Open stealth-browser framework — drive a real recompiled-Chromium (Fortress) that defeats bot-detection fingerprint suites. Drop-in stealth for browser-use, Playwright, Crawl4AI, with an MCP server for AI agents.
Project description
Tilion
A stealth browser for AI agents.
pip install tilion— drive a real, undetected Chromium that gets past Cloudflare, DataDome, and bot detection, with no server, no account, and no API key.
Framework & MCP: Beta · runs local & free · Tilion Cloud (residential egress) coming soon · 📖 Full documentation · 📊 Benchmarks
Real, dated run: stockx.com (PerimeterX). A stock browser gets HTTP 403 — "Access denied"; Claude with the Tilion MCP returns clean JSON. Reproduce:
python demo/make_split_demo.py.
Tilion is an open stealth-browser framework. It runs a recompiled-Chromium stealth engine (Fortress) locally, in-process, and gives you one clean API for fetching protected pages, extracting content, crawling sites, reconnaissance, and multi-step automation — plus a Model Context Protocol (MCP) server so AI agents can reach for it the moment they get blocked.
pip install tilion
Quickstart
import asyncio
from tilion import Tilion
async def main():
async with Tilion() as t: # boots the Fortress stealth engine locally
page = await t.fetch("https://protected.example") # past Cloudflare/DataDome/403
print(page["title"], page["text"][:200])
data = await t.extract("https://site/pricing") # clean markdown + tables
docs = await t.crawl("https://site", depth=2) # whole-site crawl (auto-SPA)
apis = await t.recon("https://site") # discover the site's private API
hits = await t.search("undetected playwright") # real-browser web search
asyncio.run(main())
No uvicorn, no Redis, no auth — local mode holds one real browser and drives it directly.
Drop-in stealth for your existing stack
Already using browser-use, Playwright, Puppeteer, Crawl4AI, or Stagehand? They all connect to a browser by CDP URL. Point that at Tilion's Fortress engine and your existing code runs through the stealth browser — one line, no rewrite:
from tilion import Tilion
t = await Tilion().start()
cdp_url = t.cdp_url # hand this to any CDP-speaking stack
# browser-use:
from browser_use import Agent, BrowserSession
agent = Agent(task="...", browser_session=BrowserSession(cdp_url=cdp_url))
# Playwright:
browser = await playwright.chromium.connect_over_cdp(cdp_url)
MCP server — stealth browsing for any AI agent
Ship the Fortress MCP server so a coding/browsing agent auto-selects it when a fetch is blocked:
pip install "tilion[mcp]"
tilion-mcp # or: python -m tilion.mcp
Claude Desktop / Cursor — add to your MCP config:
{ "mcpServers": { "fortress": { "command": "tilion-mcp" } } }
26 intent-loaded tools including: fetch_protected_page, extract_page, crawl_site, recon_site_apis, search_web, run_browser_task, screenshot_page, save_page, list_browser_tasks, get_stealth_cdp_endpoint. Pre-warmed on startup (~100 ms first call), concurrency-safe, timeout- and SSRF-guarded.
What you get
fetch |
stealth GET past Cloudflare/DataDome/403 + auto challenge-resolve |
extract |
page → clean markdown + tables + metadata (or a schema-shaped record) |
crawl / spa_crawl |
whole-site crawl, auto-handles SPA/JS + lazy-load → sitemap |
recon |
reverse-engineer a site's private XHR/JSON API (secret-scrubbed) |
search |
real-browser web search (no SERP API) |
agent |
20 multi-step flows: login, paginate, infinite-scroll, checkout, downloads… |
screenshot / save |
PNG, or export as PDF / HTML / text |
cdp_url |
raw CDP endpoint for browser-use / Playwright / Puppeteer |
t.page(url) |
escape hatch to the full DOM API (click, type, wait, evaluate, …) |
How stealth works
The engine is a recompiled Chromium C++ fork, not a JS patch or a stealth plugin. Persona, User-Agent, WebGL, and canvas fingerprints are applied natively with genuine binding returns (toString() === [native code]), so there are no JavaScript injection tells. In independent fingerprint suites it runs Sannysoft-clean, CreepJS 0% headless, browserscan "no bots."
Honest note: a great fingerprint on a datacenter IP still gets blocked by the biggest sites — real anti-bot decisions weigh the egress IP heavily. For production scraping of hostile targets, add a residential proxy (Tilion's proxy layer is pluggable) or use hosted Tilion cloud egress. Tilion does not claim to be "undetectable."
Install options
pip install tilion # core: stealth browser + fetch/extract/crawl/recon/search
pip install "tilion[mcp]" # + the MCP server
pip install "tilion[vision]" # + LLM-driven agent (Claude/OpenAI/Gemini)
pip install "tilion[server]" # + the multi-tenant control-plane API (self-host cloud)
License
Open-core. The funnel — tilion.facade + tilion.mcp — is BSD-3-Clause. The engine (tilion.core driver + the Fortress C++ binary via tilion-fortress) is proprietary, shipped as bytecode/binary. See OPENSOURCE_SPLIT.md.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distributions
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tilion-0.1.0-cp313-none-any.whl.
File metadata
- Download URL: tilion-0.1.0-cp313-none-any.whl
- Upload date:
- Size: 1.0 MB
- Tags: CPython 3.13
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3159ab48ac8545569d55a388ea4c7fb0b27cbbbff61b8fd946339495b43af4eb
|
|
| MD5 |
f91b0bc5d423fb5fa23f1432f878565e
|
|
| BLAKE2b-256 |
a9dd768b57bd2275d6d6d3a7acf15096e1b39fe32325707389853c1f731c6308
|
File details
Details for the file tilion-0.1.0-cp312-none-any.whl.
File metadata
- Download URL: tilion-0.1.0-cp312-none-any.whl
- Upload date:
- Size: 1.0 MB
- Tags: CPython 3.12
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
675b1af91681c2c7ce3246ccc51914895b907b79958f9b5f5e0a1e808f1ce05c
|
|
| MD5 |
b291a8f81927ab7b6b1b0650b20bc539
|
|
| BLAKE2b-256 |
a5dce568a468eef1e3e502465ff2d889e95fc2ec0d4d056a33e8f7cc044d77de
|
File details
Details for the file tilion-0.1.0-cp311-none-any.whl.
File metadata
- Download URL: tilion-0.1.0-cp311-none-any.whl
- Upload date:
- Size: 1.0 MB
- Tags: CPython 3.11
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
af1c9c11ec6e58233efa8cb4b7c827712242d820be190dc22e489c14d9360a9f
|
|
| MD5 |
605f734274087e5ff075ce35e7800668
|
|
| BLAKE2b-256 |
e2c8bd30292ad7ef368f17debaa81ca5817b68711e20a18ede8dcd70c9033756
|
File details
Details for the file tilion-0.1.0-cp310-none-any.whl.
File metadata
- Download URL: tilion-0.1.0-cp310-none-any.whl
- Upload date:
- Size: 726.8 kB
- Tags: CPython 3.10
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
86c9f5a91cb6d5bb9a6133ede07885c5803b2def4e06258535266ee5b91c0b5b
|
|
| MD5 |
82a42fb76a4fce04426052f7697509c5
|
|
| BLAKE2b-256 |
e58a6c685e75ec7aa03ee4e6e12323c43c135a78948ecb2bf8f63243c180a83c
|