Is Puppeteer stealth dead? Not yet, but its best days are over
None
<p><img decoding="async" src="https://blog.castle.io/content/images/2025/11/download--1-.png" alt="Is Puppeteer stealth dead? Not yet, but its best days are over"></p><p>A few years ago, <a href="https://github.com/berstend/puppeteer-extra?ref=blog.castle.io"><strong>Puppeteer stealth</strong></a> was one of the most popular tools in the automation and scraping ecosystem. Built as a plugin system on top of Puppeteer, it made automated browsers harder to detect by patching obvious fingerprinting artifacts. It also shipped with convenience plugins like ad blockers and integrations with CAPTCHA farms, which made it attractive to both scraper developers and fraud operators, for example, the <a href="https://blog.castle.io/how-to-detect-open-bullet-2-bots-running-in-puppeteer-mode/">Open Bullet 2 credential stuffing software</a> uses a <a href="https://github.com/Overmiind/Puppeteer-sharp-extra?ref=blog.castle.io">C# port</a> of Puppeteer Stealth under the hood.</p><div class="code-block code-block-13" style="margin: 8px 0; clear: both;"> <style> .ai-rotate {position: relative;} .ai-rotate-hidden {visibility: hidden;} .ai-rotate-hidden-2 {position: absolute; top: 0; left: 0; width: 100%; height: 100%;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback, .ai-list-block, .ai-list-block-ip, .ai-list-block-filter {visibility: hidden; position: absolute; width: 50%; height: 1px; top: -1000px; z-index: -9999; margin: 0px!important;} .ai-list-data, .ai-ip-data, .ai-filter-check, .ai-fallback {min-width: 1px;} </style> <div class="ai-rotate ai-unprocessed ai-timed-rotation ai-13-1" data-info="WyIxMy0xIiwxXQ==" style="position: relative;"> <div class="ai-rotate-option" style="visibility: hidden;" data-index="1" data-name="U2hvcnQ=" data-time="MTA="> <div class="custom-ad"> <div style="margin: auto; text-align: center;"><a href="https://www.techstrongevents.com/cruisecon-virtual-west-2025/home?ref=in-article-ad-2&utm_source=sb&utm_medium=referral&utm_campaign=in-article-ad-2" target="_blank"><img src="https://securityboulevard.com/wp-content/uploads/2025/10/Banner-770x330-social-1.png" alt="Cruise Con 2025"></a></div> <div class="clear-custom-ad"></div> </div></div> </div> </div><p>Its popularity is reflected in its GitHub repository, which has accumulated around <strong>7,000 stars</strong>. The growth was steady for years and is still inching upward today, although the trend has started to plateau.</p><figure class="kg-card kg-image-card"><img decoding="async" src="https://blog.castle.io/content/images/2025/11/Screenshot-2025-09-04-at-14.57.14.png" class="kg-image" alt="Is Puppeteer stealth dead? Not yet, but its best days are over" loading="lazy" width="1257" height="757" srcset="https://blog.castle.io/content/images/size/w600/2025/11/Screenshot-2025-09-04-at-14.57.14.png 600w, https://blog.castle.io/content/images/size/w1000/2025/11/Screenshot-2025-09-04-at-14.57.14.png 1000w, https://blog.castle.io/content/images/2025/11/Screenshot-2025-09-04-at-14.57.14.png 1257w" sizes="auto, (min-width: 720px) 720px"></figure><p>Despite this enduring interest, the project itself hasn’t been actively maintained for years. Today, GitHub issues are filled with developers reporting that Puppeteer stealth is detected by most modern defenses.</p><p>Meanwhile, the <a href="https://blog.castle.io/from-puppeteer-stealth-to-nodriver-how-anti-detect-frameworks-evolved-to-evade-bot-detection/">anti-detect landscape has evolved.</a> With the release of a more realistic Headless Chrome, attackers started shifting to newer frameworks like <a href="https://github.com/ultrafunkamsterdam/nodriver?ref=blog.castle.io"><strong>nodriver</strong></a> or <a href="https://github.com/rebrowser/rebrowser-patches?ref=blog.castle.io">Rebrowser patches</a>, which focus on removing subtle Chrome DevTools Protocol (CDP) side effects instead of injecting lies at the JavaScript level.</p><p>This raises the question: is Puppeteer stealth still relevant in 2025, or has it been left behind?