Camoufox Anti-Detect Browser: C++-Level Fingerprint Spoofing Beyond JS Shims
A deeply modified Firefox fork with C++ engine-level anti-detection. Spoofs WebGL, AudioContext, WebRTC, navigator properties — all before JavaScript executes. 40MB idle memory. REST API driven.
Introduction: The End of JS Shims
For years, browser automation anti-detection has relied on JavaScript injection layers. Tools like puppeteer-extra-plugin-stealth inject JavaScript code via Puppeteer to override navigator.webdriver, hide chrome.runtime, and mask other automation traces.
This approach has a fundamental weakness: all modifications happen at the JavaScript level, and advanced WAFs (Akamai 3.0, Datadome, Cloudflare Turnstile) can detect them through:
- Execution timing analysis: JS shims take time to load and execute — measurably slower than native property initialization
- Prototype chain inspection: Checking for modified prototype chains that differ from native implementations
- C++-level property reads: Reading properties directly at the engine level, bypassing all JavaScript overrides
- Behavioral analysis: Detecting differences in mouse trajectories, scroll patterns, event timing vs. human behavior
Camoufox's response: Abandon all JavaScript shims. Modify Firefox source code directly at the C++ engine level.
Architecture: C++ Engine-Level Modification
Camoufox is a deeply modified fork of Mozilla Firefox. Its core design principle: complete all fingerprint spoofing before the JavaScript environment initializes.
┌─────────────────────────────────────────┐
│ Camoufox (Firefox Fork) │
│ │
│ ┌───────────────────────────────────┐ │
│ │ Firefox Engine (C++) │ │
│ │ ┌─────────────────────────────┐ │ │
│ │ │ Camoufox Engine Patches │ │ │
│ │ │ │ │ │ │
│ │ │ ├─ navigator property │ │ │
│ │ │ ├─ WebGL renderer spoofing │ │ │
│ │ │ ├─ WebRTC IP leak blocking │ │ │
│ │ │ ├─ AudioContext hash forge │ │ │
│ │ │ ├─ Screen/viewport spoof │ │ │
│ │ │ └─ Font list manipulation │ │ │
│ │ └─────────────────────────────┘ │ │
│ └───────────────────────────────────┘ │
│ │
│ ┌───────────────────────────────────┐ │
│ │ Playwright Juggler (custom) │ │
│ ├───────────────────────────────────┤ │
│ │ REST API / MCP Interface │ │
│ └───────────────────────────────────┘ │
│ │
│ Idle memory ≈ 40MB │
└─────────────────────────────────────────┘Why Firefox?
| Aspect | Firefox | Chromium |
|---|---|---|
| Build system | Mature, well-documented | Extremely complex |
| C++ modification | Clearer architecture | Massive codebase |
| Fingerprint history | LibreWolf, Ghostery community | Less community experience |
| Playwright support | Via Juggler for CDP compat | Native support |
| Resource usage | Relatively lighter | Heavier |
Spoofed Fingerprint Vectors
| Vector | Detection Method | Camoufox Handling |
|---|---|---|
navigator.webdriver | JS property read | Returns false at WebIDL level |
navigator.hardwareConcurrency | CPU core detection | Configurable return value |
navigator.plugins | Plugin enumeration | Simulated plugin list |
navigator.languages | System language | Matches proxy exit IP region |
| WebGL renderer | GPU model via WebGL API | Simulated real GPU fingerprint |
| AudioContext | Audio signal processing hash | Forged output |
| WebRTC local IP | STUN request exposure | Blocked at engine level |
| Canvas fingerprint | Rendering difference hash | Controlled noise injection |
| Screen resolution | screen.width/height | Configurable return |
| Font list | Font enumeration | Simulated list |
| Timezone | Intl.DateTimeFormat | Auto-aligned to proxy IP |
| Geolocation | GPS API | Simulated coordinates |
JS Shim vs C++ Engine-Level
// JS shim approach (puppeteer-extra-plugin-stealth)
// Executes in JavaScript environment — detectable
Object.defineProperty(navigator, 'webdriver', {
get: () => false,
configurable: true
});
// Detection: check if property descriptor is configurable
// Native properties are typically non-configurable// Camoufox C++ engine-level approach
// Done before JavaScript execution starts
// Modified at /dom/webidl/Navigator.webidl in Firefox source
// The Navigator.webdriver property returns false from the start
// No prototype chain anomalies — because none exist| Detection Method | JS Shims | C++ Engine-Level |
|---|---|---|
Object.getOwnPropertyDescriptor | Detectable | Not detectable |
| Prototype chain walk | Anomalous wrappers found | Completely identical |
| Execution timing | Measurable load delay | Zero delay |
| Property type check | May mismatch | Native-identical |
| C++-level read | Cannot defend | Already modified at engine level |
REST API & MCP Interface
Camoufox runs as an isolated server, accessible via REST API or MCP for AI agents.
