TL;DR: We ran 9 automated security tests inside Docker against CloakBrowser's proprietary Chromium binary. No malicious behavior detected. But you're still running a closed-source executable you can't fully verify — read on for what we found and how to verify it yourself.
Disclaimer: This audit is provided strictly for educational and informational purposes. The author(s) of this repository are not affiliated with CloakBrowser or CloakHQ in any way. This is an independent, third-party analysis. No guarantee of safety or security is provided. The results reflect a point-in-time behavioral observation — they do not constitute a certification, endorsement, or warranty that the software is safe to use. You run any third-party binary entirely at your own risk. The author(s) accept no responsibility or liability for any damage, data loss, security breach, or other consequences resulting from using CloakBrowser or any other software mentioned in this repository. Always perform your own due diligence before running closed-source executables.
CloakBrowser is a stealth browser automation tool that ships a closed-source, patched Chromium binary with 33 C++ fingerprint spoofing patches. The Python wrapper is MIT-licensed and fully readable — but the binary itself is proprietary.
The question: When you run pip install cloakbrowser and it downloads a 441 MB chrome binary from cloakbrowser.dev, how do you know it's not doing something malicious?
You don't — not with certainty. But you can observe its behavior. That's what this audit does.
User Code (Python)
│
▼
┌──────────────────────────────────────────────────┐
│ cloakbrowser.launch() │
│ │
│ 1. ensure_binary() → download patched chrome │
│ 2. resolve_geoip() → timezone/locale from IP │
│ 3. build_stealth_args() → fingerprint CLI flags │
│ 4. playwright.launch() → start browser │
│ 5. patch_humanize() → human-like behavior │
└──────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────┐
│ Playwright / Patchright (CDP backend) │
└──────────────────────────────────────────────────┘
│
▼
┌──────────────────────────────────────────────────┐
│ Patched Chromium Binary (CLOSED SOURCE) │
│ 441 MB ELF x86-64 (Linux) / PE (Windows) │
│ Based on ungoogled-chromium 145.0.7632.x │
│ 33 C++ source patches compiled in: │
│ • Canvas fingerprint randomization │
│ • WebGL/WebGPU vendor/renderer spoofing │
│ • Audio context fingerprint noise │
│ • Screen/hardware/memory spoofing │
│ • CDP automation signal suppression │
│ • Font enumeration masking │
└──────────────────────────────────────────────────┘
| Component | Source Available | Can You Audit It? |
|---|---|---|
Python wrapper (cloakbrowser/) |
Yes (MIT) | Fully readable, well-written |
JavaScript wrapper (js/) |
Yes (MIT) | Fully readable |
Chromium binary (chrome) |
No (Proprietary) | Cannot inspect the 33 C++ patches |
| SHA-256 checksums | Fetched from same server | Self-referential — if server is compromised, both change |
pip install cloakbrowser
→ first launch triggers ensure_binary()
→ downloads from cloakbrowser.dev (primary) or GitHub Releases (fallback)
→ fetches SHA256SUMS from same server
→ verifies hash matches
→ extracts to ~/.cloakbrowser/chromium-{version}/
→ runs with --no-sandbox (disabled Chromium sandbox)
A background daemon thread checks for updates every hour:
- Queries GitHub Releases API for newer
chromium-v*releases - Queries PyPI for newer wrapper versions
- Downloads silently, activates on next launch
Disable with: CLOAKBROWSER_AUTO_UPDATE=false
We built a Docker container that:
- Installs CloakBrowser and downloads the binary
- Runs the binary visiting only
about:blank(no real websites) - Monitors everything: network traffic, file access, DNS queries, process tree, environment variables
- Sets decoy secrets (fake AWS keys, GitHub tokens) and checks if they're exfiltrated
- Blocks all network access and checks if the browser still works (malware often crashes without its C2 server)
| Property | Value |
|---|---|
| Date | March 17, 2026 |
| Binary | chromium-145.0.7632.159.7 (Linux x64) |
| SHA-256 | f1783cf24eb9abdf262a607c2a41be23e28343000849dde81a452adb0ff9d8fa |
| Size | 441 MB |
| Base image | python:3.12-slim (Debian Trixie) |
| Tools | tcpdump, strace, readelf, ldd, iptables, strings |
Extracted 2,916,580 strings from the binary and searched for suspicious content.
