playwright-cdp-probe 0.2.4

Playwright bot-detection probe — score CDP for webdriver and headless leaks. CLI: cdp-probe.

playwright-cdp-probe

Playwright bot-detection probe — score CDP sessions for webdriver, headless Chrome, and WebGL exposure.

pip install playwright-cdp-probe
cdp-probe check-local

CLI: cdp-probe · Python 3.10+ · optional [mlx] for Launcher helpers

Coupon hub: Verified MLX deals (SAAS50 browser / MIN50 cloud phone) — Multilogin promo codes. Core CLI works without a vendor account. Affiliate disclosure.

Audit Playwright and CDP browser sessions for automation exposure signals — navigator.webdriver, chrome.runtime, plugin counts, permissions API, headless UA hints, and window/WebGL fingerprints.

Returns a 0–100 exposure score (higher = more detectable automation artifacts). Use in CI, before production deploys, or to compare vanilla Chromium vs isolated antidetect profiles.

Problem

Bot-detection stacks probe dozens of browser signals beyond IP and cookies. Before shipping automation to production, teams need a quick way to answer:

• Does this browser context leak navigator.webdriver?
• Are headless or SwiftShader fingerprints visible?
• How does a CDP-attached session compare to a local Playwright launch?

cdp-probe launches Playwright (or connects over CDP), collects signals in-page, and scores automation exposure with a reproducible report.

Install

pip install playwright-cdp-probe
playwright install chromium   # first-time browser binaries

Optional Multilogin X launcher integration (compare isolated profile scores — not required for core probe):

pip install playwright-cdp-probe[mlx]

Development:

pip install playwright-cdp-probe[dev]

Quick start

# Baseline: how detectable is default Playwright Chromium?
cdp-probe check-local --browser chromium

# Probe a live page (login gates, dashboards, SaaS apps)
cdp-probe run --url https://example.com

# Site-class presets (weighted for common gate pages — see presets/)
cdp-probe run --preset cloudflare --url https://example.com
cdp-probe run --preset stripe-dashboard --url https://dashboard.stripe.com
cdp-probe run --preset social-login --url https://example.com/login

# CI / GitHub Actions annotations
cdp-probe run --url https://example.com --format github-actions

# Re-print the last report
cdp-probe report --format table
cdp-probe report --format json

from playwright_cdp_probe import ProbeRunner
from playwright_cdp_probe.probe import ProbeOptions

report = ProbeRunner(ProbeOptions(url="https://example.com")).run()
print(report.exposure.score, report.exposure.grade)
for finding in report.exposure.findings:
    print(finding.signal, finding.detail)

CLI

Command	Description
cdp-probe run --url URL	Launch browser, navigate, score exposure
cdp-probe run --preset NAME --url URL	Score with site-class weights (presets/)
cdp-probe check-local --browser chromium|firefox	Probe about:blank locally
cdp-probe report --format json|table|github-actions	Format last saved report
cdp-probe mlx --profile-id UUID	MLX Launcher → CDP probe → stop ([mlx] extra)
cdp-probe --show-deal	Print partner coupon info (opt-in only)

Exit codes

Code	Meaning
0	pass — exposure score ≤ 30
1	warn — exposure score 31–60
2	fail — exposure score > 60
3	Runtime / validation error

Signal weights and bands: docs/SCORING.md.

Presets

Preset	Best for	Signals emphasized
cloudflare	Turnstile / JS challenge pages	HeadlessChrome UA, webdriver, SwiftShader WebGL
stripe-dashboard	Payment / SaaS dashboards	Thin plugins, missing chrome.runtime
social-login	OAuth popups	webdriver, headless window dimensions

Reports save to ~/.cache/cdp-probe/last-report.json (override with --output).

When exposure scores stay high

Vanilla Playwright Chromium often lands in the warn or fail band — that is expected, not a misconfiguration.

