unrevealed

package module
v1.0.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 9, 2026 License: MIT Imports: 25 Imported by: 0

README

Unrevealed

Undetected Chrome for go-rod.

Bypasses bot detection by launching Chrome with stealth flags and injecting anti-detection JS via CDP. Passes Cloudflare Turnstile (as of 27.02.2026). Inspired by carl0smat3us/undetected, rewritten in Go for ThugHunter.

Install

go get github.com/smegg99/unrevealed
Direct Mode (default)

Chrome is launched directly and controlled through its native DevTools Protocol (CDP) WebSocket. Stealth flags remove automation markers at the Chrome level, and injected JS scripts patch any remaining fingerprinting leaks (navigator.webdriver, window.chrome.runtime, WebGL, canvas, etc.).

ctx := context.Background()

browser, err := unrevealed.New(ctx, unrevealed.Config{
    Headless: true,
})
if err != nil {
    log.Fatal(err)
}
defer browser.Close()

page := browser.MustPages()[0]
unrevealed.Stealth(page)
page.MustNavigate("https://bot.sannysoft.com/").MustWaitStable()
ChromeDriver Mode

When you need ChromeDriver (e.g., for Selenium-compatible workflows), set PatchChromeDriver: true. This automatically downloads a ChromeDriver binary matching your Chrome version, patches it to remove the cdc_ automation marker that ChromeDriver injects into every page it controls, and uses it to launch Chrme. The patched binary is cleaned up on browser.Close().

ctx := context.Background()

browser, err := unrevealed.New(ctx, unrevealed.Config{
    Headless:          true,
    PatchChromeDriver: true,
})
if err != nil {
    log.Fatal(err)
}
defer browser.Close()

page := browser.MustPages()[0]
unrevealed.Stealth(page)
page.MustNavigate("https://bot.sannysoft.com/").MustWaitStable()

You can also supply a pre-patched binary directly:

browser, err := unrevealed.New(ctx, unrevealed.Config{
    ChromeDriverPath: "/path/to/patched/chromedriver",
})
Virtual Display (Xvfb)

On Linux, set VirtualDisplay: true to run Chrome in a virtual X11 display via Xvfb. This gives you a full headed browser environment without needing a physical display, some bot protections can be avoided this way. Headless mode is automatically disabled when using a virtual display.

browser, err := unrevealed.New(ctx, unrevealed.Config{
    VirtualDisplay: true,
    NoSandbox:      true,
})

Requires Xvfb to be installed.

Minimal Mode

Set Minimal: true to block visual/resource-heavy requests (CSS, images, fonts, media, manifests, text tracks, prefetch, ping) browser-wide via CDP request hijacking. HTML and JS keep working normally. Might trigger bot detections that check for missing resources, but can speed up page loads and reduce memory usage when you only care about HTML/JS.

browser, err := unrevealed.New(ctx, unrevealed.Config{
    Headless: true,
    Minimal:  true,
})

You can also block specific files by name:

browser, err := unrevealed.New(ctx, unrevealed.Config{
    Headless:       true,
    Minimal:        true,
    BlockFilenames: []string{"analytics.js", "pendo.js"},
})
Browser Memory

BrowserMemory() returns the aggregated RSS and VMS of the entire browser process tree (root + all child processes), using the OS process table — not just Go runtime memory.

stats, err := browser.BrowserMemory()
if err != nil {
    log.Fatal(err)
}
fmt.Printf("Browser RSS: %d MB\n", stats.RSS/1024/1024)

License

MIT

Documentation

Overview

browser.go

launch_chromedriver.go

launch_direct.go

patcher.go

patcher_binary.go

patcher_fetch.go

patcher_platform.go

stealth.go

Index

Constants

This section is empty.

Variables

View Source 
var ErrCDCNotFound = errors.New("cdc pattern not found in chromedriver binary")

ErrCDCNotFound is returned when the ChromeDriver binary does not contain the cdc_ automation marker. The binary may be already patched or from an unsupported ChromeDriver version.

Functions

func ChromeMajorVersion 

func ChromeMajorVersion(path string) (int, error)

ChromeMajorVersion returns the major version number of Chrome at the given path.

func ChromeVersion 

func ChromeVersion(path string) (string, error)

ChromeVersion returns the full version string (e.g., "120.0.6099.109").

func DeleteFlags 

func DeleteFlags() []string

DeleteFlags returns Chrome flags that should be removed from launch arguments to avoid detection (typically added by automation libraries).

func FindChrome 

func FindChrome() (string, error)

FindChrome locates a Chrome or Chromium executable on the system.

func Stealth 

func Stealth(page *rod.Page) error

Stealth injects anti-detection scripts into a rod page. Call before navigating. Scripts persist across navigations.

func StealthFlags 

func StealthFlags() map[string]string

StealthFlags returns Chrome command-line flags for stealth operation. Keys are flag names, values are flag values (empty string for boolean flags).

func StealthScripts 

func StealthScripts() []string

StealthScripts returns JavaScript snippets to inject via CDP Page.addScriptToEvaluateOnNewDocument for bot detection evasion.

