Anti-detection browser server for AI agents ā TypeScript REST API wrapping the Camoufox stealth browser engine
- Why CamoFox?
- Features
- Preview Status
- Quick Start
- CLI
- Console Capture
- Playwright Tracing
- Security
- Usage with AI Agents
- Architecture
- API Reference
- Search Macros
- Geo Presets
- Environment Variables
- Deployment
- Used With
- Project Structure
- Contributing
- Credits
- License
The Problem: Standard browser automation (Puppeteer, Playwright, Selenium) is easily detected by modern anti-bot systems. JavaScript-level patches are fragile and get bypassed quickly.
The Solution: CamoFox Browser Server wraps Camoufox, a Firefox fork with C++ engine-level fingerprint spoofing. No JavaScript injection ā anti-detection happens at the browser engine level.
| Feature | Puppeteer/Playwright | CamoFox Browser Server |
|---|---|---|
| Anti-detection | JavaScript patches (fragile) | C++ engine-level (robust) |
| Fingerprint spoofing | Limited | Full (engine-level) |
| Token efficiency | Raw HTML / screenshots | Accessibility snapshots (smaller + structured) |
| Integration | Direct SDK | REST API for any language / AI agent |
| AI agent support | Varies | MCP + OpenClaw compatible |
- C++ Anti-Detection ā fingerprint spoofing at the Camoufox engine level (not JS injection)
- REST API ā language-agnostic HTTP endpoints for browser automation and AI agent integration
- Multi-Session ā concurrent isolated browser contexts per
userId(defaults: max 50 sessions, max 10 tabs/session) - Persistent Browser Profiles ā Each user gets a dedicated Firefox profile. Cookies, localStorage, IndexedDB, and all browser storage persist across sessions automatically.
- Geo Presets ā 8 built-in region presets (locale/timezone/geolocation) + custom presets file
- 14 Search Macros ā Google, YouTube, Amazon, Reddit (search + subreddit JSON), Wikipedia, Twitter, Yelp, Spotify, Netflix, LinkedIn, Instagram, TikTok, Twitch
- Element Refs ā accessibility snapshots annotated with stable
eNelement references for precise interaction - Cookie Persistence ā import Netscape/Playwright-style cookies into a session (optional, gated by API key)
- OpenClaw Plugin ā OpenClaw-compatible endpoints (
/start,/tabs/open,/act, etc.) - TypeScript ā strict mode, typed request shapes, modular Express routes
- YouTube Transcript Extraction ā yt-dlp + browser fallback (service-level; no public API route currently exposed)
- Snapshot Pagination ā offset-based windowing for large page snapshots
- Browser Health Monitoring ā health probe with recovery/degraded state tracking
- š„ļø CLI Mode ā 50+ commands for terminal-based browser automation
- š Auth Vault ā AES-256-GCM encrypted credential storage (LLM-safe)
- š Pipeline Scripting ā Execute command scripts from files
- š Console Capture ā capture and filter browser console messages and uncaught errors
- š¼ Playwright Tracing ā record and export Playwright traces for debugging
CamoFox Browser Server is in Preview (Phase 1). Preview releases are functional for browser automation and agent integration, but carry specific compatibility commitments and explicit non-goals.
- The REST API and CLI are usable for agent workflows today; CamoFox MCP is available as an external companion integration
- New features may be added between minor versions
- Backward-compatible aliases are maintained for renamed or moved endpoints (see Compatibility Policy)
- Local state (profiles, registries, sessions) uses versioned formats with fail-closed integrity checks
- Frozen API surface ā endpoint behavior, request shapes, or response formats may change between minor versions
- Automatic local-state migration ā browser profiles, download registries, and session files use versioned sidecar formats; incompatible upgrades require manual reset (see Local State Recovery)
- Downgrade safety ā rolling back to an older version may require clearing local state
- Fixed GA timeline ā promotion to GA requires meeting evidence-based exit criteria, not a calendar date
During Preview, CamoFox follows an additive-only deprecation model:
- Legacy aliases (e.g.,
listItemIdaccepted alongsidesessionKey, OpenClaw/actrouting to core endpoints) continue to work alongside their replacements - Deprecated fields are accepted silently; no removal until GA or a documented migration window with advance notice in CHANGELOG
- No existing endpoint is removed in a minor version ā removals happen only in major versions with prior CHANGELOG notice
Browser profiles, download registries, and CLI session files use versioned sidecar formats. When upgrading CamoFox:
- Compatible versions: State loads normally
- Incompatible or corrupt state: The server refuses to load incompatible profiles and download registries; the CLI rejects incompatible saved-session files. Both log an actionable error with the specific recovery path.
