Web Scraping APIs

What Is PatchRight?

What Is PatchRight? — conceptual illustration
On this page

PatchRight is a stealth library that patches the Playwright Python source itself before Chrome starts, rather than injecting JavaScript at runtime. This is the architecturally correct response to Kasada's Function.prototype.toString() inspection: there is nothing in the JS runtime to look at because the patches happen at the Python-Chrome bridge layer, below any visible API. It is the canonical 2026 answer for Kasada-protected sites and a strong choice anywhere playwright-stealth is detected.

Quick facts

Patch levelPython source (Playwright bindings), pre-Chrome
Why it worksNo JS runtime modifications — Function.toString() finds nothing
Primary targetKasada (which has playwright-stealth signatures catalogued)
Drop-in?Mostly — playwright API compatible with minor adjustments
Installpip install patchright

The architectural difference

playwright-stealth overrides navigator.webdriver, WebGLRenderingContext.prototype.getParameter, HTMLCanvasElement.toDataURL, and dozens of other native APIs by injecting JavaScript via Page.addInitScript. The patches work — until Kasada calls Function.prototype.toString.call(navigator.__lookupGetter__("webdriver")) and sees the JS source instead of [native code]. The patch becomes the signal.

PatchRight modifies the Playwright Python source to send the relevant CDP commands differently, or to use CDP commands that achieve the same effect without leaving JS artifacts. The native APIs are untouched; Function.toString() returns [native code] because no patch happened in JavaScript.

When PatchRight is the answer

Kasada-protected sites. This is the canonical use case. Kasada's detection of playwright-stealth is the reason PatchRight exists.

Cloudflare with active Turnstile/JS challenges. Where playwright-stealth used to work, increasingly Cloudflare detects it. PatchRight passes more often.

Any target where you have empirically confirmed playwright-stealth fails. PatchRight is a drop-in upgrade with minimal API changes.

For Akamai sensor.js scoring or canvas-fingerprint-heavy targets, CloakBrowser (Chromium) or Camoufox (Firefox) are usually a better fit because they patch the canvas/WebGL/audio layer too. PatchRight is specifically about the patch-detection surface, not the fingerprint surface.

What PatchRight does not address

PatchRight covers the toString-detectable surface in Playwright Python. It does not address:

  • Canvas / WebGL / AudioContext fingerprinting — those are GPU and hardware signals. Use CloakBrowser or Camoufox.
  • TLS fingerprinting — that is below the browser layer. The TLS your Chromium ships is what it ships.
  • Behavioural detection — physics-based mouse movement, timing patterns. Pair with Botasaurus or a humanizer layer.
  • IP reputation — that is the proxy's job. Use residential or ISP static.

Think of PatchRight as one layer in a stack, not a complete bypass.

Code example

python
# PatchRight is a near-drop-in replacement for Playwright Python
# Note the import path change: patchright.sync_api instead of playwright.sync_api

from patchright.sync_api import sync_playwright

with sync_playwright() as p:
    browser = p.chromium.launch(headless=False)
    context = browser.new_context(
        proxy={"server": "http://user:pass@residential:port"},
        # ... otherwise identical to Playwright
    )
    page = context.new_page()
    page.goto("https://kasada-protected.com/")
    # PoW solved naturally by real browser execution
    html = page.content()

Related terms

What Is Kasada?
Kasada is a gatekeeper-proxy bot defense used by major retailers, ticketing platforms, and sneaker drops. Unlike Cloudflare or DataDome, it …
What Is Camoufox?
Camoufox is a stealth-focused fork of Firefox with anti-fingerprinting patches applied at the C++ build level. Unlike playwright-stealth, wh…
What Is CloakBrowser?
CloakBrowser is a stealth Chromium build with 49 C++ binary patches. Where playwright-stealth injects JavaScript at runtime (detectable via …
What Is Anti-Bot Detection?
Anti-bot detection is the set of techniques websites use to distinguish automated traffic from human users — and to block, challenge, or thr…
What Is Function.toString() Inspection?
Function.prototype.toString() inspection is the technique anti-bot scripts use to detect runtime JavaScript patches. Every JS function expos…
What Is Playwright?
Playwright is a cross-browser automation framework from Microsoft that drives Chromium, Firefox, and WebKit through a single API. Released i…
Anti-Detect Browser Tools Compared
Anti-detect browser tools defeat bot detection by spoofing the signals that distinguish automation from a real user — but they work at very …

Concept map

How PatchRight connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections
You are here · Web Scraping APIs
Building map…

Tools & solutions for this topic

Frequently asked questions

Is PatchRight a fork of Playwright?

It is more accurately described as a patched Playwright distribution — same upstream codebase with targeted modifications to the Python source where the Playwright API would otherwise leak toString-detectable signatures. The Playwright team's upstream changes flow through.

How is this different from undetected-chromedriver?

undetected-chromedriver focuses on removing the navigator.webdriver flag from Selenium-driven Chrome — a much smaller patch surface. PatchRight extends the same idea to the much larger Playwright API surface, where Function.toString() detection is more aggressive. Both can be useful; PatchRight handles harder targets.

Does PatchRight handle CAPTCHAs?

No — it only addresses the patch-detection layer. For CAPTCHAs you still need a solver service (CapSolver, 2Captcha) or a real-browser context that scores high enough on reCAPTCHA v3 to avoid the challenge entirely.

Should I use PatchRight or Camoufox?

PatchRight if you specifically need Chromium and the gate is Kasada or playwright-stealth detection. Camoufox if you need Firefox (Cloudflare, multi-vector coherence with geoip=True) or the gate is canvas/WebGL fingerprinting. They are not mutually exclusive — large scraping operations run both.

Last updated: 2026-05-26