@jshookmcp/jshook 0.1.7 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +145 -100
- package/README.zh.md +81 -36
- package/dist/constants.d.ts +1 -1
- package/dist/constants.js +3 -1
- package/dist/modules/analyzer/QualityAnalyzer.js +1 -1
- package/dist/modules/browser/BrowserDiscovery.js +2 -2
- package/dist/modules/browser/BrowserModeManager.js +3 -3
- package/dist/modules/captcha/AICaptchaDetector.d.ts +12 -16
- package/dist/modules/captcha/AICaptchaDetector.js +209 -189
- package/dist/modules/captcha/CaptchaDetector.constants.d.ts +2 -0
- package/dist/modules/captcha/CaptchaDetector.constants.js +116 -25
- package/dist/modules/captcha/CaptchaDetector.d.ts +2 -11
- package/dist/modules/captcha/CaptchaDetector.js +102 -51
- package/dist/modules/captcha/types.d.ts +46 -0
- package/dist/modules/captcha/types.js +52 -0
- package/dist/modules/deobfuscator/AdvancedDeobfuscator.d.ts +15 -20
- package/dist/modules/deobfuscator/AdvancedDeobfuscator.js +66 -234
- package/dist/modules/deobfuscator/Deobfuscator.d.ts +3 -10
- package/dist/modules/deobfuscator/Deobfuscator.js +125 -404
- package/dist/modules/deobfuscator/webcrack.d.ts +13 -0
- package/dist/modules/deobfuscator/webcrack.js +164 -0
- package/dist/modules/detector/ObfuscationDetector.d.ts +6 -0
- package/dist/modules/detector/ObfuscationDetector.js +53 -2
- package/dist/modules/hook/AIHookGenerator.js +1 -1
- package/dist/modules/process/memory/writer.js +1 -1
- package/dist/server/domains/analysis/definitions.js +223 -2
- package/dist/server/domains/analysis/handlers.impl.d.ts +2 -3
- package/dist/server/domains/analysis/handlers.impl.js +60 -15
- package/dist/server/domains/analysis/manifest.js +2 -5
- package/dist/server/domains/browser/definitions.tools.behavior.js +36 -24
- package/dist/server/domains/browser/definitions.tools.security.js +13 -10
- package/dist/server/domains/browser/handlers/camoufox-flow.js +0 -1
- package/dist/server/domains/browser/handlers/captcha-solver.d.ts +1 -1
- package/dist/server/domains/browser/handlers/captcha-solver.js +121 -54
- package/dist/server/domains/browser/handlers/page-navigation.js +0 -2
- package/dist/server/domains/browser/handlers.impl.d.ts +1 -1
- package/dist/server/domains/browser/handlers.impl.js +3 -3
- package/dist/server/domains/browser/manifest.js +1 -1
- package/dist/server/domains/shared/modules.d.ts +1 -0
- package/dist/types/deobfuscator.d.ts +43 -1
- package/dist/types/index.d.ts +1 -1
- package/dist/utils/config.js +19 -10
- package/package.json +6 -3
- package/scripts/postinstall.cjs +37 -0
package/README.md
CHANGED
|
@@ -8,16 +8,11 @@
|
|
|
8
8
|
|
|
9
9
|
English | [中文](./README.zh.md)
|
|
10
10
|
|
|
11
|
-
An MCP (Model Context Protocol) server providing **245 built-in tools** — **
|
|
11
|
+
An MCP (Model Context Protocol) server providing **245 built-in tools** — **238 domain tools across 16 domains** plus **8 built-in meta-tools** — with runtime extension loading from `plugins/` and `workflows/` for AI-assisted JavaScript analysis and security analysis. Combines browser automation, Chrome DevTools Protocol debugging, network monitoring, intelligent JavaScript hooks, LLM-powered code analysis, process/memory inspection, WASM toolchain, binary encoding, anti-anti-debug, GraphQL discovery, source map reconstruction, AST transforms, crypto reconstruction, platform package analysis, Burp Suite / native analysis tool bridges, human behavior simulation, CAPTCHA solving, batch account workflows, and high-level composite workflow orchestration in a single server.
