Web Scraping APIs

What Is Camoufox?

Paste into ChatGPT, Claude, or any LLM

What Is Camoufox? — conceptual illustration

On this page

Camoufox is a stealth-focused fork of Firefox with anti-fingerprinting patches applied at the C++ build level. Unlike playwright-stealth, which injects JavaScript at runtime (and is detectable via Function.toString()), Camoufox's patches are compiled into the binary — there is nothing in the JS runtime to inspect. It is driven via Mozilla's Juggler protocol, which sits below CDP, so none of the CDP timing artifacts that betray Chromium-based stealth tools exist.

Base browser	Firefox (C++ build-time patches)
Control protocol	Mozilla Juggler — no CDP exposure
Reported pass rate	~100% Cloudflare (Instagram, Reddit, X, LinkedIn — early 2026)
Key feature	geoip=True aligns WebRTC + DNS + timezone + Accept-Language
Fingerprint source	BrowserForge — samples real-world device distributions
Memory footprint	<200 MB per instance (vs Chrome ~800 MB)
Positioning	Debloated, headless-first browser built for AI agents

Why Camoufox exists

Modern anti-bots run Function.prototype.toString.call(fn) on every patched native function. If the result is anything other than [native code], the patch itself becomes the bot signal. This breaks playwright-stealth entirely: every override (navigator.webdriver, WebGLRenderingContext.prototype.getParameter, etc.) leaves a JS source signature visible to toString.

Camoufox patches the same things — canvas hash, WebGL renderer, AudioContext output, navigator quirks — but at the C++ level during build. The functions still return [native code] because they are native code. There is no JS injection, so there is nothing to detect via runtime inspection.

The geoip flag

Anti-bots run a coherence check across five identity vectors: IP country, WebRTC ICE candidate, DNS resolver location, timezone, and Accept-Language. A US proxy with a Pakistani DNS resolver fails before any browser fingerprint matters.

Camoufox's geoip=True automatically aligns all five vectors with the proxy's exit country. It resolves the proxy IP, looks up the country, and configures the browser accordingly — no manual setup. This single feature handles the most-overlooked detection layer in the entire stack.

Trade-offs vs alternatives

vs playwright-stealth: Camoufox addresses detection at a layer JS patches cannot reach. playwright-stealth is largely broken against modern anti-bots in 2026.

vs CloakBrowser (Chromium): Camoufox is Firefox; CloakBrowser is Chromium. Chromium has ~65% market share vs Firefox's ~3% — for sites that score browser market share, CloakBrowser is the better fit. CloakBrowser also passes Akamai's 60-extension probe by loading real extensions, which Camoufox does not address as natively.

vs real Chrome: a real Chrome on real hardware is the gold standard but does not scale to thousands of parallel sessions. Camoufox is the best headless option that still looks real.

What Camoufox patches at the C++ level

The patch surface goes well beyond navigator.webdriver. Because everything is compiled into the binary, each of these returns native values with no JS source signature to inspect:

Navigator — device, OS, hardware concurrency, platform, vendor, and the full UA string
Screen & viewport — resolution, available dimensions, color depth, device pixel ratio
Canvas & WebGL — canvas hash, WebGL renderer/vendor, supported extensions, context attributes, and shader precision values
Audio — AudioContext output and speech playback-rate parameters
Fonts — the installed-font list, spoofed to match the target OS profile
Geolocation & Intl — latitude/longitude, timezone, locale, and Intl formatting
WebRTC — local and public ICE candidate IPs, spoofed at the protocol level rather than blocked

Fingerprint injection and rotation

Camoufox does not ship one hard-coded fingerprint. It integrates BrowserForge, which samples real-world device-characteristic distributions so every generated profile is internally consistent and statistically plausible — the screen size matches the device class, the WebGL renderer matches the platform, the fonts match the OS. You can let it auto-generate a profile, pin a specific one for session continuity, or pass your own via the fingerprint argument. The PyPI package handles injection automatically, so rotating identity across thousands of sessions is a config change, not a rebuild.

Built for AI agents

Camoufox markets itself as an open-source browser built for AI agents, and the build reflects that. It is a debloated Firefox with telemetry and background services stripped out, headless-first, and tuned for a cleaner DOM — no CSS-animation or telemetry noise — which makes pages cheaper for an LLM to read and reason over. Combined with the sub-200 MB footprint, that makes it practical to run many parallel agent sessions on modest hardware. The project stays synced with the latest Firefox releases; source has been public since the v146.0.1-beta.25 release in January 2026.

