Why Stealth?
Websites detect automation tools by checking JavaScript globals that browser automation frameworks modify. Flowork's stealth system patches these indicators.
What Gets Spoofed
1. navigator.webdriver — Set to false (normally true in automated browsers) 2. Chrome plugins — Fake plugin array injected 3. WebGL — Custom vendor/renderer strings to avoid "SwiftShader" detection 4. Canvas — RGB noise added to fingerprint calls 5. Chrome object — Fake chrome.runtime to pass Chrome detection 6. Permissions — Custom permission query responses
Per-Tab Fingerprints
Each browser tab can have a unique fingerprint configuration. This is stored in botFpConfigs{} and accessed via IPC:
ipcMain.on("app:get-fp-config", (event) => {
event.returnValue = botFpConfigs[event.sender.id] || defaultConfig;
});
The stealth preload reads this config and applies the appropriate spoofing for each tab.