Obscura Stealth — Fingerprint Spoofing, TLS Fingerprint, and Anti-Detection
How Obscura Stealth works: 8 built-in browser profiles, wreq BoringSSL TLS client fingerprint, tracker blocking, and identity consistency configuration.
16Yun Engineering TeamJul 3, 20262 min read
Why Automation Traffic Gets Detected
A headless browser is usually detected at multiple layers simultaneously:
- TLS layer: HTTP libraries in Go or Python send ClientHello with different cipher suites, ALPN extensions, and elliptic curves than Chrome
- JS API layer:
navigator.webdriveristrue,Function.prototype.toStringreturns non-native code - navigator consistency:
userAgentsaysMozilla/5.0...butplatformisLinux,userAgentDatais missing - Behavioral: Missing or abnormal responses to canvas, audio, and WebGL fingerprinting APIs
- Network: IP from a datacenter range that does not match the browser fingerprint's geography
Obscura Stealth addresses the first four at the architecture level.
8 Built-in Browser Profiles
Each profile keeps userAgent, platform, uaPlatform, and uaPlatformVersion consistent:
| Index | Platform | Chrome |
|---|---|---|
| 0 (default) | Windows 10 | 143 |
| 1 | Windows 10 | 144 |
| 2 | Windows 10 | 145 |
| 3 | Windows 10 | 146 |
| 4 | macOS 13.6 | 143 |
| 5 | macOS 14.4 | 144 |
| 6 | macOS 14.5 | 145 |
| 7 | macOS 14.6 | 146 |
Control profiles via environment variables:
# Pin a specific profile
OBSCURA_PROFILE=2 obscura serve
# Random profile per context (opt-in)
OBSCURA_ROTATE_PROFILE=1 obscura serve
```bash
## TLS Fingerprint Spoofing
This is Stealth's core capability. It uses the **wreq** crate with **BoringSSL**, configured to match Chrome's:
- Cipher suite order
- TLS version preferences
- ALPN protocol list
- Elliptic curve selection
```bash
# Stealth build requires cmake for BoringSSL
cargo build --release --features stealth
# TLS ClientHello now matches real Chrome
obscura fetch https://example.16yun.cn --stealth
```bash
## JS API Layer
Stealth hides automation signals at the V8 level:
```javascript
// Without stealth: exposed
navigator.webdriver // true
// With stealth: matches real Chrome
navigator.webdriver // undefined
```bash
`Function.prototype.toString` returns `[native code]` for internal properties. Dispatched events have `event.isTrusted = true`.
Hidden internal properties are not exposed by `Object.keys(window)`.
## Tracker Blocking
Stealth ships with Peter Lowe's ad and tracker domain list — 3500+ domains blocked at the net layer:
```bash
# Blocks automatically:
# - Analytics (Google Analytics, Mixpanel, Hotjar)
# - Ad networks (DoubleClick, Criteo, Adnxs)
# - Social tracking (Facebook.net)
# - Fingerprinting scripts
```bash
Supports exact match and subdomain wildcard matching.
## Identity Consistency
Time zone, geolocation, and proxy region must all agree:
```bash
# Complete anti-detection config
OBSCURA_TIMEZONE=America/New_York \
OBSCURA_GEOLOCATION="40.7128,-74.0060" \
OBSCURA_PROFILE=2 \
obscura serve --stealth --proxy http://user:pass@proxy.16yun.cn:8888
```bash
Any inconsistency between profile, timezone, and proxy location becomes a detection signal.
## Limitations
Stealth does not handle:
- Cloudflare interactive challenges (Turnstile, JS Challenge, CAPTCHA)
- Datadome and Akamai bot managers
- Any CAPTCHA system
- IP-based rate limiting (needs proxies)
## Best Practice
```bash
OBSCURA_TIMEZONE=Asia/Shanghai \
OBSCURA_GEOLOCATION="31.2304,121.4737" \
OBSCURA_PROFILE=0 \
obscura serve \
--stealth \
--proxy http://user:pass@proxy.16yun.cn:8888
```bash
## Summary
Obscura Stealth builds anti-detection at four layers:
1. **TLS layer**: BoringSSL wreq client matching Chrome's fingerprint
2. **Profile layer**: 8 profiles with consistent navigator properties
3. **JS API layer**: webdriver hiding, native code masking, event.isTrusted
4. **Network layer**: 3500+ domain tracker blockingNeed an enterprise proxy plan?
We can tailor architecture to your target domains, concurrency, and reliability goals.