Evasion catalog

Every red-team configuration Kitsune tests itself against — real anti-detect tools, stealth browsers, TLS/HTTP forgers and single-surface technique probes — each with a plain description. For the exact tells that caught each, see the detection matrix.

103configs
93caught (bot)
10suspicious
accept-lang-spoofbot
A headless Chromium that forges its Accept-Language header out of step with navigator.languages — a network-vs-JavaScript language mismatch.
apify-fp-injectbot
Playwright Chromium with an Apify-style fingerprint overlay injected over the real browser — it spoofs JS-visible surfaces while the underlying engine stays Chromium.
audio-noisebot
A bot that adds random noise to the Web Audio fingerprint to defeat audio hashing — the injected noise signature is itself the tell.
audio-readback-spoofbot
Spoofs the AudioBuffer read-back values to fake a stable audio fingerprint; the readback noise gives it away.
azuretlsbot
A Go HTTP client (azuretls) that forges a real browser's TLS (JA3/JA4) and HTTP/2 fingerprint with no browser engine at all — pure wire-layer impersonation.
baseline-firefoxbot
A plain automated Firefox with no stealth — the WebDriver flag is left exposed. A control case.
bravebot
The real Brave browser, which farbles canvas and audio by design as a privacy feature — a legitimate human browser, used as a control to keep the detector honest.
brave-fakebot
A non-Brave browser faking Brave's farbling and brave APIs — the spoofed Brave identity is itself detectable.
brave-fake-proxybot
A non-Brave browser faking Brave, relayed through a proxy — the spoofed Brave identity still shows through.
camoufoxbot
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet.
camoufox-hardenedsuspicious
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — with maximum anti-detect hardening.
camoufox-hardened-behavesuspicious
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — hardened and driven with humanized behaviour.
camoufox-headfulsuspicious
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — run headful, with a real display.
camoufox-linuxsuspicious
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — on Linux.
camoufox-linux-coherentsuspicious
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — on Linux, kept cross-layer coherent.
camoufox-macosbot
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — on macOS.
camoufox-socks-webrtcsuspicious
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — behind a SOCKS proxy with WebRTC masking.
camoufox-touch-incoherentbot
Engine-level anti-detect Firefox: it patches the Gecko C++ engine itself instead of injecting JavaScript, so the spoof leaves no JS-detectable seams. The hardest case in the fleet — with a deliberately incoherent touch/pointer profile.
canvas-geometry-spoofbot
Perturbs canvas geometry (text and shape metrics) to dodge canvas hashing; the geometry noise is detectable.
canvas-liebot
Returns a fixed, fabricated canvas image instead of rendering — a toDataURL the engine never actually produced.
canvas-spoofbot
Injects per-pixel noise into the canvas to randomize its hash; the noise and the worker-vs-main mismatch convict it.
cdc-leakbot
An automated Chrome still carrying the `cdc_` ChromeDriver artifact variables — the classic Selenium leak.
ch-ua-hardcodedbot
An HTTP client with a hardcoded Client-Hints brand list that lacks the GREASE brand a real Chrome always emits.
chrome-clone-1bot
A cloned Chrome fingerprint replayed across sessions (clone 1 of a coordinated pair) — the collision with its twin is the durable tell.
chrome-clone-2bot
The second member of a cloned-Chrome fleet — its fingerprint collides with clone 1 across sessions.
coalesce-proxybot
Injects synthetic pointer events through a proxy; the coalesced events are untrusted (isTrusted=false).
coalesce-spoofbot
Fakes coalesced pointer events to mimic high-frequency mouse input; the toString patch betrays the spoof.
csp-bypassbot
A bot that bypasses the page Content-Security-Policy to inject its automation hooks — the bypass is observable.
curl-http2bot
curl driving raw HTTP/2 with a browser User-Agent — its header order, TLS and TCP stack all contradict the claimed Chrome.
curl-impersonatebot
curl_cffi / curl-impersonate — an HTTP client that replays a real browser's exact TLS and HTTP/2 fingerprint with no browser and no JavaScript execution.
datacenter-origin-proxiedbot
Traffic relayed from a datacenter origin through a proxy — the true origin still reads as datacenter despite the exit node.
domrect-spoofbot
Spoofs getBoundingClientRect to fake element geometry; the DOMRect values are invariant where a real layout varies.
