Files
wehub-resource-sync 5621867692
Sync browser-act to plugin repo / sync (push) Failing after 0s
chore: import upstream snapshot with attribution
2026-07-13 12:30:35 +08:00

6.1 KiB

Anti-Blocking

Reach places standard tools can't. Three progressive layers, escalating only as needed. The vast majority of blocks never reach the agent — they're absorbed at the environment layer. The few that trigger get auto-resolved at the execution layer. Only extreme cases escalate to a human.

The Three-Layer System

Environment layer (look like a real user)
   ↓ triggered?
Execution layer (auto-solve verification)
   ↓ can't be solved?
Human layer (let a human jump in — see "Remote Assist")
Layer What it solves Key capabilities
Environment Prevent verification from triggering at all Fingerprint spoofing, TLS rotation, residential proxies, privacy mode
Execution Auto-resolve when triggered solve-captcha auto CAPTCHA, stealth-extract one-command extraction
Human Cases automation can't handle remote-assist remote handoff (see Better Headless)

Environment Layer: Look Like a Real User

stealth browsers ship with a complete anti-detection stack, ensuring the site sees no difference from a real browser.

Technique Purpose
Fingerprint spoofing Canvas / WebGL / fonts / plugins — consistently faked, all components tell the same story
Navigator patching webdriver / chrome.runtime / plugin array all normalized
TLS fingerprint rotation Matches real-browser TLS signatures
Headless concealment Run headless to save resources AND pass detection — both at once
Proxy system Dynamic proxy (auto-rotated regional IPs) / Static proxy (managed fixed IP) / Custom proxy (BYO)
Privacy mode Fresh fingerprint + empty profile per session, no persistence

Proxy System

Only stealth browsers support proxies. The three modes are mutually exclusive:

Dynamic proxy (managed)

browser-act browser create --type stealth --name s1 --desc "..." --dynamic-proxy US
  • IP auto-rotates on every browser restart
  • List available regions: browser-act browser regions

Static proxy (managed fixed IP)

browser-act browser create --type stealth --name s1 --desc "..." --static-proxy <proxy_id>
  • Fixed IP, stable across sessions
  • Best for account warm-up, login persistence, API allowlists, and any scenario that requires being bound to the same IP long-term
  • List purchased proxies: browser-act proxy list
  • Purchase a new proxy: browser-act proxy buy-request (returns a purchase URL)

Custom proxy (BYO)

browser-act browser create --type stealth --name s1 --desc "..." --custom-proxy socks5://user:pass@host:port
  • Supports HTTP / SOCKS5
  • Your proxy, your IPs

Privacy Mode

When enabled, each session uses a fresh fingerprint and empty profile, with no data persisted:

browser-act browser create --type stealth --name "ephemeral" --desc "One-off task" --private true

Or toggle on an existing browser:

browser-act browser update <stealth-id> --private true

Use cases: multi-account isolation, preventing fingerprint accumulation, one-off operations. Trade-off: cannot retain login state.

Execution Layer: Auto-Resolve Verification

stealth-extract (WebFetch Replacement)

Read-only content extraction with zero session management:

browser-act stealth-extract https://protected-site.com

What it does:

  1. Launches an anti-detection browser with full fingerprint spoofing
  2. Navigates to the target URL and waits for JS to render
  3. Returns the page in markdown (or HTML)
  4. Closes the browser — no cleanup required

No session, no browser management, no state. URL in, content out.

# HTML output
browser-act stealth-extract https://example.com --content-type html

# Use a managed proxy (region-specific IP)
browser-act stealth-extract https://example.com --dynamic-proxy US

# Use a managed static proxy (fixed IP)
browser-act stealth-extract https://example.com --static-proxy <proxy_id>

# Use a custom proxy
browser-act stealth-extract https://example.com --custom-proxy socks5://host:port

# Custom timeout (default 30s)
browser-act stealth-extract https://example.com --timeout 60

# Save to file
browser-act stealth-extract https://example.com --output ./result.md

Rule: Only need to read? Use stealth-extract. Need to interact? Use a stealth browser.

solve-captcha Auto CAPTCHA

Automatically identifies and solves common CAPTCHA types (image selection, text recognition, etc.):

browser-act --session s1 solve-captcha

Returns solved=True when it goes through automatically.

Escalation when auto-solving fails

# Try automatic first
browser-act --session s1 solve-captcha

# If it fails, show it to the user locally
browser-act --session s1 browser open <id> <url> --headed

# Or escalate to remote handoff
browser-act --session s1 remote-assist --objective "Please solve the CAPTCHA"

Human Layer: Hand It to a Person

When environment + execution still can't solve it, escalate to a human — remote-assist generates a live URL that the user opens on any device to take over. See Remote Assist.

Escalation Strategy

1. Default chrome / chrome-direct + no proxy → fits most everyday sites
2. Anti-scraping triggered → upgrade to stealth + configure a proxy
3. CAPTCHA still appearing → solve-captcha auto-resolves
4. Auto-resolution fails → remote-assist hands off to a human

Comparison with Baseline Tools

curl / WebFetch Standard Puppeteer / Playwright BrowserAct
Handles JS rendering
Anti-scraping bypass ✓ (environment layer)
Auto CAPTCHA ✓ (execution layer)
Human handoff when stuck ✓ (human layer)
Headless without detection N/A ✗ (headless easily detected) ✓ (stealth headless)

Next Steps