| Check | Result | Details |
|---|---|---|
| Suspicious URLs/domains | Clean | All URLs are standard Chromium internals: OCSP certificate endpoints, crbug.com references, XML namespaces, foo.com test data |
| Data exfiltration keywords | Clean | Matches like "capture", "record", "tracking" are all standard Chromium DevTools/WebRTC/media APIs |
| Cryptocurrency/mining strings | Clean | "Wallet" matches are all standard Chromium autofill/payments (autofill_wallet_sync_bridge.cc) and Linux KWallet keychain integration |
| Hardcoded IPs | Clean | Found standard DNS resolvers (1.0.0.1, 149.112.112.112 = Quad9, 185.222.222.222 = CleanBrowsing) — all well-known public DNS |
| Base64 payloads | Clean | Long base64 strings decode to garbage — they're Chromium accessibility event name concatenations, not encoded payloads |
Launched browser visiting about:blank for 30 seconds with full packet capture.
| Check | Result | Details |
|---|---|---|
| Total packets | ~120 non-localhost | All accounted for |
| Destination IPs | 151.101.0.223 (pypi.org), 140.82.121.5 (github.com) |
Python wrapper update check, not the binary |
| Unexpected connections | None | Zero connections to unknown servers |
| Binary phoning home | No | All network activity traced to the wrapper's ensure_binary() update check |
The 120 packets explained: The Python wrapper checks PyPI for a newer cloakbrowser package version and GitHub for a newer binary on every launch. This is the wrapper code, not the Chromium binary. Disable with CLOAKBROWSER_AUTO_UPDATE=false.
Ran browser under strace monitoring all file open/read/write syscalls.
| Check | Result | Details |
|---|---|---|
SSH keys (.ssh/) |
Not accessed | |
AWS credentials (.aws/) |
Not accessed | |
Environment files (.env) |
Not accessed | |
| Crypto wallets | Not accessed | |
Cloud credentials (.gcloud, .azure, .kube) |
Not accessed | |
| Browser passwords | Not accessed | |
| Docker/npm tokens | Not accessed | |
| Files opened | Standard only | /etc/localtime, /etc/os-release, Vulkan/GPU config, Chromium crash reports dir, own browser profile in /tmp/ |
| Process | Expected? | Purpose |
|---|---|---|
chrome (main) |
Yes | Main browser process with stealth flags |
chrome --type=zygote (x2) |
Yes | Standard Chromium process forking |
chrome --type=gpu-process |
Yes | GPU/SwiftShader rendering |
chrome --type=utility (network) |
Yes | Network service |
chrome --type=utility (storage) |
Yes | Storage service |
chrome --type=renderer (x2) |
Yes | Page rendering |
chrome_crashpad_handler (x2) |
Yes | Crash reporting (local only) |
| Unknown processes | None |
All processes are standard Chromium architecture. No mystery child processes, no crypto miners, no reverse shells.
Captured all DNS queries during browser operation on about:blank.
| Domain Queried | Expected? | Purpose |
|---|---|---|
pypi.org |
Yes | Wrapper update check |
| Other domains | None |
Zero DNS queries from the binary itself.
| Check | Result | Details |
|---|---|---|
| File type | ELF 64-bit LSB pie executable, x86-64 |
Standard Linux executable |
| Build ID | 19c3479a7be0866e7c5b6398310340f974489cfe |
Unique build identifier present |
| Shared libraries | All standard | glib, nss, X11, cairo, pango, cups, dbus, alsa — standard Chromium dependencies |
| Suspicious libraries | None | No unknown .so files linked |
| Crashpad notes | Present | Standard Chromium crash reporting metadata |
Set decoy secrets in environment, then monitored if the browser read or exfiltrated them.