electron-leakbot
An Electron-app bot leaking its process and automation globals — it reports as Chrome but the Electron runtime shows through.
firefox-coherentbot
A carefully coherent automated Firefox — every spoof lines up except the exposed WebDriver flag.
firefox-os-spoofbot
A Firefox automation that fakes its User-Agent OS but forgets to spoof navigator.oscpu — a deliberate cross-layer coherence break.
floor-spoofbot
A minimal 'floor' spoof patching only the obvious tells (webdriver, notifications); the patched getters' toString gives it away.
font-os-leakbot
Its installed-font set and Client-Hints betray a different OS than the User-Agent claims.
fp-rotationbot
Rotates its fingerprint mid-session to dodge hashing — the within-session instability is itself the tell.
full-stealthbot
A maximal stealth stack patching dozens of surfaces at once; the WebGL and worker-realm spoofs still diverge.
go-tlsbot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine.
go-tls-h2-rotatebot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine — rotating its HTTP/2 fingerprint mid-session.
go-tls-madeyouresetbot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine.
go-tls-rotatebot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine — rotating its TLS/JA4 fingerprint mid-session.
go-tls-static-extbot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine.
go-tls-web-bot-authbot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine.
go-tls-web-bot-auth-replaybot
Forges a real-browser TLS ClientHello with uTLS (Go) — a pure wire-layer JA3/JA4 spoof, no browser engine.
h2-continuation-floodbot
An HTTP/2 CONTINUATION-frame flood (DoS) — exercises the edge's frame-abuse detection, not fingerprint evasion.
h2-control-floodbot
An HTTP/2 control-frame flood (PING/SETTINGS abuse) pressure-testing the edge's DoS guard.
h2-rapid-resetbot
Not a stealth tool: an HTTP/2 frame-abuse flooder (rapid-reset CVE-2023-44487, CONTINUATION flood, control-frame floods) that pressure-tests the edge's DoS detection.
h2-settings-splitbot
Sends HTTP/2 SETTINGS out of the expected order — a frame-sequence tell mismatched with the claimed browser.
honeypotbot
A bot that interacts with hidden honeypot elements a human would never see or click.
http2-naivebot
A naive HTTP/2 client with a browser User-Agent but mismatched header order, TLS and TCP stack.
human-mousebot
Automation replaying recorded human mouse traces — the motion looks human but the headless/CDP surface still convicts.
iframe-spoofbot
Patches the main realm but not nested iframes; the iframe realm reports different values — a realm divergence.
ios-ua-spoofbot
Claims to be Safari on iOS while running a non-WebKit engine — an Apple UA without the matching WebKit APIs.
ip-rotationbot
Rotates its source IP within a single session — the address changes mid-session where a real client's would not.
keystroke-humanbot
Replays human-like keystroke timing, but the headless/CDP runtime underneath still gives it away.
lang-list-spoofbot
navigator.language disagrees with navigator.languages — the singular value and the list contradict.
lang-spoofbot
Spoofs the page language, but the Worker realm reports a different language than the main thread.
linear-botbot
A bot moving the cursor in perfectly straight, constant-velocity lines — non-human kinematics over a headless base.
max-stealthbot
An aggressive stealth profile spoofing the webdriver flag and chrome object; the spoof's own seams remain.
measuretext-spoofbot
Spoofs Canvas measureText metrics; they disagree with the OffscreenCanvas measurement of the same text.
mobile-emulationbot
Desktop Chromium emulating an Android phone via Playwright's Pixel 5 device — tests whether a mobile UA and viewport stay coherent with a desktop stack.
mobile-no-touchbot
A red-team configuration exercising the mobile no touch technique.
naive-tz-spoofbot
Naively overrides the timezone — the offset, Intl zone and Worker-realm timezone all disagree.
native-spoofbot
Overrides native functions to fake values, but violates a native invariant the real engine always preserves.
nodriverbot
The successor to undetected-chromedriver: drives Chrome directly over CDP with no Selenium/webdriver surface at all, async-first.
os-spoofbot
Claims a different OS than its real platform — navigator.platform, WebGL and the TCP stack betray the true one.
patchrightbot
Patchright (a patched Playwright) — strips many headless tells, but the Client-Hints headless markers remain.