|
|
12
12
|
|
|
13
13
|
## Start Here
|
|
14
14
|
|
|
15
|
-
-
|
|
16
|
-
- Getting started: `docs/guide/getting-started.md:1`
|
|
17
|
-
- Tool selection: `docs/guide/tool-selection.md:1`
|
|
18
|
-
- Extension templates: `docs/extensions/templates.md:1`
|
|
19
|
-
- Operations: `docs/operations/doctor-and-artifacts.md:1`
|
|
20
|
-
- Contribution guide: `CONTRIBUTING.md:1`
|
|
15
|
+
- **Documentation**: <https://vmoranv.github.io/jshookmcp/>
|
|
21
16
|
|
|
22
17
|
## Features
|
|
23
18
|
|
|
@@ -50,7 +45,7 @@ An MCP (Model Context Protocol) server providing **245 built-in tools** — **23
|
|
|
50
45
|
- **Crypto Reconstruction** — Extract standalone crypto functions, worker-thread sandbox testing, implementation comparison
|
|
51
46
|
- **Platform Tools** — Miniapp package scanning/unpacking/analysis, Electron ASAR extraction, Electron app inspection
|
|
52
47
|
- **External Tool Bridges** — Frida script generation and Jadx decompilation integration (link-only, user installs externally)
|
|
53
|
-
- **CAPTCHA Handling** — AI vision detection, manual solve flow, configurable polling,
|
|
48
|
+
- **CAPTCHA Handling** — AI vision detection, manual solve flow, configurable polling, external solver integration, widget challenge solving (hook / manual / API), per-service API key isolation
|
|
54
49
|
- **Human Behavior Simulation** — Bezier-curve mouse movement, natural scrolling with deceleration, realistic typing with typo simulation; all parameters runtime-clamped for safety
|
|
55
50
|
- **Burp Suite Bridge** — Proxy status, intercept-and-replay, HAR import/diff, send-to-repeater; SSRF-protected loopback-only endpoints
|
|
56
51
|
- **Native Analysis Tool Bridge** — Ghidra and IDA Pro bridge: decompile functions, list symbols, run scripts, cross-reference analysis; loopback-only SSRF protection
|
|
@@ -95,11 +90,42 @@ Built on `@modelcontextprotocol/sdk` v1.27+ using the **McpServer high-level API
|
|
|
95
90
|
### Recommended: Run with npx
|
|
96
91
|
|
|
97
92
|
```bash
|
|
98
|
-
npx @jshookmcp/jshook
|
|
93
|
+
npx -y @jshookmcp/jshook
|
|
99
94
|
```
|
|
100
95
|
|
|
101
96
|
This is the recommended way to use the package if you just want to run the MCP server without managing a global install.
|
|
102
97
|
|
|
98
|
+
Notes:
|
|
99
|
+
|
|
100
|
+
- This is a **stdio MCP server**, not a GUI application. It is normal that running it directly in a terminal does not open a window.
|
|
101
|
+
- The process stays attached to the current terminal and waits for an MCP client to complete the stdin/stdout handshake.
|
|
102
|
+
- Use `-y` explicitly when launching through `npx`, otherwise first-install confirmation can block MCP clients and look like a handshake failure.
|
|
103
|
+
|
|
104
|
+
Release note:
|
|
105
|
+
|
|
106
|
+
- `0.1.7` had a broken startup path in some `npx` / MCP-client flows.
|
|
107
|
+
- That packaging issue is fixed in `0.1.8`.