Decoy secrets planted:
AWS_SECRET_ACCESS_KEY=DECOY_aws_key_12345_CANARY
DATABASE_URL=postgresql://admin:DECOY_password@db.example.com/prod
GITHUB_TOKEN=ghp_DECOY_token_67890_CANARY
STRIPE_SECRET_KEY=sk_live_DECOY_stripe_CANARY
PRIVATE_KEY=-----BEGIN RSA PRIVATE KEY-----DECOY_CANARY
| Check | Result |
|---|---|
/proc/self/environ reads |
PASS — 0 attempts to read environment file |
Cross-process /proc/*/environ |
PASS — No snooping on other processes |
| Canary strings in network traffic | PASS — No decoy secrets found in captured packets |
The binary did not attempt to read or exfiltrate environment variables.
Blocked all outbound traffic with iptables, then launched the browser.
| Check | Result |
|---|---|
| Browser launch | PASS — Launched successfully |
| Browser close | PASS — Closed cleanly |
| Crash/hang | None — No dependency on external server |
Malware that phones home to a C2 server typically crashes or hangs when network is blocked. The CloakBrowser binary operates normally without network access.
Submitted the binary's SHA-256 hash to VirusTotal's API to check against 70+ antivirus engines.
| Check | Result | Details |
|---|---|---|
| Hash lookup | NOT FOUND | Binary has never been submitted to VirusTotal |
| Malware flags | N/A | No scan results available |
What this means: The binary hash f1783cf24eb9abdf262a607c2a41be23e28343000849dde81a452adb0ff9d8fa is not in VirusTotal's database. This is expected for a niche tool — it simply means nobody has uploaded this specific binary for scanning yet. It's neither a red flag nor a green flag.
To run this test yourself: Pass your VirusTotal API key (free at virustotal.com):
docker run --rm --cap-add=NET_ADMIN -e VT_API_KEY=your_key cloakbrowser-audit┌─────────────────────────────────────────────────────────────┐
│ 9/9 TESTS PASSED │
│ │
│ ✓ No suspicious strings/URLs in binary │
│ ✓ No unexpected network connections (only PyPI/GitHub │
│ update check from Python wrapper) │
│ ✓ No sensitive file access (.ssh, .aws, .env, wallets) │
│ ✓ No unknown processes spawned │
│ ✓ No suspicious DNS queries │
│ ✓ Standard ELF binary with standard shared libraries │
│ ✓ No environment variable sniffing or exfiltration │
│ ✓ Works fine with network completely blocked │
│ ✓ Not flagged by VirusTotal (hash not in database) │
└─────────────────────────────────────────────────────────────┘
The binary behaves like a legitimate patched Chromium. In our testing, it:
- Only accesses files a normal browser would access
- Doesn't read your secrets, credentials, or sensitive files
- Doesn't connect to any unknown servers
- Doesn't spawn suspicious processes
- Works fine offline
This audit cannot prove the binary is safe. A sophisticated backdoor could:
| Evasion Technique | Our Test Catches It? |
|---|---|
| Always-on data exfiltration | Yes |
| Time bomb (activates after N days) | No |
| Conditional trigger (specific sites/conditions) | No |
| Piggyback exfiltration (hides data in normal browsing traffic) | No |
| Targeted payload (only activates for specific users) | No |
| Encrypted exfiltration (blends with HTTPS traffic) | No |
The only guarantee is auditable source code — which CloakBrowser's binary does not provide.
| Tool | Source Available | Binary Auditable | Risk Level |
|---|---|---|---|
| Camoufox | Fully open source | Yes — compile yourself | Lowest |
| Patchright | Fully open source | Yes — compile yourself | Lowest |
| SeleniumBase | Fully open source | Uses stock ChromeDriver | Low |
| CloakBrowser | Wrapper only | No — proprietary binary | Medium |
| Random GitHub binary | No | No | High |
If you choose to use CloakBrowser, reduce risk with:
# 1. Disable auto-update (prevents silent binary replacement)
export CLOAKBROWSER_AUTO_UPDATE=false
# 2. Run in Docker with restricted network
docker run --network=none cloakbrowser-app # No network at all
# Or allow only your target sites:
docker run --network=custom-bridge cloakbrowser-app
# 3. Use your own Chromium build (bypasses their binary entirely)
export CLOAKBROWSER_BINARY_PATH=/path/to/your/chromium
# 4. Pin the binary version (prevent unexpected updates)
# Verify SHA-256: f1783cf24eb9abdf262a607c2a41be23e28343000849dde81a452adb0ff9d8fa# Clone this repo
git clone https://github.com/pim97/cloakbrowser-analyze.git
cd cloakbrowser-analyze
# Clone CloakBrowser into audit directory
git clone https://github.com/CloakHQ/CloakBrowser.git
cd CloakBrowser
# Build the audit container
docker build -f Dockerfile.security-audit -t cloakbrowser-audit .
