DEV.co
Open-Source Testing · ultrafunkamsterdam

undetected-chromedriver

undetected-chromedriver is a Python library that patches Selenium's Chromedriver to bypass anti-bot detection systems (Cloudflare, Datadome, Imperva, etc.). It automates the download and patching of Chrome binaries and integrates with Selenium for browser automation.

Source: GitHub — github.com/ultrafunkamsterdam/undetected-chromedriver
12.7k
GitHub stars
1.3k
Forks
Python
Primary language
GPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryultrafunkamsterdam/undetected-chromedriver
Ownerultrafunkamsterdam
Primary languagePython
LicenseGPL-3.0 — OSI-approved
Stars12.7k
Forks1.3k
Open issues1.1k
Latest releaseUnknown
Last updated2025-07-05
Sourcehttps://github.com/ultrafunkamsterdam/undetected-chromedriver

What undetected-chromedriver is

Patches Chromedriver binaries to prevent injection of webdriver detection markers before launching Chrome processes. Uses subprocess isolation and custom WebElement methods. Requires Selenium 4.9+, Python 3.6+, and a valid Chrome/Chromium installation. IP reputation and datacenter detection remain unmasked.

Quickstart

Get the undetected-chromedriver source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/ultrafunkamsterdam/undetected-chromedriver.gitcd undetected-chromedriver# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Legitimate web scraping with bot detection

Extract data from sites protected by Cloudflare, Imperva, or Datadome when you own or have permission for the target site.

Automated testing of protected web applications

Test your own applications that implement bot-detection middleware without triggering false positives.

Monitoring and reporting on dynamic content

Capture and report on website changes where JavaScript rendering is required and bot detection is in place.

Implementation considerations

  • Requires valid Chrome/Chromium installation; library auto-downloads compatible driver binary. Test Chrome version compatibility before deployment.
  • Headless mode is unsupported/WIP; use headed mode for production reliability. README notes headless was patched in v3.4.5 but remains unsupported.
  • High issue backlog (1,142 open) and maintainer message about issue-tracker abuse suggest slower response times; prioritize reproducible examples.
  • No official release versioning; rely on pip version history and GitHub branch commits. Test version upgrades in staging.
  • IP-based blocking still applies; pair with residential proxy services or legitimate network egress if needed.

When to avoid it — and what to weigh

  • Requires IP anonymization — Library does not hide your IP address. Datacenter IPs or low-reputation residential IPs will still be blocked by detection systems.
  • Terms of Service violations — Do not use to scrape sites where you lack authorization. The tool itself is neutral, but its use may violate target site ToS.
  • Headless browser requirement is critical — Headless mode is marked Work-in-Progress. If you need reliable headless operation, test thoroughly or avoid until marked stable.
  • High-volume production use without testing — Detection evasion is an arms race. Before deploying at scale, validate against current anti-bot vendor versions.

License & commercial use

GPL-3.0 (GNU General Public License v3.0). This is a copyleft license requiring derivative works to be released under GPL-3.0 and source code to be made available.

Requires careful review. GPL-3.0 permits commercial use, but derivative modifications must be released under GPL-3.0 with source disclosure. If you modify the library or link it into proprietary code, legal review is mandatory. Using unmodified library in closed-source projects requires consulting an IP attorney to verify compliance with your distribution model.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityNeeds review
Deployment complexityLow
DEV.co fitPossible
Assessment confidenceMedium
Security considerations

Library itself does not introduce exploitable vulnerabilities, but using it for unauthorized web scraping or bypassing access controls violates laws (CFAA in US, Computer Misuse Act in UK, etc.). Undetected-chromedriver is a neutral tool; responsibility for lawful use rests with the operator. No security audit or formal threat model published. Users must understand that detection evasion may be defeated by vendor counter-measures, creating risk of legal or contractual exposure.

Alternatives to consider

Playwright (Microsoft)

Modern, actively maintained alternative to Selenium. Some anti-bot evasion built-in; stealth plugin available. Steeper learning curve but better async support and cross-browser coverage.

Puppeteer / Puppeteer-sharp

Headless-first design with native Chrome DevTools Protocol. Good for headless scraping; requires Node.js or .NET. May be more easily detected than undetected-chromedriver.

Selenium + residential proxies (no patching)

Use standard Selenium with IP masking via proxy services (Bright Data, Oxylabs, etc.). Avoids GPL dependency and detection evasion arms race; higher cost, legal clarity on proxy use still required.

Software development agency

Build on undetected-chromedriver with DEV.co software developers

Review the legal, technical, and maintenance implications before adoption. Consult a lawyer on ToS compliance. Test IP masking requirements and headless mode stability in your environment.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

undetected-chromedriver FAQ

Will this work from a datacenter or VPN?
Unlikely. The library does not mask your IP address. Datacenter and VPN IPs are flagged by anti-bot vendors independently of browser detection. Pair with a residential proxy service for best results.
Can I use this in headless mode?
Yes, as of v3.4.5, but it is unsupported (Work-in-Progress). Test thoroughly before production use. Headed mode is recommended for stability.
Do I need Selenium installed?
Yes. undetected-chromedriver wraps Selenium 4.9+ and requires it as a dependency. It does not replace Selenium; it patches Chromedriver for you.
Is my use case legal?
Depends on your jurisdiction and target site. Scraping without authorization may violate CFAA, ToS, or local law. Consult a lawyer if you are uncertain. The library is neutral; you are responsible for lawful use.

Software development & web development with DEV.co

Adopting undetected-chromedriver is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source testing software in production.

Evaluate undetected-chromedriver for Your Use Case

Review the legal, technical, and maintenance implications before adoption. Consult a lawyer on ToS compliance. Test IP masking requirements and headless mode stability in your environment.