|
|
108
|
+
- If you still see repeated install prompts or `initialize response` failures, force-refresh to the fixed version once:
|
|
109
|
+
|
|
110
|
+
```bash
|
|
111
|
+
npx -y @jshookmcp/jshook@0.1.8
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
MCP client examples:
|
|
115
|
+
|
|
116
|
+
Codex / Claude Code `stdio` config:
|
|
117
|
+
|
|
118
|
+
```json
|
|
119
|
+
{
|
|
120
|
+
"mcpServers": {
|
|
121
|
+
"jshook": {
|
|
122
|
+
"command": "npx",
|
|
123
|
+
"args": ["-y", "@jshookmcp/jshook"]
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
```
|
|
128
|
+
|
|
103
129
|
### Optional: Global install
|
|
104
130
|
|
|
105
131
|
```bash
|
|
@@ -166,7 +192,7 @@ Key variables from `.env.example`:
|
|
|
166
192
|
| `PUPPETEER_TIMEOUT` | Default Puppeteer timeout in milliseconds | `30000` |
|
|
167
193
|
| `PUPPETEER_EXECUTABLE_PATH` | Optional explicit browser executable path | commented example |
|
|
168
194
|
| `MCP_SERVER_NAME` | Server name advertised by the process | `jshookmcp` |
|
|
169
|
-
| `MCP_SERVER_VERSION` | Server version advertised by the process | `0.1.
|
|
195
|
+
| `MCP_SERVER_VERSION` | Server version advertised by the process | `0.1.8` in `.env.example` |
|
|
170
196
|
| `MCP_TOOL_PROFILE` | Tool profile: `search`, `minimal`, `workflow`, or `full` | commented example: `minimal` |
|
|
171
197
|
| `MCP_TOOL_DOMAINS` | Comma-separated domain override; takes precedence over `MCP_TOOL_PROFILE` | commented example |
|
|
172
198
|
| `LOG_LEVEL` | Logging verbosity (`debug`, `info`, `warn`, `error`) | `info` |
|
|
@@ -197,7 +223,7 @@ Additional runtime options exist in code but are not enabled by default in `.env
|
|
|
197
223
|
| `search` | maintenance | 20 (12 domain + 8 meta) | ~3,440 | 8% |
|
|
198
224
|
| `minimal` | browser, maintenance | 80 (72 domain + 8 meta) | ~13,760 | 33% |
|
|
199
225
|
| `workflow` | browser, network, workflow, maintenance, core, debugger, streaming, encoding, graphql | 181 (173 domain + 8 meta) | ~31,132 | 74% |
|
|
200
|
-
| `full` | all 16 domains | 245 (
|
|
226
|
+
| `full` | all 16 domains | 245 (238 domain + 8 meta) | ~42,140 | 100% |
|
|
201
227
|
|
|
202
228
|
> Token counts are rough estimates derived from the previous `claude /doctor` average of ~172 tokens/tool. All profiles include 8 meta-tools: `search_tools`, `activate_tools`, `deactivate_tools`, `activate_domain`, `boost_profile`, `unboost_profile`, `extensions_list`, `extensions_reload`.
|
|
203
229
|
|
|
@@ -241,6 +267,24 @@ MCP_TRANSPORT=http MCP_AUTH_TOKEN=mysecret jshook
|
|
|
241
267
|
|
|
242
268
|
Set `OPENAI_MODEL` or `OPENAI_BASE_URL` only if you need to override the defaults. If you plan to use image-heavy tools (for example CAPTCHA vision workflows), choose a vision-capable model explicitly rather than treating it as the default for every installation.
|
|
243
269
|
|
|
270
|
+
If you prefer to let the client launch the server via `npx` instead of a global binary, use:
|
|
271
|
+
|
|
272
|
+
```json
|
|
273
|
+
{
|
|
274
|
+
"mcpServers": {
|
|
275
|
+
"jshook": {
|
|
276
|
+
"command": "npx",
|
|
277
|
+
"args": ["-y", "@jshookmcp/jshook"],
|
|
278
|
+
"env": {
|
|
279
|
+
"OPENAI_API_KEY": "your-key"
|
|
280
|
+
}
|
|
281
|
+
}
|
|
282
|
+
}
|
|
283
|
+
}
|
|
284
|
+
```
|
|
285
|
+
|
|
286
|
+
The `-y` flag matters: without it, `npx` may wait for an interactive install confirmation, and many MCP clients cannot answer that prompt. The result usually looks like a handshake failure or startup timeout.