- Recovery: Delete the affected profile directory, session file, or download registry as indicated in the error message. Clean state is recreated on next use.
There is no automatic migration, silent repair, or downgrade path. This fail-closed behavior is intentional ā it prevents silent data corruption at the cost of requiring manual intervention on incompatible upgrades.
git clone https://github.com/redf0x1/camofox-browser.git
cd camofox-browser
npm install
npm run build
npm startnpm install -g camofox-browser
# Start the server
camofox-browser
# Or use the CLI for browser automation
camofox open https://example.com
camofox snapshot
camofox click e5See CLI for the complete command reference.
Docker image:
ghcr.io/redf0x1/camofox-browser
docker build -t camofox-browser .
docker run -d \
--name camofox-browser \
-p 9377:9377 \
-p 6080:6080 \
-v ~/.camofox:/home/node/.camofox \
camofox-browserTo persist browser profiles (cookies, localStorage, IndexedDB, etc.) across container restarts, keep the volume mount shown above.
services:
camofox-browser:
build: .
ports:
- "9377:9377"
environment:
CAMOFOX_PORT: "9377"
# Optional auth gates
# CAMOFOX_API_KEY: "change-me"
# CAMOFOX_ADMIN_KEY: "change-me"
# Optional: proxy routing (also enables Camoufox geoip mode)
# PROXY_HOST: ""
# PROXY_PORT: ""
# PROXY_USERNAME: ""
# PROXY_PASSWORD: ""curl http://localhost:9377/health
# {"ok":true,"engine":"camoufox","browserConnected":true}CamoFox Browser includes a powerful CLI for browser automation directly from the terminal. The CLI auto-starts the server when needed.
# Global install (recommended)
npm install -g camofox-browser
# Or use npx (no install needed)
npx camofox-browser open https://example.comcamofox open https://example.com # Open a page in anti-detection browser
camofox snapshot # Get accessibility tree with element refs
camofox click e5 # Click element [e5]
camofox type e3 "hello world" # Type into element [e3]
camofox screenshot --output page.png # Save screenshot
camofox close # Close the tab# Browser lifecycle
camofox open <url> # Open URL in new tab
camofox close [tabId] # Close tab
camofox navigate <url> # Navigate current tab to URL
# Inspection
camofox snapshot # Get accessibility tree with [eN] refs
camofox screenshot [--output file] # Take screenshot (saves to file)
camofox annotate # Screenshot + element ref overlay
camofox get-url # Get current page URL
camofox get-text # Get page text content
camofox get-links # Get all links on page
camofox get-tabs # List open tabs
# Interaction
camofox click <ref> # Click element by ref
camofox type <ref> <text> # Type text into element
camofox fill '[e1]="user" [e2]="pw"' # Fill multiple fields at once
camofox scroll <direction> # Scroll up/down/left/right
camofox select <ref> <value> # Select dropdown option
camofox hover <ref> # Hover over element
camofox press <key> # Press keyboard key
camofox drag <from> <to> # Drag element to target
# Navigation
camofox go-back # Browser back
camofox go-forward # Browser forward
camofox search "query" --engine google # Search (14 engines supported)
camofox eval "document.title" # Execute JavaScript
camofox wait <selector> [--timeout ms] # Wait for elementText input: CamoFox has no character limit for typed or filled text. Short text stays humanized for anti-detection, while long text automatically switches to bulk DOM insertion so large inputs do not truncate.
camofox session save <name> # Save current browser state
camofox session load <name> # Restore browser state
camofox session list # List saved sessions
camofox session delete <name> # Delete saved sessioncamofox cookie export <file> # Export cookies to JSON file
camofox cookie import <file> # Import cookies from JSON fileSecurely store credentials locally with AES-256-GCM encryption. Credentials are never output to stdout ā safe for LLM agent automation.
camofox auth save <profile> [--url URL] # Save credentials (prompts for master password)
camofox auth load <profile> # Show profile info (username only)
camofox auth list # List saved profiles (no secrets shown)
camofox auth delete <profile> # Delete a profile
camofox auth change-password <profile> # Change master password
# Inject credentials into a browser tab (LLM-safe)
camofox snapshot # Get element refs first
camofox auth load gmail --inject --username-ref e5 --password-ref e12Security: Master passwords use Argon2id KDF (with PBKDF2 fallback). Vault files are stored with 0600 permissions. The
--injectflag sends credentials directly to the browser ā the LLM agent never sees the password.