patchright-headfulsuspicious
Patchright run headful — reaches only suspicious, with no single convicting tell. A frontier case.
playwright-extrabot
Playwright plus puppeteer-extra-plugin-stealth — a stack of JavaScript patches that mask the common headless and automation tells.
playwright-extra-coherentbot
Playwright plus puppeteer-extra-plugin-stealth — a stack of JavaScript patches that mask the common headless and automation tells — with its cross-layer values kept coherent.
primpbot
A browser-impersonating HTTP client: forges the TLS and HTTP/2 stack of a real browser for a single request, with no JavaScript.
pydollbot
Async, CDP-native Python automation with no webdriver dependency — drives Chrome through the DevTools protocol directly.
quic-no-greasebot
A QUIC/HTTP-3 client whose ClientHello omits the GREASE values a real browser always includes.
rebrowserbot
Rebrowser-patches stealth Chromium — masks the common automation tells but leaves headless and webdriver traces.
renderer-spoofbot
Spoofs the WebGL renderer string; the getParameter patch and the worker-realm renderer disagree.
screen-impossiblebot
Reports screen dimensions that cannot physically exist (e.g. available larger than total) — an impossible display.
selenium-driverlessbot
Selenium-style automation driven purely over CDP, avoiding the WebDriver protocol that classic Selenium leaks.
spoof-uabot
Claims one browser in its User-Agent while the engine, TLS and HTTP/2 stack describe another.
stale-enginebot
Its User-Agent claims a current version but the engine feature-set is from an older build — a stale template.
stealth-naivebot
A plain real Chromium driven through the edge — the baseline 'just a real browser, automated' case — with only naive patches applied.
stealth-patchedbot
A plain real Chromium driven through the edge — the baseline 'just a real browser, automated' case — with extra stealth patches applied.
tls-stale-templatebot
Replays a real browser's TLS fingerprint from an outdated template — the GREASE and key-share no longer match the claimed UA.
trace-replaybot
Replays a recorded behavioral trace verbatim — identical within-session repetition betrays the replay.
tz-spoofbot
Spoofs the timezone; the offset, the Intl resolved zone and the Worker-realm timezone contradict each other.
ua-rotationbot
Rotates its User-Agent within one session — the UA changes mid-session where a real client's stays fixed.
uach-coherentbot
A bot that makes its Client-Hints internally coherent, yet the automation runtime (CDP/webdriver) still shows.
undetectedbot
undetected-chromedriver — a patched ChromeDriver that strips the classic Selenium/CDP webdriver giveaways.
vanillabot
A single plain HTTP request through the edge — the no-evasion baseline everything else is measured against.
webgl-caps-worker-spoofbot
A red-team configuration exercising the webgl caps worker spoof technique.
webgl-renderer-spoofbot
A red-team configuration exercising the webgl renderer spoof technique.
webkit-safari-coherentbot
A coherent WebKit/Safari profile — but its fonts, platform, TLS and HTTP/2 stack still betray the real OS.
webkit-ua-spoofbot
A WebKit-engine bot faking a Chrome User-Agent — its TLS/engine fingerprint contradicts the claimed browser.
webrtc-leaksuspicious
Leaks its real IP via WebRTC despite a proxy — reaches only suspicious, a frontier corroborating case.
webrtc-origin-datacenterbot
A WebRTC candidate revealing a datacenter origin behind the proxied connection.
worker-proxybot
Proxies Worker-thread calls back to the main realm to hide divergence; the Worker constructor patch shows.
worker-proxy-fixbot
A refined Worker proxy that rewrites the worker source to hide the seam — the rewrite is itself detectable.
worker-spoofbot
Spoofs the main thread, but the Worker realm still diverges from it.
worker-wrapbot
Wraps the Worker constructor to intercept realm checks — the tampered constructor is the tell.
zendriverbot
A maintained successor to nodriver — CDP-native Chrome automation with no webdriver surface.
zendriver-uachsuspicious
A maintained successor to nodriver — CDP-native Chrome automation with no webdriver surface — spoofing UA Client-Hints.
zendriver-uach-behavesuspicious
A maintained successor to nodriver — CDP-native Chrome automation with no webdriver surface — spoofing UA Client-Hints with humanized behaviour.