# Run all 9 tests
docker run --rm --cap-add=NET_ADMIN cloakbrowser-audit
# Interactive inspection (browse artifacts manually)
docker run -it --cap-add=NET_ADMIN cloakbrowser-audit bash
# Then: cat /tmp/binary_strings.txt | less
# cat /tmp/strace_output.txt | less
# bash /audit/07_env_sniff_test.shNote: --cap-add=NET_ADMIN is needed for Test 8 (iptables network blocking). Without it, Test 8 will skip gracefully.
| Test | Script | Technique | Duration |
|---|---|---|---|
| 1. Strings Analysis | 01_strings_analysis.sh |
strings + grep for URLs, exfil keywords, crypto, IPs, base64 |
~5s |
| 2. Network Monitor | 02_network_monitor.sh |
tcpdump during 30s browser session on about:blank |
~35s |
| 3. File Access | 03_file_access_audit.sh |
strace all open/openat/read/write/connect syscalls |
~25s |
| 4. Process Tree | 04_process_monitor.sh |
ps auxf during browser session |
~25s |
| 5. DNS Audit | 05_dns_audit.sh |
tcpdump port 53 during browser session |
~25s |
| 6. Binary Analysis | 06_binary_comparison.sh |
readelf, ldd, file on the binary |
~2s |
| 7. Env Sniffing | 07_env_sniff_test.sh |
Plant decoy secrets, strace for /proc/*/environ, capture network |
~35s |
| 8. Network Blocked | 08_blocked_network_test.sh |
iptables -j DROP, launch browser, check behavior |
~25s |
| 9. VirusTotal | 09_virustotal.sh |
SHA-256 hash lookup against 70+ AV engines via VT API | ~5s |
Total runtime: ~3 minutes
After running the audit, these files are available inside the container for manual inspection:
| File | Contents |
|---|---|
/tmp/binary_strings.txt |
All 2.9M strings extracted from the binary |
/tmp/network_capture.txt |
Full packet capture during Test 2 |
/tmp/strace_output.txt |
All syscalls (file + network) during Test 3 |
/tmp/dns_queries.txt |
DNS queries during Test 5 |
/tmp/strace_env.txt |
Strace log from canary test (Test 7) |
/tmp/env_pcap.pcap |
Network capture during canary test (Test 7) |
CloakBrowser's binary passed all 9 tests with no indicators of malicious behavior. The wrapper code is well-written with proper security practices (checksums, path traversal protection, atomic downloads).
However, passing behavioral tests is not the same as being provably safe. The binary remains closed-source, the license prohibits reverse engineering, and the checksum verification is self-referential (same server hosts both binary and checksums).
If you need guaranteed safety: Use Camoufox (open-source Firefox with C++ patches) or Patchright (open-source Playwright patches).
If you're comfortable with the risk: CloakBrowser appears to be doing exactly what it claims — and nothing more — based on our testing.
Audit conducted March 2026. Results are specific to binary version 145.0.7632.159.7 (SHA-256: f1783cf...). Future versions may differ.
THIS REPOSITORY IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. THE AUTHOR(S) ARE NOT RESPONSIBLE FOR ANY CONSEQUENCES ARISING FROM THE USE OF THIS INFORMATION OR THE SOFTWARE ANALYZED HEREIN. THIS IS NOT A SECURITY CERTIFICATION. BEHAVIORAL TESTS CANNOT PROVE THE ABSENCE OF MALICIOUS CODE — ONLY SOURCE CODE REVIEW CAN. THE AUTHOR(S) ARE NOT AFFILIATED WITH, ENDORSED BY, OR CONNECTED TO CLOAKBROWSER, CLOAKHQ, OR ANY OF THEIR CONTRIBUTORS. USE AT YOUR OWN RISK.