Skip to main content
BAP provides two complementary flags for working with sites that employ bot detection: --stealth to reduce the automation fingerprint, and --connect to attach to a running Chrome instance via CDP.

The Three Tiers

Default

BAP launches Chrome with Playwright defaults. Good for most sites and development workflows.
bap goto https://example.com

Stealth

Reduces common bot detection signals. Use when sites block or CAPTCHA standard automation browsers. bash bap --stealth goto https://example.com

Connect

Attaches to a Chrome instance you launched manually. The gold standard for avoiding detection — it is a real user browser.
bap --connect goto https://example.com

--stealth Flag

The stealth flag tells the BAP server to launch the browser with additional anti-detection measures: 
bap --stealth goto https://protected-site.com --observe
bap --stealth act fill:label:"Email"="user@test.com" click:role:button:"Login"
Stealth mode is passed through to the server’s browser/launch call and applies to the entire session.
Stealth mode reduces but does not eliminate detection. Sophisticated bot detection systems may still flag automated browsers. For maximum compatibility, use --connect.

--connect Flag (CDP Attach)

Connect to an existing Chrome instance via the Chrome DevTools Protocol. This is the most reliable way to avoid bot detection because BAP controls a browser you launched manually — with your real profile, extensions, and cookies.
1

Launch Chrome with remote debugging

# macOS
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
  --remote-debugging-port=9222

# Linux
google-chrome --remote-debugging-port=9222

# Windows
chrome.exe --remote-debugging-port=9222
2

Connect BAP to the running Chrome

bap --connect goto https://protected-site.com --observe
BAP discovers the Chrome instance on the default port (9222) and attaches via chromium.connectOverCDP().
3

Interact normally

bap --connect act click:text:"Sign in" --observe
bap --connect fill label:"Email" "user@test.com"

Borrowed Browser Lifecycle

When using CDP attach, BAP never closes the external browser:
  • On disconnect: BAP drops the reference. The browser continues running.
  • On bap close-all: BAP closes its own pages but leaves the browser process intact.
  • Playwright has no Browser.disconnect() method, so BAP simply nullifies the reference.
The browser process you launched manually will keep running after BAP disconnects. Close it yourself when done.

Combining with Sessions

Both flags work with named sessions: 
# Stealth + named session
bap --stealth -s=scrape goto https://protected-site.com

# CDP connect + named session
bap --connect -s=manual-chrome goto https://app.example.com
Session persistence ensures the stealth or CDP-attached browser stays warm across commands.

When to Use Each Tier

ScenarioRecommended tier
Development and testingDefault
Sites with basic bot detection--stealth
Sites with aggressive bot detection (Cloudflare, DataDome)--connect
Using your real logged-in session--connect
CI/CD pipelinesDefault + --headless
Scraping at scale--stealth or --connect per site

Server-Level CDP

The MCP and TypeScript SDK can also use CDP attach via the cdpUrl parameter in browser/launch: 
await client.launch({
  cdpUrl: "http://localhost:9222",
});

{
  "tool": "navigate",
  "arguments": {
    "url": "https://example.com"
  }
}
When using cdpUrl, the browser lifecycle is “borrowed” — BAP never closes the external browser on disconnect or shutdown.