|
|
287
|
+
|
|
244
288
|
### Streamable HTTP (remote / MCP current revision)
|
|
245
289
|
|
|
246
290
|
```bash
|
|
@@ -255,9 +299,9 @@ Connect your MCP client to `http://localhost:3000/mcp`. The server supports:
|
|
|
255
299
|
|
|
256
300
|
Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
257
301
|
|
|
258
|
-
## Tool Domains
|
|
302
|
+
## Tool Domains
|
|
259
303
|
|
|
260
|
-
### Core / Analysis
|
|
304
|
+
### Core / Analysis
|
|
261
305
|
|
|
262
306
|
<details>
|
|
263
307
|
<summary>LLM-powered code collection, deobfuscation, crypto detection, webpack/source-map analysis</summary>
|
|
@@ -267,90 +311,91 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
267
311
|
| 1 | `collect_code` | Collect JavaScript code from a target website (summary / priority / incremental / full modes) |
|
|
268
312
|
| 2 | `search_in_scripts` | Search collected scripts by keyword or regex pattern |
|
|
269
313
|
| 3 | `extract_function_tree` | Extract a function and its full dependency tree from collected scripts |
|
|
270
|
-
| 4 | `deobfuscate` |
|
|
314
|
+
| 4 | `deobfuscate` | Webcrack-powered JavaScript deobfuscation with bundle unpacking support |
|
|
271
315
|
| 5 | `understand_code` | Semantic code analysis for structure, behaviour, and risks |
|
|
272
316
|
| 6 | `detect_crypto` | Detect cryptographic algorithms and usage patterns in source code |
|
|
273
317
|
| 7 | `manage_hooks` | Create, inspect, and clear JavaScript runtime hooks |
|
|
274
318
|
| 8 | `detect_obfuscation` | Detect obfuscation techniques in JavaScript source |
|
|
275
|
-
| 9 | `advanced_deobfuscate` | Advanced deobfuscation with
|
|
276
|
-
| 10 | `
|
|
277
|
-
| 11 | `
|
|
278
|
-
| 12 | `
|
|
279
|
-
| 13 | `
|
|
319
|
+
| 9 | `advanced_deobfuscate` | Advanced deobfuscation with webcrack backend (deprecated legacy flags ignored) |
|
|
320
|
+
| 10 | `webcrack_unpack` | Direct webcrack bundle unpacking returning module graph details |
|
|
321
|
+
| 11 | `clear_collected_data` | Clear collected script data, caches, and in-memory indexes |
|
|
322
|
+
| 12 | `get_collection_stats` | Get collection, cache, and compression statistics |
|
|
323
|
+
| 13 | `webpack_enumerate` | Enumerate all webpack modules in the current page; optionally search for keywords |
|
|
324
|
+
| 14 | `source_map_extract` | Find and parse JavaScript source maps to recover original source code |
|
|
280
325
|
|
|
281
326
|
</details>
|
|
282
327
|
|
|
283
|
-
### Browser
|
|
328
|
+
### Browser
|
|
284
329
|
|
|
285
330
|
<details>
|
|
286
331
|
<summary>Browser control, DOM interaction, stealth, CAPTCHA solving, human behavior simulation, storage, framework tools, JS heap search, tab workflow</summary>
|
|
287
332
|
|
|
288
|
-
| # | Tool | Description
|
|
289
|
-
| --- | ------------------------- |
|
|
290
|
-
| 1 | `get_detailed_data` | Retrieve large data by `detailId` token (returned when results exceed context limits)
|
|
291
|
-
| 2 | `browser_launch` | Launch browser instance (`chrome` via rebrowser-puppeteer-core, or `camoufox` anti-detect Firefox)
|
|
292
|
-
| 3 | `camoufox_server_launch` | Launch a Camoufox WebSocket server for multi-process / remote connections
|
|
293
|
-
| 4 | `camoufox_server_close` | Close the Camoufox WebSocket server
|
|
294
|
-
| 5 | `camoufox_server_status` | Get Camoufox WebSocket server status
