┌───────────────────────────┐ │ Standard Script Request │ └─────────────┬─────────────┘ │ ▼ [ navigator.webdriver = true ] [ plugins.length = 0 ] │ ▼ ┌───────────────────────────┐ │ bot.sannysoft.com │ │ (Detection Triggered) │ └───────────────────────────┘ │ ┌───────────────────────────┴───────────────────────────┐ ▼ ▼ [ Traditional Fixes ] [ Next-Gen Emulation ] - Python `selenium-stealth` - Dockerized Android Containers (Damru) - NodeJS `puppeteer-extra-plugin-stealth` - Bare-metal OS-level masking - Undetected Chromedriver patches
// add stealth plugin and use defaults (all evasion techniques) const StealthPlugin = require('puppeteer-extra-plugin-stealth'); puppeteer.use(StealthPlugin());
Understanding bot.sannysoft.com: The Benchmark for Stealth Automation
✅ – use headless: false or headless: 'new' ✅ Use stealth plugins – puppeteer-extra-plugin-stealth ✅ Set realistic viewport – width: 1920, height: 1080 ✅ Mock navigator.webdriver to false ✅ Add fake plugins – Chrome has at least 5 plugins ✅ Override navigator.permissions.query ✅ Use a real user agent string (match OS/browser) bot.sannysoft
Sannysoft emerged as a critical tool for developers to test if their "stealth" bots were actually as invisible as they thought. The site runs a series of sophisticated tests to see if a browser is lying about its identity.
The developers concluded that these failures "would cause blocks on strict anti-bot sites" such as Cloudflare and DataDome. Even though the developers thought they had hidden the bot, the test revealed telltale signs that would lead to immediate blocking on many commercial websites.
| Test | URL | Purpose | |------|-----|---------| | Recaptcha Score | antcpt.com | Evaluates your reCAPTCHA v3 score | | AreYouHeadless | antoinevastel.com | Tests for headless browser-specific fingerprints | | Datadome | datadome.co | Simulates checks performed by DataDome's bot protection | | PixelScan | pixelscan.net | Analyzes browser characteristics for automation signs | Even though the developers thought they had hidden
(async () => // Launch the browser with stealth plugin const browser = await puppeteer.launch( headless: false ); const page = await browser.newPage();
Management debated deleting it. But the lead engineer, an old woman named Dr. Imani, shook her head. “Let it stay,” she said. “We keep telling bots to think like humans. This one learned to feel like one.”
When you navigate to the site, it generates a real-time checklist. A normal, commercial browser will pass all tests with clean green indicators. An unoptimized automation script, however, will light up with red flags, indicating that modern web application firewalls (WAFs) can easily block your script. Key Tests Handled by Bot.Sannysoft Imani, shook her head
For Selenium users, a simpler but sometimes effective solution involves using Chrome command-line flags. The most important flag is --disable-blink-features=AutomationControlled . This flag prevents Chromium's Blink engine from setting the navigator.webdriver property to true . However, as ZenRows points out, while this improvement is significant, it has limitations: "The User-Agent header still contains the HeadlessChrome flag, which fails the User-Agent test".
This is the simplest and most common giveaway. Standard automation tools automatically set the navigator.webdriver property to true . Sannysoft checks this property directly. If it is exposed, any anti-bot script will instantly block the request. 2. Chrome Headless Signatures
Bot.Sannysoft isn't an anti-bot shield itself, but it is the perfect mirror. If your script can't get a "green" score on this site, it will almost certainly be blocked by high-traffic websites. Use it to iterate on your configuration until your bot looks just like any other user. Are you having trouble with a specific detection flag on the Sannysoft results page?