Patchright is a patched and undetected version of the Playwright Testing and Automation Framework.
It can be used as a drop-in replacement for Playwright.
Note
This repository serves the Patchright Driver. To use Patchright, check out the Python Package or the NodeJS Package.
Warning
Patchright only patches CHROMIUM based browsers. Firefox and Webkit are not supported.
Runtime.enable Leak
This is the biggest Patch Patchright uses. To avoid detection by this leak, patchright avoids using Runtime.enable by executing Javascript in (isolated) ExecutionContexts.
Console.enable Leak
Patchright patches this leak by disabling the Console API all together. This means, console functionality will not work in Patchright. If you really need the console, you might be better off using Javascript loggers, although they also can be easily detected.
Patchright tweaks the Playwright Default Args to avoid detection by Command Flag Leaks. This (most importantly) affects:
--disable-blink-features=AutomationControlled
(added) to avoid navigator.webdriver detection.--enable-automation
(removed) to avoid navigator.webdriver detection.--disable-popup-blocking
(removed) to avoid popup crashing.--disable-component-update
(removed) to avoid detection as a Stealth Driver.--disable-default-apps
(removed) to enable default apps.--disable-extensions
(removed) to enable extensions
Patchright patches some general leaks in the Playwright codebase. This mainly includes poor setups and obvious detection points.
With the right setup, Patchright currently is considered undetectable. Patchright passes:
- Brotector ✅ (with CDP-Patches)
- Cloudflare ✅
- Kasada ✅
- Akamai ✅
- Shape/F5 ✅
- Bet365 ✅
- Datadome ✅
- Fingerprint.com ✅
- CreepJS ✅
- Sannysoft ✅
- Incolumitas ✅
- IPHey ✅
- Browserscan ✅
- Pixelscan ✅
Even though we have spent a lot of time to make Patchright as stable as possible, bugs may still occur. If you encounter any bugs, please report them in the Issues.
Warning
Currently, Patchright may experience some unintended behavior when evaluating JavaScript in the browser. This will be fixed when the Option to choose Execution Context (Main/Isolated) is implemented. See the TODO for more information.
Warning
Patchright passes most, but not all the Playwright tests. Some bugs are considered impossible to solve, some are just not relevant. See the list of bugs and their explanation here.
Based on the Playwright Tests, we concluded that its highly unlikely that you will be affected by these bugs in regular usecases.
Init Script Shenanigans
To be able to use InitScripts without Runtime.enable, Patchright uses Playwright Routes to inject JavaScript into HTML requests.
Playwright Routes may cause some bugs in other parts of your code. Patchright InitScripts won't cause any bugs that wouldn't be caused by normal Playwright Routes.
If you want any of these bugs fixed, you'll have to contact the Playwright team.
Patchright InitScripts can be detected by Timing Attacks. However, no antibot currently checks for this kind of Timing Attack and they probably won't for a good amount of time.
We consider them not to be a big risk of detection.
- Implement Option to choose Execution Context (Main/Isolated).
- Fix Fixable Bugs.
- Implement .patch Updater to easily show Patchright's patches.
- Setup Automated Testing on new Release.
- Implement Patchright on .NET and Java.
Deployment of new Patchright versions are automatic, but bugs due to Playwright codebase changes may occur. Fixes for these bugs might take a few days to be released.
If you choose to support our work, please contact @vinyzu or @steve_abcdef on Discord.
© Vinyzu
Patchright is licensed Apache 2.0
This repository is provided for educational purposes only.
No warranties are provided regarding accuracy, completeness, or suitability for any purpose. Use at your own risk—the authors and maintainers assume no liability for any damages, legal issues, or warranty breaches resulting from use, modification, or distribution of this code.
Any misuse or legal violations are the sole responsibility of the user.