Code example

python

from camoufox.sync_api import Camoufox

with Camoufox(
    headless=True,
    geoip=True,                # auto-align WebRTC, DNS, timezone, Accept-Language
    os=["windows", "macos"],   # BrowserForge samples a plausible profile from these
    locale="en-US",            # locale + Intl spoofing
    proxy={
        "server": "http://residential-proxy:port",
        "username": "user",
        "password": "pass",
    },
    humanize=True,             # realistic mouse and scroll cadence
    block_webrtc=False,        # spoofs ICE IPs instead of blocking (less detectable)
    block_images=False,        # block_images=True trips some detectors
) as browser:
    page = browser.new_page()
    page.goto("https://cloudflare-protected.com/")
    page.wait_for_load_state("networkidle")
    html = page.content()

Related terms

What Is a Headless Browser?

A headless browser is a real web browser — Chrome, Firefox, or WebKit — that runs without a visible graphical interface, controlled entirely…

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is Cloudflare Turnstile?

Cloudflare Turnstile is a CAPTCHA-replacement service that verifies a visitor is a human without showing a traditional puzzle. It runs a ser…

What Is Canvas Fingerprinting?

Canvas fingerprinting is a browser-identification technique that asks the browser to draw an invisible image and hashes the resulting pixel …

Web Scraping Tools 2026 — A Comparison

The web-scraping toolbox in 2026 is large but well-stratified. Each tool occupies one of seven roles — HTTP/TLS impersonation, browser autom…

What Is Playwright?

Playwright is a cross-browser automation framework from Microsoft that drives Chromium, Firefox, and WebKit through a single API. Released i…

What Is Botasaurus?

Botasaurus is an MIT-licensed Python scraping framework with three top-level decorators — @browser, @request, @task — and built-in Bezier-cu…

Anti-Detect Browser Tools Compared

Anti-detect browser tools defeat bot detection by spoofing the signals that distinguish automation from a real user — but they work at very …

Concept map

How Camoufox connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Web Scraping APIs

Tools & solutions for this topic

Frequently asked questions

Is Camoufox open source?

Yes, Camoufox is open source with C++ patches on top of Firefox. The project ships pre-built binaries and a Python sync/async API similar to Playwright.

Why Firefox and not Chrome?

Firefox is driven via Mozilla’s Juggler protocol, which sits below CDP. CDP itself leaks signals — Runtime.enable timing, execution context artifacts, binding exposure — that betray Chromium-based stealth tools. Firefox + Juggler avoids all of those because they do not exist in the protocol.

Does Camoufox handle CAPTCHAs?

Not directly — it does not include a CAPTCHA solver. But because it ships a real fingerprint, the surrounding context that triggers CAPTCHAs is reduced, so they appear less often. When they do appear, pair Camoufox with a CAPTCHA solving service.

How does this compare to playwright-stealth?

playwright-stealth patches detection points in JavaScript at runtime, which is detectable via Function.toString(). Camoufox patches the same points at the C++ build level, leaving no runtime signatures. The architectural difference matters: most JS-level stealth is broken in 2026; build-level patches are the current state of the art.

Where do Camoufox's fingerprints come from?

From BrowserForge, which samples real-world device-characteristic distributions to generate internally consistent profiles — the screen size, WebGL renderer, fonts, and navigator properties all agree with each other and match real traffic. You can auto-generate a profile, pin one for session continuity, or supply your own via the fingerprint argument.

Can Camoufox rotate fingerprints across many sessions?

Yes. The PyPI package injects a fresh, internally consistent fingerprint per browser instance automatically, so rotating identity across thousands of parallel sessions is a config change rather than a rebuild. Constrain the pool with options like os=["windows", "macos"] and locale to keep profiles plausible for your targets.

How much memory does Camoufox use?

Under 200 MB per instance, versus roughly 800 MB for Chrome. It is a debloated, headless-first Firefox with telemetry and background services stripped out, which is what makes it practical to run many parallel agent or scraping sessions on modest hardware.

Does Camoufox block WebRTC to prevent IP leaks?

It can, but the default and recommended approach is to spoof WebRTC ICE candidates at the protocol level so they match the proxy exit IP. Outright blocking WebRTC is itself a detectable signal; spoofing keeps the surface looking like a normal browser while preventing the real local/public IP from leaking.

Last updated: 2026-05-28