</p><h3 id="what-our-data-shows-about-puppeteer-stealth-usage-in-2025">What our data shows about Puppeteer stealth usage in 2025</h3><p>For the purpose of this analysis, it wasn’t enough to simply detect automated browsers in general. We needed a <strong>signal capable of identifying Puppeteer stealth specifically</strong>, and distinguishing it from other frameworks like vanilla Puppeteer or Playwright. That’s what allowed us to measure how much Puppeteer stealth is still used in the wild. While we don’t go into the details of this signal, our <a href="https://docs.castle.io/docs/sdk-browser?ref=blog.castle.io">CastleJS library</a> implements a signal that enables us to uniquely identify Puppeteer stealth due to its side effects.</p><p>Looking at 30 days of traffic in October 2025, we observed around <strong>205,648 events linked to Puppeteer stealth</strong>.</p><figure class="kg-card kg-image-card"><img decoding="async" src="https://blog.castle.io/content/images/2025/11/Screenshot-2025-11-03-at-14.40.49.png" class="kg-image" alt="Is Puppeteer stealth dead? Not yet, but its best days are over" loading="lazy" width="1624" height="272" srcset="https://blog.castle.io/content/images/size/w600/2025/11/Screenshot-2025-11-03-at-14.40.49.png 600w, https://blog.castle.io/content/images/size/w1000/2025/11/Screenshot-2025-11-03-at-14.40.49.png 1000w, https://blog.castle.io/content/images/size/w1600/2025/11/Screenshot-2025-11-03-at-14.40.49.png 1600w, https://blog.castle.io/content/images/2025/11/Screenshot-2025-11-03-at-14.40.49.png 1624w" sizes="auto, (min-width: 720px) 720px"></figure><p>A few things stand out from the data:</p><ul> <li>The activity was concentrated on a small number of customers rather than spread evenly.</li> <li>The main attack types were <strong>credential stuffing</strong>, <strong>fake account creation</strong>, and some <strong>spam</strong> activity.</li> <li>By comparison, during the same period, we detected roughly <strong>10 times more traffic from vanilla Selenium bots</strong>.</li> </ul><p>So while Puppeteer stealth is still present in production traffic, it no longer dominates. For defenders, the takeaway is clear: it remains worth detecting, but the bigger threats today come from other frameworks and simpler automation tools.</p><h3 id="still-worth-detecting-but-no-longer-the-main-threat">Still worth detecting, but no longer the main threat</h3><p>Puppeteer stealth isn’t dead, but it’s past its peak. Attackers still use it, and we continue to see it in credential stuffing and fake account activity, but the volume is modest compared to other frameworks.</p><p>For defenders, this means two things:</p><ul> <li><strong>Don’t ignore it:</strong> it still shows up in real attacks and should be part of your detection coverage.</li> <li><strong>Don’t over-index on it:</strong> newer frameworks like <a href="https://github.com/ultrafunkamsterdam/nodriver?ref=blog.castle.io">Nodriver</a> or <a href="https://github.com/daijro/camoufox?ref=blog.castle.io">Camoufox</a> now represent a bigger share of automated traffic.</li> </ul><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/11/is-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over/" data-a2a-title="Is Puppeteer stealth dead? Not yet, but its best days are over"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fis-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over%2F&linkname=Is%20Puppeteer%20stealth%20dead%3F%20Not%20yet%2C%20but%20its%20best%20days%20are%20over" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fis-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over%2F&linkname=Is%20Puppeteer%20stealth%20dead%3F%20Not%20yet%2C%20but%20its%20best%20days%20are%20over" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fis-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over%2F&linkname=Is%20Puppeteer%20stealth%20dead%3F%20Not%20yet%2C%20but%20its%20best%20days%20are%20over" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fis-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over%2F&linkname=Is%20Puppeteer%20stealth%20dead%3F%20Not%20yet%2C%20but%20its%20best%20days%20are%20over" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F11%2Fis-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over%2F&linkname=Is%20Puppeteer%20stealth%20dead%3F%20Not%20yet%2C%20but%20its%20best%20days%20are%20over" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://blog.castle.io/">The Castle blog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Antoine Vastel">Antoine Vastel</a>. Read the original post at: <a href="https://blog.castle.io/is-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over/">https://blog.castle.io/is-puppeteer-stealth-dead-not-yet-but-its-best-days-are-over/</a> </p>