CHASER SPRINTER ON-PREM · MANAGED · AIR-GAP
Sprinter is the Chaser stealth browser runtime, packaged for enterprise deployment. Patched Chrome 146, kernel-level proxy rewriting, statistically coherent fingerprints — 500 to 700 concurrent sessions per 1U host, running inside your perimeter, with a real SLA.
A single binary holds the session API, the CDP gateway, and the sandbox launcher. Chrome never sees a debug port; the network never sees a leak. The whole path is yours to audit.
No Object.defineProperty overrides. No JavaScript injected into the
page. Every spoof is a patch inside Blink, V8, or Ozone — so navigator.webdriver is false at the engine level, not at the document
level.
A 9.5 MB Bayesian network generates profiles whose conditional probabilities mirror the real distribution of devices on the internet. Per-seed canvas, audio, WebGL, fonts. No defineProperty overrides — all spoofing is C++ inside Blink, V8, and Ozone.
Every non-loopback connect() call is intercepted by the kernel and transparently redirected through the configured egress — Sprinter's residential pool by default, your own fleet if you prefer. Chrome never sees --proxy-server. DNS-over-HTTPS through 1.1.1.1 is routed the same way. IPv6 instant-rejects so nothing times out.
Each Chrome instance lives inside a bubblewrap sandbox with its own PID namespace, read-only root filesystem, fresh /tmp, dedicated fontconfig cache, and NUMA-pinned CPU affinity. Sessions can't see each other. Dead sessions die with their parent.
Chrome launches with --remote-debugging-pipe — CDP rides anonymous file descriptors 3 and 4, not a TCP port. Network scanners see zero open debug ports. The Rust gateway bridges pipe to WebSocket for your client, and synthesises /json/version and /json/list responses.
A shared-memory control plane dispatches MOUSE_MOVE, MOUSE_CLICK, KEY_TYPE, and SCROLL ops directly through RenderWidgetHostImpl::Forward*. Every event has isTrusted: true at the C++ layer. A per-session seed drives the ChaserInputHumanizer for deterministic-but-varied timing.
GeeTest slide, gobang, icon, SVG, and AI types resolved in-process via chaser-gt. reCAPTCHA audio downloaded, MP3-decoded, and transcribed through Google Speech. Chaser.captchaDetected CDP events trigger async solvers — nothing leaves your proxy unless you allow it.
Sprinter speaks standard CDP. Anything that already connects to Chrome — Puppeteer, Playwright, a scraper your team wrote in 2021 — connects to Sprinter the same way. The REST surface is four verbs.
One POST. One ws:// URL. Your existing Puppeteer
pipeline, unchanged.
Sprinter speaks standard CDP. If your code already calls puppeteer.connect or chromium.connectOverCDP, the only
thing that changes is the URL you connect to. No SDK to vendor, no proprietary
client, no rewrite. Swap the endpoint, keep the pipeline.
curl -X POST http://sprinter.local:3000/v1/sessions \
-H "Content-Type: application/json" \
-d '{
"proxy": "socks5://user:pass@proxy.example.com:1080",
"seed": "stable-identity-42",
"target_url": "https://www.bing.com/search"
}'{ "session_id": "ses_abc123", "cdp_url": "ws://127.0.0.1:19000/devtools/browser", "exit_ip": "1.2.3.4", "exit_country": "US", "expires_at": "2026-04-14T10:00:00Z" }
// rebrowser-puppeteer-core — drop-in puppeteer const browser = await puppeteer.connect({ browserWSEndpoint: cdp_url, defaultViewport: null, }); const page = await browser.newPage(); await page.goto("https://example.com");
Sprinter customers get access to a filtered residential pool we don't sell standalone. Every IP runs through our own intelligence pipeline — classification, risk, history, port profile — and the API backing it is public if you want to score your own.
Included · residential proxies
Residential IPs. Filtered on our own pipeline. From $1/GB at volume.
Exclusive to Sprinter customers — we don't sell proxies as a standalone product. Every exit is scored and filtered through the same intelligence pipeline that powers ip.chaser.sh — our public IP intelligence API. We publish it because we're confident the signal beats every commercial endpoint we've benched it against.
Traffic rides h2:// by default — our own multiplexed HTTP/2 transport
that collapses the handshake chain and recycles connections across sessions. SOCKS5
and HTTP CONNECT work everywhere the pipe does.
h2:// by default · SOCKS5 / HTTP fallbackip.chaser.sh · free to try{ "ip": "50.220.237.1", "classification": { "type": "residential", "is_residential": true, "is_datacenter": false, "is_proxy": false }, "risk": { "level": "low", "score": 10, "ml_proxy_score": 0.0573, "signals": ["residential_isp", "clean_port_profile"] }, "dnsbl": { "hit_count": 0 }, "history": { "block_count": 0 } }
Actual response for a Sprinter exit. BGP, WHOIS, port profile, DNSBL, risk signals, ML scoring — we score every IP, then ship the ones that clear. Try the API on any address at ip.chaser.sh.
Not a lab number. Idle-heavy scraping workloads hold 500–700 sustained sessions on a 64-core EPYC. Short-lived job traffic runs 17k–24k per hour. KSM and hardlinked templates do most of the memory work for you.
Idle-heavy scraping and scouting workloads. Active workloads scale linearly with core count. Scale out by racking more hosts behind one gateway.
Measured on the reference host. Your numbers depend on page weight, interaction density, and how long sessions stay warm.
Pre-warmed profile templates hardlink into each new session's profile before Chrome launches. The kernel dedupes shared pages for free — one template, N sessions, no KSM hash-compare.
Security · data path
On-prem deployments never transit our infrastructure. Chrome runs on your hardware, behind your proxy, resolving your DNS, writing to your logs. Your existing compliance program covers the data path — we don't sit in it. Managed deployments run single-tenant, in a region of your choice, with an audit trail for every session create, destroy, and proxy rewrite.
Most enterprises drop Sprinter on a host and run. For everyone else — custom sandboxes, existing microVM fleets, bespoke VM templates — the core composes with what you already have.
Single binary, one systemd unit, bring your own proxy. Rack a 1U, license the runtime, run the smoke test. You're orchestrating Chrome sessions in the afternoon.
Ready to deploySingle-tenant Sprinter cluster in a region of your choice, operated by us. You get the REST surface and the SLA. We handle patches, capacity, and the underlying fleet.
Sprinter, hostedAlready using Chaser's microVM foundation, custom sandboxes, or bespoke VM templates? The Sprinter core composes with the same primitives — we'll fit it to what you've built.
Custom engagementSprinter is the Chaser stealth browser core, packaged for on-prem and managed enterprise deployment. Pre-warmed, patched, auditable — and tailored to whatever your infrastructure already looks like.