v0.2.4 · MIT · free forever

A browser library for
agents and operators

50 isolated Chromium profiles with their own cookies, proxies, and fingerprints. Drive them from Cursor or Claude Desktop over MCP. Step in manually whenever the AI hits a CAPTCHA or 2FA.

Download for macOS — free Star on GitHub

Also for macOS Intel · Windows · Linux · All releases

Easier on macOS: install via Homebrew

Brew installs handle the Gatekeeper quarantine for you. One-time tap, then install:

brew tap multizenteam/multizen
brew install --cask multizen

Or, if you grabbed the DMG above, the app isn't Apple-notarized yet (we don't have a Developer ID). macOS will say it's "damaged". Strip the quarantine flag and it opens:

xattr -cr /Applications/MultiZen.app

First-launch on Linux

AppImage needs the execute bit set. Most distros need libfuse2 installed too (Ubuntu 24.04+: libfuse2t64). If it crashes at startup, launch with --no-sandbox.

chmod +x MultiZen-linux-x86_64.AppImage
./MultiZen-linux-x86_64.AppImage

MultiZen first-run onboarding screen — a library of isolated browsers

MultiZen — three browser profiles with proxy, platform, and fingerprint chips

MCP server

Native localhost:7777 endpoint. Works with Cursor, Claude Desktop, Cline.

Anti-detect

Patched Chromium. Canvas, WebGL, audio, fonts farbled. WebRTC IP-locked.

State persists

Cookies, login, IndexedDB stay per-profile across launches and AI sessions.

Self-hosted

Profiles live on your disk. No cloud sync unless you opt in. Encrypted export.

How it works

From prompt to authenticated browser action

Three steps. No cloud accounts. No API keys to register. Profiles stay local — your agent gets MCP-native control over them.

Install on your machine

Download for macOS, Windows, or Linux. Profiles, cookies, and proxies live on your disk. The MCP server starts on localhost:7777 automatically.

$ open MultiZen.app
✓ MCP server listening on localhost:7777
✓ 0 profiles · ready

Connect Cursor or Claude Desktop

Add MultiZen to your MCP client config. Cursor / Claude Desktop / Cline see tools for list_profiles, launch, navigate, click, type, extract, screenshot.

// ~/.cursor/mcp.json
{
  "mcpServers": {
    "multizen": {
      "url": "http://localhost:7777/sse"
    }
  }
}

Let the agent drive

Ask Claude or any LLM to work across authenticated sessions. Cookies persist. Fingerprints stay consistent. Sites see a real Chromium, not a headless bot.

> Through profile "sarah-sales", find 50 CTOs
  in Berlin fintech on LinkedIn and export
  to CSV.

[14:22:01] launch_profile sarah-sales (87ms)
[14:22:03] navigate linkedin.com/search/people
[14:22:46] extract — 50 cards
[14:22:46] saved ~/Desktop/leads.csv

Comparison

Anti-detect, browser infra, or both?

GoLogin and AdsPower built profile managers for human operators, then wrapped them in MCP. Browserbase built cloud headless browsers for agents, with limited fingerprint control. MultiZen does both locally.

Feature	MultiZen	GoLogin	Browserbase
Native MCP server	✓	Profile CRUD only	✓
Drives the browser via MCP	✓	—	✓
Anti-detect fingerprints	✓	✓	Limited
Persistent login state	✓	✓	Per session only
Self-hosted (your disk)	✓	—	—
Manual GUI for operators	✓	✓	—
Pay per browser-hour	—	—	✓
Open-source core	✓	—	SDK only

Pricing

Free. Open source. No limits.

MIT-licensed. Unlimited profiles. No license check. Nothing phones home. Self-hosted on your disk. Built for one user — the developer running it.

∞

Profiles

Forever

MIT

License

—

No tracking

Download for your OS Star on GitHub

FAQ

Honest answers to the questions you actually have

How is this different from GoLogin or AdsPower MCP servers?

GoLogin and AdsPower MCP only expose profile CRUD (create, list, delete) — your agent can manage profiles but cannot drive the browser through MCP. MultiZen exposes the full navigation surface (navigate, click, type, extract, screenshot) so an agent in Cursor or Claude Desktop can complete authenticated workflows end-to-end.

How is this different from Browserbase or Hyperbrowser?

Browserbase and Hyperbrowser are cloud headless browser services priced per browser-hour with limited fingerprint control. MultiZen runs locally on your machine with a source-patched Chromium (CloakBrowser engine) that has real anti-detect fingerprints — canvas, WebGL, audio, fonts, WebRTC IP. Profiles persist on your disk between AI sessions. No cloud lock-in, no rate limit, no per-hour billing.

Will this actually fool Cloudflare and DataDome?

Anti-detect helps with fingerprint-based detection. It does not solve behavioral analysis (DataDome) or every CAPTCHA. We integrate with 2Captcha and CapSolver. Expect 70–85% success on simpler sites, lower on Cloudflare Enterprise / DataDome-protected portals. We're transparent about this — no 'undetectable' claims.

What are acceptable use cases?

QA testing across roles and regions, multi-client agency workflows, authorized lead generation with your own personas, market research, e-commerce multi-marketplace ops, AI-driven sales engineering. We do not support platform ToS violations, mass account farming, ban evasion, or fraud.

Is the code open source?

Yes — MIT on GitHub. The desktop app, MCP server, profile manager, and CDP driver are all open. We don't charge for it, no license check, no phone home. Star and fork freely.

What happens to my profiles if MultiZen shuts down?

Profiles are stored locally in plain SQLite + Chromium user-data-dir format. You can export them at any time. If we shut down, your profiles keep working offline with the last released build. No license check phones home for already-activated installs.

Mac, Windows, Linux?

All three ship from v0.2.0. macOS arm64 + x64 (DMG + zip), Windows x64 (NSIS installer), Linux x64 (AppImage). Cross-platform fingerprint spoof works — you can run a Windows persona on a Mac host.

macOS says the app is damaged on first launch. Is it?

No. The build is not Apple-notarized (we don't have a $99/yr Developer ID yet). macOS Sequoia blocks unsigned apps with a misleading 'damaged' dialog. Open Terminal and run: xattr -cr /Applications/MultiZen.app — that strips the quarantine attribute. Double-click works after that. Same trick applies to most open-source Mac apps without paid signing. Notarization is on the roadmap once the project has any budget.

Windows SmartScreen blocks the installer. Why?

The installer isn't signed with an EV certificate. Microsoft tightened the rules in mid-2023 — only EV certs stored on a hardware HSM clear SmartScreen, and those cost $300+/yr plus the dongle. Azure Trusted Signing is cheaper but requires 3+ years of US/Canada business history. Until we qualify, click 'More info' on the SmartScreen dialog, then 'Run anyway'. After the first launch SmartScreen remembers and stops warning.

AppImage won't launch on Linux. What's wrong?

Three things to check. First, the file needs execute permission: chmod +x MultiZen-linux-x86_64.AppImage. Second, AppImages need libfuse2 (on Ubuntu 24.04+ it's libfuse2t64): apt install libfuse2t64. Third, if Electron's sandbox refuses to start (common on systems without proper SUID setup for chrome-sandbox), launch with the --no-sandbox flag.

A browser library for agents and operators