fortress  by tiliondev

Stealth Chromium engine for bypassing bot detection

Created 1 week ago

New!

318 stars

Top 84.8% on SourcePulse

GitHubView on GitHub
1 Expert Loves This Project
Project Summary

Summary

Fortress provides a stealth Chromium engine to bypass bot detection for web scraping and automation. It targets engineers and researchers needing reliable website access. By patching Chromium's C++ core, it presents an ordinary Chrome fingerprint, enabling undetected operation for scrapers and AI agents.

How It Works

Fortress directly modifies Chromium's C++ source to correct browser fingerprinting surfaces. This engine-level approach ensures fingerprint integrity across all JavaScript realms, preventing detection via toString self-reveal or realm re-acquisition. It also enforces TLS JA3/JA4 coherence with the browser persona for a unified, non-automated identity.

Quick Start & Requirements

Install via pip install tilion-fortress (Python), npm install tilion-fortress (Node.js), or docker run --rm -p 9222:9222 tilion/fortress:latest. Native binaries available for Linux x64 and Windows x64; macOS requires Docker. Exposes raw Chrome DevTools Protocol (CDP) on port 9222, compatible with Playwright, Puppeteer, etc. Docker image: ~302 MB (pull) / 851 MB (disk).

Highlighted Details

  • Detection Evasion: Bypasses CreepJS (0% headless), Sannysoft, BrowserScan, Cloudflare, and Akamai bot protection on major e-commerce sites.
  • Native-Code Integrity: Spoofed getters are C++ implementations, returning [native code] and consistent across all realms.
  • Auditable & Reproducible: Features 34 C++ patches in patches/ for audit and source rebuilds. Monthly releases gated by a detection gauntlet.
  • Coherent Persona: Enforces consistency between engine, user-agent, TLS fingerprint (JA3/JA4), and system attributes; tunable via --uxr-* flags.

Maintenance & Community

Monthly Chromium rebases and active tracking of detection vectors via a reproducible gauntlet. Upcoming features are detailed on a public roadmap. Community interaction primarily occurs through GitHub issues.

Licensing & Compatibility

Fortress patches and tooling are BSD-3-Clause licensed, permitting commercial use and integration into closed-source projects. Chromium and bundled fonts retain their original licenses.

Limitations & Caveats

  • IP vs. Fingerprint: Bot detection failures often stem from datacenter IPs; residential proxies recommended.
  • OS Mismatch: Default Windows persona may conflict with Linux host signals; align persona with egress OS.
  • macOS Support: Native binaries unavailable; Docker required.
  • Persona Visibility: Command-line flags (--uxr-*) visible on Linux hosts; future MaskConfig runtime will mitigate.
  • Evolving Detection: No stealth solution guarantees permanent evasion; stay updated with monthly releases.
Health Check
Last Commit

5 hours ago

Responsiveness

Inactive

Pull Requests (30d)
16
Issues (30d)
9
Star History
318 stars in the last 9 days

Explore Similar Projects

Feedback? Help us improve.