Execute multiple commands from a file for automation workflows:
# Create a script
cat > login-flow.txt << 'EOF'
# Login automation script
open https://example.com/login
snapshot
type e3 "username"
type e5 "password"
click e7
wait .dashboard --timeout 5000
screenshot --output result.png
close
EOF
# Run it
camofox run login-flow.txt
# Continue on errors
camofox run login-flow.txt --continue-on-error
# Read from stdin
echo "get-url" | camofox run -camofox server start # Start server daemon
camofox server start --background # Start in background
camofox server stop # Stop server daemon
camofox server status # Check server statuscamofox health # System health report
camofox version # CLI + server version
camofox info # Configuration infocamofox console [tabId] # View console messages
camofox console [tabId] --type error # Filter by type (log/warning/error/info/debug)
camofox console [tabId] --clear # View then clear messages
camofox errors [tabId] # View uncaught JavaScript errors
camofox errors [tabId] --clear # View then clear errorscamofox trace start [tabId] # Start recording trace
camofox trace stop [tabId] [-o file.zip] # Stop and save trace ZIP
camofox trace chunk-start [tabId] # Start new trace chunk
camofox trace chunk-stop [tabId] [-o f] # Stop chunk and save ZIP
camofox trace status [tabId] # Check active trace statusView traces at trace.playwright.dev
| Flag | Env Var | Description | Default |
|---|---|---|---|
--user <id> |
CAMOFOX_USER |
User/profile ID | cli-default |
--port <port> |
PORT |
Server port | 9377 |
--format <fmt> |
ā | Output: json, text, plain |
text |
-V, --version |
ā | Show version | ā |
-h, --help |
ā | Show help | ā |
camofox get-url --format json # {"url":"https://example.com"}
camofox get-url --format text # URL: https://example.com
camofox get-url --format plain # https://example.comTip: Use
--format jsonfor programmatic parsing and LLM agent integration.
CamoFox uses Camoufox, a Firefox fork with C++ level fingerprint spoofing. Unlike Chromium-based tools, CamoFox passes bot detection on Google, Cloudflare, and other anti-bot services.
- AES-256-GCM encryption with Argon2id key derivation (PBKDF2 fallback)
- Credentials never appear in stdout (safe for LLM agent pipelines)
- Vault files stored with
0600permissions - Master password required for all vault operations
- The
--injectflag sends credentials directly to the browser ā the LLM agent orchestrating the CLI never sees raw passwords - Output formats are designed for safe parsing without credential exposure
- Pipeline scripts can reference auth profiles without embedding secrets
CamoFox works seamlessly with AI coding agents and LLM-powered automation:
Add CamoFox skills to your AI coding assistant for full browser automation context:
npx skills add redf0x1/camofox-browserThis works with Claude Code, Codex, Cursor, Gemini CLI, GitHub Copilot, Goose, OpenCode, Windsurf, and 40+ other agents.
Available skills:
| Skill | Focus | Best For |
|---|---|---|
camofox-browser |
Full coverage (CLI + API + OpenClaw) | Complete reference |
camofox-cli |
CLI-only (50 commands) | Terminal-first workflows |
dogfood |
QA testing workflow | Systematic web app testing |
gemini-image |
Gemini image generation | AI image automation |
reddit |
Reddit automation | Reddit posting/commenting |
The installer will prompt you to choose which skills and which agents to configure.
npx skills add redf0x1/camofox-browser
# Installs to .claude/skills/camofox-browser/SKILL.mdnpx skills add redf0x1/camofox-browser
# Installs to .agents/skills/ directoryTip: Skills are symlinked from the repo, so they stay up to date. Do not manually copy
SKILL.mdfiles.
Use CamoFox MCP for direct integration with Claude, Cursor, Windsurf, and other MCP-compatible agents. See Used With.
