Create, manage, and launch isolated browser profiles with unique fingerprints.
Free, self-hosted alternative to Multilogin, GoLogin, and AdsPower.
Each profile is an isolated CloakBrowser instance with its own fingerprint, proxy, cookies, and session data. Profiles persist across restarts. Everything runs in one Docker container.
docker run -p 8080:8080 -v cloakprofiles:/data cloakhq/cloakbrowser-managerOr build from source:
git clone https://github.com/CloakHQ/CloakBrowser-Manager.git
cd CloakBrowser-Manager
docker compose up --buildOpen http://localhost:8080 in your browser. Create a profile. Click Launch. Done.
Early alpha — this project is under active development. Expect bugs. If you find one, please open an issue.
A VPN only changes your IP. Incognito only clears cookies. Chrome profiles share the same hardware fingerprint underneath. Platforms use 50+ signals to link your accounts — canvas, WebGL, audio, GPU, fonts, screen size, timezone.
Each CloakBrowser profile generates a completely different device identity. To the website, each profile looks like a different computer.
| Solution | What it changes | Accounts linked? |
|---|---|---|
| VPN | IP address only | Yes — same fingerprint |
| Incognito | Clears cookies | Yes — same fingerprint |
| Chrome profiles | Separate bookmarks/cookies | Yes — same hardware fingerprint |
| CloakBrowser | Everything — full device identity per profile | No |
- Profile management — create, edit, delete browser profiles with unique fingerprints
- Per-profile settings — fingerprint seed, proxy, timezone, locale, user agent, screen size, platform
- One-click launch/stop — each profile runs as an isolated CloakBrowser instance
- Session persistence — cookies, localStorage, and cache survive browser restarts
- In-browser viewing — interact with launched browsers via noVNC, directly in the web GUI
- Playwright/Puppeteer API — connect to any running profile programmatically via CDP, while still watching it live in the browser
- Optional authentication — protect the web UI and API with a single token, or run wide open locally
- Powered by CloakBrowser — 32 source-level C++ patches, passes Cloudflare Turnstile, 0.9 reCAPTCHA v3 score
- Backend: FastAPI (Python)
- Frontend: React + Tailwind CSS
- Browser viewer: noVNC (WebSocket-based VNC client)
- Database: SQLite
- Browser engine: CloakBrowser (stealth Chromium binary)
cd backend
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
uvicorn main:app --reload --port 8080cd frontend
npm install
npm run devdocker compose up --build- Docker (20.10+)
- ~2 GB disk (image + binary)
- ~512 MB RAM per running profile
Pull the latest image and restart:
docker pull cloakhq/cloakbrowser-manager
docker stop <container-id>
docker run -p 8080:8080 -v cloakprofiles:/data cloakhq/cloakbrowser-managerYour profiles and session data are stored in the cloakprofiles volume and persist across updates.
Every running profile exposes a CDP (Chrome DevTools Protocol) endpoint. Connect Playwright or Puppeteer to automate a profile while watching it live in the browser.
from playwright.async_api import async_playwright
async with async_playwright() as pw:
browser = await pw.chromium.connect_over_cdp(
"http://localhost:8080/api/profiles/<profile-id>/cdp"
)
page = browser.contexts[0].pages[0]
await page.goto("https://example.com")const { chromium } = require("playwright");
const browser = await chromium.connectOverCDP(
"http://localhost:8080/api/profiles/<profile-id>/cdp"
);
const page = browser.contexts()[0].pages()[0];
await page.goto("https://example.com");The CDP URL is available in the toolbar (code icon) when a profile is running. The same browser session is accessible both visually through VNC and programmatically through the API.
The container binds to localhost only. To access from a remote server:
ssh -L 8080:localhost:8080 your-serverThen open http://localhost:8080.
By default, there is no authentication (ideal for local use). To protect the web UI and API when hosting on a network, set the AUTH_TOKEN environment variable:
docker run -p 8080:8080 -v cloakprofiles:/data -e AUTH_TOKEN=your-secret-token cloakhq/cloakbrowser-managerOr in docker-compose.yml:
environment:
- AUTH_TOKEN=your-secret-tokenWhen AUTH_TOKEN is set:
- The web UI shows a login page. Enter the token to unlock.
- API consumers pass the token via
Authorization: Bearer <token>header. - VNC WebSocket connections are authenticated via the login cookie.
- The
/api/statusendpoint remains unauthenticated (for Docker healthcheck).
Note: The auth token is transmitted in cleartext over HTTP. If you expose the Manager to the internet, put it behind a reverse proxy with HTTPS (Caddy, nginx, Traefik).
- This application (GUI source code) — MIT. See LICENSE.
- CloakBrowser binary (compiled Chromium) — free to use, no redistribution. See BINARY-LICENSE.md.
The GUI application requires the CloakBrowser Chromium binary to function. The binary is automatically downloaded on first launch and is governed by its own license terms. If you fork or redistribute this application, your users must comply with the CloakBrowser Binary License.
Contributions are welcome. Please open an issue first to discuss what you'd like to change.
- CloakBrowser — github.com/CloakHQ/CloakBrowser
- Website — cloakbrowser.dev
- Bug reports — GitHub Issues
- Contact — cloakhq@pm.me