincing than "everyone uses the same stealth template", diversity in your fingerprint distribution looks more human across many requests.

Hands-on lab

Open /challenges/antibot/canvas-fingerprint with vanilla Playwright + playwright-stealth. Note whether it flags you, canvas detection should still catch you because stealth can't fake pixels. Then install Camoufox and re-run with the Camoufox API. The challenge should report a plausible, varying fingerprint each run. That's the difference between JS stealth and binary-level stealth.