|
|
295
|
-
| 6 | `browser_attach` | Attach to an existing browser via CDP WebSocket URL
|
|
296
|
-
| 7 | `browser_close` | Close the browser instance
|
|
297
|
-
| 8 | `browser_status` | Get browser status (running, page count, version)
|
|
298
|
-
| 9 | `browser_list_tabs` | List all open tabs/pages
|
|
299
|
-
| 10 | `browser_select_tab` | Switch active tab by index or URL/title pattern
|
|
300
|
-
| 11 | `page_navigate` | Navigate to a URL with auto CAPTCHA detection and optional network monitoring
|
|
301
|
-
| 12 | `page_reload` | Reload current page
|
|
302
|
-
| 13 | `page_back` | Navigate back in history
|
|
303
|
-
| 14 | `page_forward` | Navigate forward in history
|
|
304
|
-
| 15 | `dom_query_selector` | Query a single DOM element
|
|
305
|
-
| 16 | `dom_query_all` | Query all matching DOM elements
|
|
306
|
-
| 17 | `dom_get_structure` | Get page DOM structure; large DOM auto-returns summary + `detailId`
|
|
307
|
-
| 18 | `dom_find_clickable` | Find all clickable elements (buttons, links)
|
|
308
|
-
| 19 | `dom_get_computed_style` | Get computed CSS styles of an element
|
|
309
|
-
| 20 | `dom_find_by_text` | Find elements by text content
|
|
310
|
-
| 21 | `dom_get_xpath` | Get XPath for an element
|
|
311
|
-
| 22 | `dom_is_in_viewport` | Check if an element is visible in the viewport
|
|
312
|
-
| 23 | `page_click` | Click an element
|
|
313
|
-
| 24 | `page_type` | Type text into an input element
|
|
314
|
-
| 25 | `page_select` | Select option(s) in a `<select>` element
|
|
315
|
-
| 26 | `page_hover` | Hover over an element
|
|
316
|
-
| 27 | `page_scroll` | Scroll the page
|
|
317
|
-
| 28 | `page_press_key` | Press a keyboard key
|
|
318
|
-
| 29 | `page_wait_for_selector` | Wait for an element to appear in the DOM
|
|
319
|
-
| 30 | `page_evaluate` | Execute JavaScript in page context; large results return summary + `detailId`
|
|
320
|
-
| 31 | `page_screenshot` | Take a screenshot of the current page
|
|
321
|
-
| 32 | `page_get_performance` | Get page performance metrics
|
|
322
|
-
| 33 | `page_inject_script` | Inject JavaScript code into the page
|
|
323
|
-
| 34 | `page_set_cookies` | Set cookies for the page
|
|
324
|
-
| 35 | `page_get_cookies` | Get all cookies for the page
|
|
325
|
-
| 36 | `page_clear_cookies` | Clear all cookies
|
|
326
|
-
| 37 | `page_set_viewport` | Set viewport size
|
|
327
|
-
| 38 | `page_emulate_device` | Emulate a mobile device (iPhone, iPad, Android)
|
|
328
|
-
| 39 | `page_get_local_storage` | Get all `localStorage` items
|
|
329
|
-
| 40 | `page_set_local_storage` | Set a `localStorage` item
|
|
330
|
-
| 41 | `page_get_all_links` | Get all links on the page
|
|
331
|
-
| 42 | `get_all_scripts` | Get list of all loaded script URLs (with `maxScripts` cap)
|
|
332
|
-
| 43 | `get_script_source` | Get script source code; large scripts return summary + `detailId`
|
|
333
|
-
| 44 | `console_enable` | Enable console monitoring
|
|
334
|
-
| 45 | `console_get_logs` | Get captured console logs
|
|
335
|
-
| 46 | `console_execute` | Execute JavaScript in the console context
|
|
336
|
-
| 47 | `captcha_detect` | Detect CAPTCHA on the current page using AI vision
|
|
337
|
-
| 48 | `captcha_wait` | Wait for manual CAPTCHA solve
|
|
338
|
-