Step	Action
1	Read findings in cdp-probe report --format table — which signals fired?
2	Lint static fingerprint config with fingerprint-coherence (fp-coherence audit)
3	Re-probe over remote CDP or an antidetect Launcher port instead of launch()
4	Compare scores: check-local vs profile-attached session — quantify the delta
5	Validate proxy + cookies: proxy-lane-checker → cookie-jar-bridge

Full fleet QA pipeline:

proxy-lane check proxies.txt -o lanes.json
fp-coherence audit profile.yaml --strict
cdp-connect mlx-start --profile-id UUID --print-cdp-url   # peer: cdp-connect-kit
cdp-probe run --cdp-endpoint "$CDP_URL" --url https://example.com --format github-actions
cookie-bridge validate session-cookies.txt --strict

Coupon hub: Multilogin promo codes — guides for SAAS50 / MIN50, pricing comparisons, and workflow playbooks.

Isolated antidetect browsers provision OS, screen, WebGL, and storage at the profile level — often a better fix than patching individual JS APIs. If you evaluate Multilogin X for production profile pools, see Production (affiliate disclosure applies; core probe needs no vendor account).

API

Symbol	Description
ProbeRunner	Launch Playwright or connect_over_cdp, collect signals
ProbeOptions	url, browser, headless, cdp_endpoint
compute_exposure_score(signals)	Score 0–100 with weighted findings
ProbeReport	Signals + exposure + timestamp
format_report(report, "json"|"table")	CLI-compatible formatting

Signals collected

• navigator.webdriver
• window.chrome.runtime (Chromium)
• navigator.plugins / mimeTypes counts
• navigator.permissions API presence
• Notification.permission
• HeadlessChrome user-agent hint
• Window outer/inner dimension mismatch
• WebGL vendor/renderer (SwiftShader detection)

Limitations

• Not a bypass tool — measures exposure; does not patch, spoof, or hide fingerprints.
• Vanilla Chrome/Playwright leaks at scale — default launches routinely expose webdriver and headless WebGL. High scores are normal.
• Page-level only — TLS/JA3, IP reputation, behavioral biometrics, and server-side ML are out of scope.
• Single-page snapshot — one navigation moment, not long-session drift.
• Firefox signal set differs — chrome.runtime checks apply to Chromium only.
• MLX requires desktop agent — mlx needs Multilogin running locally. See docs/MLX_INTEGRATION.md.

Production

For isolated antidetect profiles, connect Playwright over a Launcher CDP endpoint instead of launching vanilla Chromium:

export MLX_TOKEN="your-bearer-token"
export MLX_FOLDER_ID="your-folder-uuid"
cdp-probe mlx --profile-id PROFILE_UUID --url https://example.com

from playwright_cdp_probe.integrations.mlx import mlx_launch_and_probe

report = mlx_launch_and_probe(
    "profile-id",
    folder_id="folder-id",
    token="...",
    url="https://example.com",
)
print(report.exposure.score)

Compare check-local (vanilla) vs mlx (profile) to quantify exposure reduction — not elimination.

Partner note (affiliate): If Multilogin X fits your workflow (profile pools, folder scale, Launcher CDP), eligible new browser purchases may accept code SAAS50 at checkout on the official site — verify current terms before paying. Full disclosure: docs/AFFILIATE.md. Deals hub: anti-detect.github.io. Coupon details only via cdp-probe --show-deal (never printed by default).

FAQ: docs/FAQ.md — Playwright detection, headless Chrome, CDP exposure, antidetect comparison.

Related tools (on PyPI)

Package	CLI	Role
playwright-cdp-probe	cdp-probe	CDP / WebDriver exposure score
cookie-jar-bridge	cookie-bridge	Netscape ↔ Playwright cookies
proxy-lane-checker	proxy-lane	Proxy TCP / HTTP / geo / DNSBL
fingerprint-coherence	fp-coherence	UA / screen / timezone lint

Toolkit pipeline: proxy-lane check → fp-coherence audit → automate → cdp-probe run → cookie-bridge validate

License

MIT

Production antidetect: Multilogin X · Code SAAS50 (-50% browser) · MIN50 (-50% cloud phone)
More scripts: @Multilogin_Scripts_Bot · Multilogin promo codes