AI agents can use the CLI with --format json for structured output:
camofox open https://example.com # Open page
camofox snapshot --format json # Get structured element tree
camofox click e5 # Interact with elements
camofox auth load gmail --inject --username-ref e5 --password-ref e12 # Safe credential injectionCreate reusable automation scripts that AI agents can execute:
camofox run automation-flow.txt # Execute multi-step workflowAI Agent (MCP / OpenClaw / REST Client)
ā
ā¼ HTTP REST API (port 9377)
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā CamoFox Browser Server ā
ā (Express + TypeScript) ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Routes Services ā
ā āāā Core API āāā Browser ā
ā āāā OpenClaw compat āāā Session ā
ā āāā Tab ops ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā¤
ā Camoufox Engine (anti-detect) ā
ā Firefox fork + engine-level spoofing ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
- Each
userIdruns in its own persistent Firefox process/context (backed bylaunchPersistentContext(userDataDir)) - Profile data is stored at
~/.camofox/profiles/{userId}/(override viaCAMOFOX_PROFILES_DIR) - Idle user contexts are closed via LRU eviction (profile data remains on disk)
Base URL: http://localhost:9377
Note: For any endpoint that targets an existing tab (/tabs/:tabId/...), the server resolves tabId within a userId scope. If you omit userId, you will typically get 404 Tab not found.
| Method | Endpoint | Description | Required | Auth |
|---|---|---|---|---|
| POST | /sessions/:userId/cookies |
Import cookies into a user session (Playwright cookie objects) | Path: userId; Body: { "cookies": Cookie[] } |
Authorization: Bearer $CAMOFOX_API_KEY |
| GET | /health |
Health check (also pre-launches the browser) | None | None |
| GET | /presets |
List available geo presets (built-in + custom) | None | None |
| POST | /tabs |
Create a new tab (supports preset + per-field overrides) |
Body: userId + (sessionKey or listItemId) |
None |
| GET | /tabs?userId=... |
List all tabs for a user (OpenClaw-compatible response shape) | Query: userId |
None |
| POST | /tabs/:tabId/navigate |
Navigate to a URL, or expand a search macro + query |
Body: userId + (url or macro) |
None |
| GET | /tabs/:tabId/snapshot?userId=... |
Accessibility snapshot annotated with eN element refs |
Query: userId |
None |
| POST | /tabs/:tabId/wait |
Wait for page readiness (DOM + optional network idle) | Body: userId |
None |
| POST | /tabs/:tabId/click |
Click by ref (e.g. e12) or CSS selector |
Body: userId + (ref or selector) |
None |
| POST | /tabs/:tabId/type |
Type into an element by ref or CSS selector |
Body: userId + (ref or selector) + text |
None |
| POST | /tabs/:tabId/press |
Press a key (e.g. Enter, Escape) |
Body: userId + key |
None |
| POST | /tabs/:tabId/scroll |
Scroll up/down/left/right by pixels | Body: userId |
None |
| POST | /tabs/:tabId/scroll-element |
Scroll specific element into view | Body: userId, ref/selector | None |
| POST | /tabs/:tabId/back |
Go back | Body: userId |
None |
| POST | /tabs/:tabId/forward |
Go forward | Body: userId |
None |
| POST | /tabs/:tabId/refresh |
Refresh | Body: userId |
None |
| GET | /tabs/:tabId/links?userId=...&limit=50&offset=0 |
Extract links (paginated) | Query: userId |
None |
| GET | /tabs/:tabId/screenshot?userId=...&fullPage=true |
Screenshot (PNG bytes) | Query: userId |
None |
| GET | /tabs/:tabId/stats?userId=... |
Tab stats + visited URLs | Query: userId |
None |
| DELETE | /tabs/:tabId |
Close a tab (expects JSON body: { "userId": "..." }) |
Body: userId |
None |
| DELETE | /tabs/group/:listItemId |
Close a tab group (expects JSON body: { "userId": "..." }) |
Body: userId |
None |
| DELETE | /sessions/:userId |
Close all sessions for a user | Path: userId |
None |
| GET | /tabs/:tabId/cookies |
Export tab cookies | Query: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| GET | /tabs/:tabId/downloads |
List tab downloads | Query: userId |
None |
| GET | /users/:userId/downloads |
List user downloads | Path: userId |
None |
| GET | /downloads/:downloadId |
Download metadata | Query: userId |
None |
| GET | /downloads/:downloadId/content |
Stream download content | Query: userId |
None |
| DELETE | /downloads/:downloadId |
