vibheksoni / stealth-browser-mcp
The only browser automation that bypasses anti-bot systems. AI writes network hooks, clones UIs pixel-perfect via simple chat.
description README.md
Stealth Browser MCP
Undetectable browser automation for MCP-compatible AI agents.
Bypass Cloudflare, antibot systems, and social media blocks with real browser instances powered by nodriver + Chrome DevTools Protocol + FastMCP.
Table of Contents
- Demo
- Features
- Quickstart
- Modular Architecture
- Toolbox
- Stealth vs Playwright MCP
- Troubleshooting
- Examples
- Showcase
- Roadmap
- Contributing
- Support
- License
Demo
Stealth Browser MCP bypassing Cloudflare, cloning UI elements, and intercepting network traffic — all through AI chat commands.
Features
- Antibot bypass — Works on Cloudflare, Queue-It, and other protection systems that block traditional automation
- 97 tools across 11 sections — From basic navigation to advanced CDP function execution
- Modular loading — Run the full 97-tool arsenal or a minimal 20-tool core; disable what you don't need
- Pixel-accurate element cloning — Extract complete elements with all CSS, DOM structure, events, and assets via CDP
- Network interception — Inspect every request, response, header, and payload through your AI agent
- Dynamic hook system — AI-generated Python functions that intercept and modify network traffic in real-time
- Instant text input — Paste large content via CDP or type with human-like keystrokes and newline support
- Cross-platform — Windows, macOS, Linux, Docker, and CI/CD pipelines with automatic environment detection
- Browser support — Chrome, Chromium, and Microsoft Edge (automatic detection)
- Clean MCP integration — No custom brokers or wrappers; works with Claude Code, Claude Desktop, Cursor, and any MCP client
Quickstart
1. Clone and install
git clone https://github.com/vibheksoni/stealth-browser-mcp.git
cd stealth-browser-mcp
python -m venv venv
# Activate virtual environment
# Windows:
venv\Scripts\activate
# Mac/Linux:
source venv/bin/activate
pip install -r requirements.txt
2. Add to your MCP client
Claude Code CLI (recommended):
Windows:
claude mcp add-json stealth-browser-mcp "{\"type\":\"stdio\",\"command\":\"C:\\path\\to\\stealth-browser-mcp\\venv\\Scripts\\python.exe\",\"args\":[\"C:\\path\\to\\stealth-browser-mcp\\src\\server.py\"]}"
Mac/Linux:
claude mcp add-json stealth-browser-mcp '{
"type": "stdio",
"command": "/path/to/stealth-browser-mcp/venv/bin/python",
"args": ["/path/to/stealth-browser-mcp/src/server.py"]
}'
Replace
/path/to/stealth-browser-mcp/with your actual project path.
Manual JSON configuration (Claude Desktop, Cursor, etc.)
Windows (%APPDATA%\Claude\claude_desktop_config.json):
{
"mcpServers": {
"stealth-browser-mcp": {
"command": "C:\\path\\to\\stealth-browser-mcp\\venv\\Scripts\\python.exe",
"args": ["C:\\path\\to\\stealth-browser-mcp\\src\\server.py"],
"env": {}
}
}
}
Mac/Linux (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"stealth-browser-mcp": {
"command": "/path/to/stealth-browser-mcp/venv/bin/python",
"args": ["/path/to/stealth-browser-mcp/src/server.py"],
"env": {}
}
}
}
FastMCP CLI (untested)
pip install fastmcp
fastmcp install claude-desktop src/server.py --with-requirements requirements.txt
# OR
fastmcp install claude-code src/server.py --with-requirements requirements.txt
# OR
fastmcp install cursor src/server.py --with-requirements requirements.txt
3. Test it
Restart your MCP client and ask your agent:
"Use stealth-browser to navigate to https://example.com and take a screenshot."
Agent Skill
This repo includes an agent skill at skills/stealth-browser-mcp for clients that support Codex-style skills. It teaches agents the recommended tool order, state checks, pre-document CDP script usage, network debugging flow, and browser cleanup rules.
Use the skill when an LLM struggles to choose the right MCP tool or forgets to verify browser state after actions. If your client does not load repo-local skills automatically, add or symlink skills/stealth-browser-mcp into your client skills directory.
Modular Architecture
Choose exactly what functionality you need. Run the full 97-tool suite or strip it down to 20 core tools.
| Mode | Tools | Use Case |
|---|---|---|
| Full (default) | 97 | Complete browser automation and debugging |
Minimal (--minimal) | 20 | Core browser automation only |
Custom (--disable-*) | Your choice | Disable specific sections |
python src/server.py --minimal
python src/server.py --disable-cdp-functions --disable-dynamic-hooks
python src/server.py --list-sections
python src/server.py --debug
Use --debug or set STEALTH_BROWSER_DEBUG=1 to enable verbose server diagnostics on stderr. In normal MCP stdio usage, debug logging stays quiet by default to avoid noisy transport output.
HTTP transport security
stdiotransport is recommended for local MCP clients and does not require HTTP auth.- HTTP transport remains unauthenticated by default for backward compatibility.
- Do not expose unauthenticated HTTP transport outside trusted local or private networks.
- Set
STEALTH_BROWSER_MCP_AUTH_TOKENto enable bearer-token auth for HTTP transport. - Clients must send
Authorization: Bearer <token>after HTTP auth is enabled.
Browser lifecycle defaults
- Idle browser instances are reaped automatically after 10 minutes by default.
- Override per instance with
spawn_browser(idle_timeout_seconds=...). - Disable idle reaping globally with
BROWSER_IDLE_TIMEOUT=0. - Tune the background reaper cadence with
BROWSER_IDLE_REAPER_INTERVAL. - Tune startup cleanup of abandoned temp profiles with
BROWSER_ORPHAN_PROFILE_MAX_AGE(seconds). - Restrict local file uploads with
BROWSER_FILE_UPLOAD_ALLOWED_DIRS.
Server Environment Variables
These are regular environment variables for the MCP server process itself. Set them wherever you launch src/server.py:
| Variable | Default | Meaning |
|---|---|---|
STEALTH_BROWSER_MCP_AUTH_TOKEN | unset | Optional bearer token for HTTP transport. When set, HTTP clients must send Authorization: Bearer <token>. |
MCP_AUTH_TOKEN | unset | Backward-compatible alias for STEALTH_BROWSER_MCP_AUTH_TOKEN. |
BROWSER_IDLE_TIMEOUT | 600 | Global idle timeout in seconds before an unused browser instance is auto-closed. Set 0 to |