Boost Agent Browser: Implement Stealth Mode For Enhanced Privacy
Hey guys, let's dive into a cool feature request that could seriously upgrade our agent-browser tool. We're talking about adding a stealth mode, and trust me, it's a game-changer when it comes to web automation and avoiding those pesky bot detection systems. This enhancement, using the AGENT_BROWSER_STEALTH environment variable, would give us some much-needed privacy and make our automated browsing sessions way more robust. So, let's explore why this is important, how it would work, and why it's a smart move for everyone involved.
The Problem: Bot Detection is a Real Pain
So, here's the deal: if you've been automating web tasks, you've probably run into websites that are super good at spotting bots. Websites use these systems like Cloudflare, DataDome, PerimeterX, and reCAPTCHA that can detect bots in order to protect their content, prevent spam, and ensure fair usage. We've all been there, and it's a frustrating experience. As mentioned in issue #53, users are finding themselves unable to pass verification steps due to detection. These systems look for tell-tale signs that a browser isn't being controlled by a real human. While some basic flags can help, they are not enough for the more complex detections.
These detection systems are sophisticated, and they check a ton of stuff. For example, they look at:
- The
navigator.webdriverproperty. This is a simple flag that often indicates a bot. - WebGL fingerprinting. This one is tricky, it checks the vendor and renderer details to see if they're consistent.
- Plugin and MIME type enumeration. Bots often have different or missing plugin info.
- Chrome runtime properties. These properties help bots get identified.
- Inconsistent browser feature detection. Sometimes features behave differently in automated browsers.
And the list goes on! The bottom line is that current methods are insufficient to address this comprehensive approach. To deal with those sophisticated detection methods, we need a better solution, and that's where the proposed stealth mode comes in.
Proposed Solution: Stealth Mode with AGENT_BROWSER_STEALTH
The core of this feature request is adding stealth mode support using the AGENT_BROWSER_STEALTH environment variable. The idea is to integrate something like playwright-stealth (or a similar tool) to make our browser sessions way less detectable. This approach is user-friendly and doesn't require complex changes to how you run your automation tasks. Think of it this way: a simple environment variable, set before your script starts, and poof – stealth mode activated.
Here's how it would work:
# Enable stealth mode for the session
export AGENT_BROWSER_STEALTH=true
agent-browser open https://example.com
With this feature enabled, agent-browser would automatically apply evasions when creating the browser context. This means that when a website tries to detect you, the stealth mode kicks in to make you look more like a regular user. Now, why an environment variable? Well, it's all about making things easier and more efficient, particularly for AI agents that use agent-browser.
Why Environment Variable is a Smart Choice
Using an environment variable to turn on stealth mode is a good idea for several reasons. First off, AI agents don't typically interact with command-line flags, so making users add a --stealth flag every time they run a command would be cumbersome and impractical. Setting an environment variable means that stealth mode is active for the whole session, without needing to change anything in the way AI agents issue commands. Using an environment variable aligns with how other features, like AGENT_BROWSER_HEADED and AGENT_BROWSER_ARGS, are already managed in agent-browser.
This approach aligns with existing patterns and makes integrating the feature seamless for current users. Stealth mode would handle a lot of the heavy lifting behind the scenes. It'd mask the navigator.webdriver property, fix WebGL fingerprinting, spoof plugin and MIME types, and apply other standard anti-detection patches. This way, users can focus on their tasks, not on how to outsmart bot detection systems.
Why Not Just Use AGENT_BROWSER_ARGS?
So, you might be wondering, what about the existing AGENT_BROWSER_ARGS? Can't we just use that? Well, while that approach is useful for adding basic launch flags, it has its limitations. The stealth mode is designed to tackle a more advanced set of evasions. Using --disable-blink-features=AutomationControlled, for instance, is only part of the solution.
Some evasions require JavaScript injection at the time of context creation, which goes beyond launch flags. With a stealth mode, you'd be getting tested and well-maintained evasion techniques bundled together. It's a complete package designed to protect your automation tasks.
Stealth Mode in Action: What it Would Do
When AGENT_BROWSER_STEALTH=true is set, here's what the stealth mode would do in a nutshell:
- Mask
navigator.webdriver: This is one of the easiest ways to spot a bot, so it's a critical evasion. - Fix WebGL fingerprinting inconsistencies: By making WebGL properties consistent, we reduce detection risks.
- Spoof plugin/mime types: This ensures our browser reports the correct details to make them indistinguishable from human traffic.
- Apply standard anti-detection patches: This includes a variety of other techniques to make our browser look less like a bot.
These standard anti-detection patches would apply the playwright-stealth evasions to the browser context, giving you a comprehensive toolkit to avoid bot detection.
Implementation Notes and Future Considerations
To make this feature work, there are a few implementation details to keep in mind.
- Default Behavior: To avoid any disruption, stealth mode would be disabled by default. Users have to enable it explicitly through the
AGENT_BROWSER_STEALTHenvironment variable. - Browser Context: The evasions will be applied within the
browser.tsfile when creating the browser context. This ensures that the stealth mode is active from the start of the session. - Lightweight Dependency: The
playwright-stealthpackage is lightweight (~50KB), which won't add any significant overhead to the tool.
Wrapping Up
Adding a stealth mode to agent-browser is a great idea. It improves the privacy of our automated sessions. It simplifies the user experience by using an environment variable, and it offers a comprehensive solution for evading bot detection. With this update, we can make our automation tasks more reliable and stay ahead of the game.