Delete tracked download | Body or Query: userId |
None |
| POST | /tabs/:tabId/extract-resources |
Extract downloadable resources | Body: userId |
None |
| POST | /tabs/:tabId/batch-download |
Batch download resources | Body: userId |
None |
| POST | /tabs/:tabId/resolve-blobs |
Resolve blob URLs to base64 | Body: userId + urls[] |
None |
| POST | /tabs/:tabId/trace/start |
Start trace recording | Body: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| POST | /tabs/:tabId/trace/stop |
Stop and save trace ZIP | Body: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| POST | /tabs/:tabId/trace/chunk/start |
Start trace chunk | Body: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| POST | /tabs/:tabId/trace/chunk/stop |
Stop chunk and save ZIP | Body: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| GET | /tabs/:tabId/trace/status |
Check trace status | Query: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| GET | /tabs/:tabId/console |
Get console messages | Query: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| GET | /tabs/:tabId/errors |
Get uncaught JS errors | Query: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
| POST | /tabs/:tabId/console/clear |
Clear console + errors | Body or Query: userId |
Conditional: Authorization: Bearer $CAMOFOX_API_KEY |
POST /sessions/:userId/toggle-display
{"headless": "virtual"}Switch browser between headless and headed mode. When encountering CAPTCHAs or issues requiring visual interaction, switch to headed mode to show the browser window.
Returns:
{"ok": true, "headless": "virtual", "vncUrl": "http://localhost:6080/vnc.html?autoconnect=true&resize=scale&token=...", "message": "Browser visible via VNC", "userId": "agent1"}Note: This restarts the browser context. All tabs are invalidated but cookies/auth state persist via the persistent profile.
When the display mode is set to "virtual" or false, the server automatically starts a VNC viewer accessible via web browser.
# 1. Switch to virtual mode
POST /sessions/:userId/toggle-display
{"headless": "virtual"}
# Response includes vncUrl ā open in browser to see Firefox
# 2. Solve CAPTCHA or interact with the browser
# 3. Switch back to headless
POST /sessions/:userId/toggle-display
{"headless": true}
# VNC automatically stopsThe VNC session auto-terminates after 2 minutes (configurable via CAMOFOX_VNC_TIMEOUT_MS).
Execute a JavaScript expression in the page context and return the JSON-serializable result.
Auth: required only when CAMOFOX_API_KEY is set on the server; otherwise no auth is required.
Note: async expressions must be wrapped in an async IIFE (for example, (async () => { ... })()). Top-level await is not supported.
POST /tabs/:tabId/evaluate
{"userId": "agent1", "expression": "document.title"}Returns: {"ok": true, "result": "Page Title", "resultType": "string", "truncated": false}
Execute a long-running JavaScript expression (up to 300s timeout). Conditionally API-key protected. Rate limited.
Auth: required only when CAMOFOX_API_KEY is set on the server; otherwise no auth is required.
Note: async expressions must be wrapped in an async IIFE (for example, (async () => { ... })()). Top-level await is not supported.
POST /tabs/:tabId/evaluate-extended
{"userId": "agent1", "expression": "(async () => { const response = await fetch('/api/data'); return await response.json(); })()", "timeout": 60000}Returns: {"ok": true, "result": {...}, "resultType": "object", "truncated": false}
OpenClaw-compatible aliases (used by the OpenClaw plugin).
| Method | Endpoint | Description | Required | Auth |
|---|---|---|---|---|
| GET | / |
Status (alias of /health) |
None | None |
| POST | /tabs/open |
Open tab (OpenClaw request/response shape) | Body: userId + url |
None |
| POST | /start |
Start browser engine | None | None |
| POST | /stop |
Stop browser engine | None | x-admin-key: $CAMOFOX_ADMIN_KEY |
| POST | /navigate |
Navigate (OpenClaw request shape: targetId in body) |
Body: userId + targetId + url |
None |
| GET | /snapshot?userId=...&targetId=... |
Snapshot (OpenClaw response shape) | Query: userId + targetId |
None |
| POST | /act |
Combined actions (click, type, press, scroll, scrollIntoView, hover, wait, close) |
Body: userId + targetId + kind |
None |