| 49 | `captcha_config` | Configure CAPTCHA detection behaviour
|
|
339
|
-
| 50 | `stealth_inject` | Inject stealth scripts to bypass bot detection
|
|
340
|
-
| 51 | `stealth_set_user_agent` | Set a realistic User-Agent and browser fingerprint
|
|
341
|
-
| 52 | `framework_state_extract` | Extract React/Vue component state from the live page
|
|
342
|
-
| 53 | `indexeddb_dump` | Dump all IndexedDB databases
|
|
343
|
-
| 54 | `js_heap_search` | Search the live V8 JS heap for strings matching a pattern (CE-equivalent for browser)
|
|
344
|
-
| 55 | `tab_workflow` | Multi-tab coordination with alias binding, cross-tab navigation, and KV context
|
|
345
|
-
| 56 | `human_mouse` | Bezier-curve mouse movement with jitter, easing, and optional click — mimics real human motion
|
|
346
|
-
| 57 | `human_scroll` | Natural scrolling with segment deceleration, jitter, and direction control
|
|
347
|
-
| 58 | `human_typing` | Realistic typing with per-character delay variance, typo simulation, and WPM-based pacing
|
|
348
|
-
| 59 | `captcha_vision_solve` | Solve image
|
|
349
|
-
| 60 | `
|
|
333
|
+
| # | Tool | Description |
|
|
334
|
+
| --- | ------------------------- | ------------------------------------------------------------------------------------------------------------- |
|
|
335
|
+
| 1 | `get_detailed_data` | Retrieve large data by `detailId` token (returned when results exceed context limits) |
|
|
336
|
+
| 2 | `browser_launch` | Launch browser instance (`chrome` via rebrowser-puppeteer-core, or `camoufox` anti-detect Firefox) |
|
|
337
|
+
| 3 | `camoufox_server_launch` | Launch a Camoufox WebSocket server for multi-process / remote connections |
|
|
338
|
+
| 4 | `camoufox_server_close` | Close the Camoufox WebSocket server |
|
|
339
|
+
| 5 | `camoufox_server_status` | Get Camoufox WebSocket server status |
|
|
340
|
+
| 6 | `browser_attach` | Attach to an existing browser via CDP WebSocket URL |
|
|
341
|
+
| 7 | `browser_close` | Close the browser instance |
|
|
342
|
+
| 8 | `browser_status` | Get browser status (running, page count, version) |
|
|
343
|
+
| 9 | `browser_list_tabs` | List all open tabs/pages |
|
|
344
|
+
| 10 | `browser_select_tab` | Switch active tab by index or URL/title pattern |
|
|
345
|
+
| 11 | `page_navigate` | Navigate to a URL with auto CAPTCHA detection and optional network monitoring |
|
|
346
|
+
| 12 | `page_reload` | Reload current page |
|
|
347
|
+
| 13 | `page_back` | Navigate back in history |
|
|
348
|
+
| 14 | `page_forward` | Navigate forward in history |
|
|
349
|
+
| 15 | `dom_query_selector` | Query a single DOM element |
|
|
350
|
+
| 16 | `dom_query_all` | Query all matching DOM elements |
|
|
351
|
+
| 17 | `dom_get_structure` | Get page DOM structure; large DOM auto-returns summary + `detailId` |
|
|
352
|
+
| 18 | `dom_find_clickable` | Find all clickable elements (buttons, links) |
|
|
353
|
+
| 19 | `dom_get_computed_style` | Get computed CSS styles of an element |
|
|
354
|
+
| 20 | `dom_find_by_text` | Find elements by text content |
|
|
355
|
+
| 21 | `dom_get_xpath` | Get XPath for an element |
|
|
356
|
+
| 22 | `dom_is_in_viewport` | Check if an element is visible in the viewport |
|
|
357
|
+
| 23 | `page_click` | Click an element |
|
|
358
|
+
| 24 | `page_type` | Type text into an input element |
|
|
359