Start
# Docker
docker run -p 3000:3000 ghcr.io/daijro/camoufox
# Or Python package
pip install camoufox
camoufox serveREST API Operations
# Navigate
curl -X POST http://localhost:3000/navigate \
-H "Content-Type: application/json" \
-d '{"url": "https://example.16yun.cn"}'
# Get A11y snapshot (90% smaller than HTML)
curl http://localhost:3000/snapshot
# Click element
curl -X POST http://localhost:3000/click \
-H "Content-Type: application/json" \
-d '{"ref": "e2"}'
# Screenshot
curl http://localhost:3000/screenshot --output page.pngAPI Feature Matrix
| Feature | Description |
|---|---|
| A11y snapshot | 90% smaller than HTML with stable element ref IDs |
| Offset pagination | Handle large pages by segments |
| Cookie import | Netscape format cookie injection |
| DOM image extraction | Extract images from page |
| Download interception | Capture file downloads |
| yt-dlp integration | YouTube subtitles/transcripts without API key |
| VNC interactive login | Manual login via noVNC, export auth for agent reuse |
Proxy Integration & GeoIP Alignment
Camoufox's proxy integration goes beyond setting HTTP_PROXY. It includes GeoIP alignment — automatically matching browser locale, timezone, and GPS coordinates to the proxy's exit IP:
import camoufox
# Crawler Proxy + GeoIP auto-alignment
browser = camoufox.launch(
proxy="http://user:pass@proxy.16yun.cn:8888",
geoip=True, # Auto-align timezone and locale
)
page = browser.new_page()
page.goto("https://httpbin.org/ip")Common inconsistencies that trigger immediate blocking:
| Inconsistency | Typical Wrong Value | Aligned Value |
|---|---|---|
| Browser language | en-US fixed | Matches exit IP country |
| Timezone | America/New_York | Matches exit IP timezone |
| Geolocation | Fixed coordinates | Matches exit IP city |
| Accept-Language | Always English first | Region-appropriate ordering |
| System fonts | US-English font list | Region-appropriate fonts |
Proxy Selection
| Scenario | Recommended Product | Configuration |
|---|---|---|
| Large-scale anonymous scraping | Crawler Proxy (tunnel) | proxy="http://user:pass@proxy.16yun.cn:8888" |
| Fine-grained IP control | API Proxy | Extract IP first, then assign |
| Long-term account operations | Dedicated Proxy | proxy="http://user:pass@dedicated.16yun.cn:8888" |
Resource Usage & Deployment
- Idle memory: ~40MB (empty browser instance)
- Docker: Official image for containerized deployment
- Fly.io / Railway: One-click cloud deploy
- gVisor sandbox: Can run in sandboxed containers for additional security
# Run Camoufox with gVisor sandbox
docker run --runtime=runsc -p 3000:3000 ghcr.io/daijro/camoufoxComparison with Other Anti-Detection Approaches
| Dimension | Camoufox | Chrome + Stealth Plugin | Commercial Anti-Detect |
|---|---|---|---|
| Approach | C++ engine modification | JS runtime injection | Varies |
| WAF detection difficulty | Very high (C++ analysis needed) | Medium (JS shims detectable) | Depends on implementation |
| Customizability | Open source, build your own | Open source plugin | Closed source |
| Memory (idle) | ~40MB | ~200MB | 100-500MB |
| Browser core | Firefox (deeply modified) | Chrome (stock) | Usually Chromium |
| Maintenance | High (track Firefox upstream) | Low (maintain JS scripts) | Paid |
| Best for | Teams needing serious anti-bot | Most automation developers | Non-technical teams |
Limitations
- Firefox ecosystem: Some Chrome-only sites may have issues
- Upstream maintenance: Forking Firefox requires significant engineering effort to track upstream releases
- Container dependency: Heavily relies on Docker/Fly.io containerized environments
- Learning curve: Frontend developers used to Windows extension debugging need adjustment
Summary
Camoufox's value proposition is clear: in the arms race between scrapers and anti-bot systems, stand on the opposite side of JavaScript shims.
When Cloudflare Turnstile and Akamai 3.0 can easily recognize JS-layer solutions like puppeteer-extra-plugin-stealth, Camoufox completes all modifications at the C++ engine level. This approach fundamentally eliminates all detectable traces of JS shims, forcing WAFs to inspect at the C++ engine level to find anomalies — which is prohibitively expensive or infeasible for most anti-bot systems.
For teams requiring long-term, high-volume, high-difficulty anti-bot scraping, Camoufox + Crawler Proxy + GeoIP alignment is currently the closest thing to an "ultimate solution" in the open-source ecosystem.
The next article covers Agent-E — a fundamentally different direction that focuses not on browser control, but on cognitive-level DOM distillation and task planning.
Need an enterprise proxy plan?
We can tailor architecture to your target domains, concurrency, and reliability goals.