Stealth Chrome & VPN Proxy

Anti-detection measures and SOCKS5 proxy support for first-time WhatsApp device linking

Stealth Plugin Integration

puppeteer-extra-plugin-stealth is loaded via a module resolution patch that intercepts require('puppeteer') calls

Module Resolution Patch

In backend/src/index.ts

Intercepts require('puppeteer')

Returns puppeteer-extra with stealth

whatsapp-web.js gets patched version

Chrome Launch Args

--disable-blink-features=AutomationControlled

--lang=en-US,en

Removes navigator.webdriver flag

Page-Level Fingerprint Overrides

Property	Spoofed Value	Purpose
Timezone	America/New_York	Match typical US user
Screen dimensions	1920x1080	Standard desktop resolution
navigator.deviceMemory	8	Typical desktop value
WebGL renderer	Intel UHD Graphics 630	Common integrated GPU string
Notification.permission	"default"	Normal browser state
Window outer dims	Match screen	Avoid headless mismatch

VPN Investigation Results

Key Finding: IP reputation determines whether WhatsApp kills the linking session, NOT browser fingerprinting. ProtonVPN IPs are on known VPN blacklists and fail. Regular datacenter IPs work fine.

Test	IP Source	Stealth	Result
OVH VPS (regular)	15.204.11.95	None	WORKED
Direct OVH (re-link)	192.99.145.61	None	WORKED
ProtonVPN US-WA#100	149.22.88.44	None	FAILED ~3min
ProtonVPN + full stealth	37.19.221.235	Full	FAILED ~3min

CHROME_PROXY Configuration

Set CHROME_PROXY=socks5://172.17.0.1:1080 in gateway .env

↓

Provisioner passes env var to Docker container via -e CHROME_PROXY

↓

WhatsAppService reads process.env.CHROME_PROXY, adds --proxy-server to Chrome args

↓

Chrome traffic routes through SOCKS5 proxy; Node.js/API traffic is direct (not proxied)

Proxy is only needed for first-time linking (~5 minutes). Once "Loading your chats" completes and contacts are scraped, the session persists on any IP.

Recommended Proxy Strategy

Use Regular VPS IPs

$3-5/month VPS (Hetzner, Vultr, DO)

Clean datacenter IPs, not VPN blacklisted

Run microsocks for SOCKS5

WireGuard Split Tunneling

Table=off in WireGuard config

Custom routing table for proxy traffic

Docker reaches host via 172.17.0.1

Drill down: Stealth Chrome Details · VPN Proxy Details · On-Demand Provisioning · Back to Project