Types

type Browser added in v1.0.2 

type Browser struct {
	*rod.Browser
	// contains filtered or unexported fields
}

Browser wraps a rod.Browser with the underlying Chrome process, providing safe cleanup via Browser.Close.

func New 

func New(ctx context.Context, cfg Config) (*Browser, error)

New launches a stealth-configured Chrome and connects go-rod to it. Set [Config.PatchChromeDriver] or [Config.ChromeDriverPath] to launch through a patched ChromeDriver instead of directly.

func (*Browser) BrowserMemory added in v1.0.4 

func (b *Browser) BrowserMemory() (MemoryStats, error)

BrowserMemory returns the aggregated RSS and VMS for the browser's entire process tree (root process + all descendants). Returns an error if the browser process is not running.

func (*Browser) Close added in v1.0.2 

func (b *Browser) Close() error

Close shuts down the browser, kills Chrome, and removes temporary files. Safe to call multiple times.

func (*Browser) Minimal added in v1.0.4 

func (b *Browser) Minimal(page *rod.Page) error

Minimal sets up page-level request hijacking that blocks visual/resource-heavy CDP types (Stylesheet, Image, Font, Media, Manifest, TextTrack, Prefetch, Ping). Call before navigating. For browsers launched with [Config.Minimal], this is applied automatically to the default page; call it manually for additional pages.

type Config 

type Config struct {
	ChromePath        string        // Path to Chrome executable. Auto-detected if empty.
	Headless          bool          // Run in headless mode. Default true unless VirtualDisplay is enabled.
	VirtualDisplay    bool          // Use Xvfb virtual display. Implies Headless=false. Default false. Tested on Linux only.
	UserDataDir       string        // Custom user data directory. Auto-created if empty.
	ExtraArgs         []string      // Additional command-line arguments to pass to Chrome.
	WindowWidth       int           // Initial window width. Default 1920.
	WindowHeight      int           // Initial window height. Default 1080.
	Language          string        // Browser language (Accept-Language). Default "en-US".
	ConnectTimeout    time.Duration // Timeout for connecting to Chrome. Default 15s.
	NoSandbox         bool          // Add --no-sandbox flag. Required in some environments (e.g. root on Linux).
	ChromeDriverPath  string        // Path to ChromeDriver executable. If set, will launch through ChromeDriver instead of directly.
	PatchChromeDriver bool          // Whether to patch ChromeDriver for stealth. Only applies if ChromeDriverPath is not set. Default false.
	Minimal           bool          // Block visual/resource-heavy requests (CSS, images, fonts, media, etc.) browser-wide. Default false.
	BlockFilenames    []string      // Optional list of filenames to block regardless of type (e.g. "analytics.js"). Case-insensitive.
}

Config controls the behavior of the undetected browser.

type MemoryStats added in v1.0.4 

type MemoryStats struct {
	RSS uint64 // Resident Set Size in bytes (sum of entire process tree).
	VMS uint64 // Virtual Memory Size in bytes (sum of entire process tree).
}

MemoryStats holds aggregated memory information for the browser process tree.

type Patcher 

type Patcher struct {
	MajorVersion int
	DriverPath   string
	DataDir      string

	// MaxDownloadSize is the maximum permitted archive size in bytes.
	// Default: 100 MB.
	MaxDownloadSize int64

	// ExpectedSHA256 optionally pins the download to a specific hash.
	// When non-empty, Run verifies the downloaded archive matches this
	// hex-encoded SHA256 digest.
	ExpectedSHA256 string

	// DownloadSHA256 is populated after Run with the hex-encoded SHA256
	// of the downloaded archive. Can be used for auditing or pinning.
	DownloadSHA256 string
	// contains filtered or unexported fields
}

Patcher downloads and patches a ChromeDriver binary to remove automation detection markers injected by ChromeDriver into the browser.

func NewPatcher 

func NewPatcher(majorVersion int) *Patcher

NewPatcher creates a patcher for the given Chrome major version.

func (*Patcher) Cleanup 

func (p *Patcher) Cleanup()

Cleanup removes the patched binary from disk.

func (*Patcher) IsPatched 

func (p *Patcher) IsPatched() bool

IsPatched reports whether the binary at DriverPath has been patched.

func (*Patcher) Run 

func (p *Patcher) Run(ctx context.Context) (string, error)

Run downloads the matching ChromeDriver and patches it. Returns the path to the patched binary.

type Xvfb added in v1.0.3 

type Xvfb struct {
	Display string
	// contains filtered or unexported fields
}

func StartXvfb added in v1.0.3 

func StartXvfb(width, height int) (*Xvfb, error)

func (*Xvfb) Close added in v1.0.3 

func (x *Xvfb) Close() error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.