|
+
| 25 | `page_select` | Select option(s) in a `<select>` element |
|
|
360
|
+
| 26 | `page_hover` | Hover over an element |
|
|
361
|
+
| 27 | `page_scroll` | Scroll the page |
|
|
362
|
+
| 28 | `page_press_key` | Press a keyboard key |
|
|
363
|
+
| 29 | `page_wait_for_selector` | Wait for an element to appear in the DOM |
|
|
364
|
+
| 30 | `page_evaluate` | Execute JavaScript in page context; large results return summary + `detailId` |
|
|
365
|
+
| 31 | `page_screenshot` | Take a screenshot of the current page |
|
|
366
|
+
| 32 | `page_get_performance` | Get page performance metrics |
|
|
367
|
+
| 33 | `page_inject_script` | Inject JavaScript code into the page |
|
|
368
|
+
| 34 | `page_set_cookies` | Set cookies for the page |
|
|
369
|
+
| 35 | `page_get_cookies` | Get all cookies for the page |
|
|
370
|
+
| 36 | `page_clear_cookies` | Clear all cookies |
|
|
371
|
+
| 37 | `page_set_viewport` | Set viewport size |
|
|
372
|
+
| 38 | `page_emulate_device` | Emulate a mobile device (iPhone, iPad, Android) |
|
|
373
|
+
| 39 | `page_get_local_storage` | Get all `localStorage` items |
|
|
374
|
+
| 40 | `page_set_local_storage` | Set a `localStorage` item |
|
|
375
|
+
| 41 | `page_get_all_links` | Get all links on the page |
|
|
376
|
+
| 42 | `get_all_scripts` | Get list of all loaded script URLs (with `maxScripts` cap) |
|
|
377
|
+
| 43 | `get_script_source` | Get script source code; large scripts return summary + `detailId` |
|
|
378
|
+
| 44 | `console_enable` | Enable console monitoring |
|
|
379
|
+
| 45 | `console_get_logs` | Get captured console logs |
|
|
380
|
+
| 46 | `console_execute` | Execute JavaScript in the console context |
|
|
381
|
+
| 47 | `captcha_detect` | Detect CAPTCHA on the current page using AI vision |
|
|
382
|
+
| 48 | `captcha_wait` | Wait for manual CAPTCHA solve |
|
|
383
|
+
| 49 | `captcha_config` | Configure CAPTCHA detection behaviour |
|
|
384
|
+
| 50 | `stealth_inject` | Inject stealth scripts to bypass bot detection |
|
|
385
|
+
| 51 | `stealth_set_user_agent` | Set a realistic User-Agent and browser fingerprint |
|
|
386
|
+
| 52 | `framework_state_extract` | Extract React/Vue component state from the live page |
|
|
387
|
+
| 53 | `indexeddb_dump` | Dump all IndexedDB databases |
|
|
388
|
+
| 54 | `js_heap_search` | Search the live V8 JS heap for strings matching a pattern (CE-equivalent for browser) |
|
|
389
|
+
| 55 | `tab_workflow` | Multi-tab coordination with alias binding, cross-tab navigation, and KV context |
|
|
390
|
+
| 56 | `human_mouse` | Bezier-curve mouse movement with jitter, easing, and optional click — mimics real human motion |
|
|
391
|
+
| 57 | `human_scroll` | Natural scrolling with segment deceleration, jitter, and direction control |
|
|
392
|
+
| 58 | `human_typing` | Realistic typing with per-character delay variance, typo simulation, and WPM-based pacing |
|
|
393
|
+
| 59 | `captcha_vision_solve` | Solve image or widget challenges via external service or manual mode with auto-detection |
|
|
394
|
+
| 60 | `widget_challenge_solve` | Solve embedded widget challenges via hook interception, external service, or manual mode with token injection |
|
|
350
395
|
|
|
351
396
|
</details>
|
|
352
397
|
|
|
353
|
-
### Debugger
|
|
398
|
+
### Debugger
|
|
354
399
|
|
|
355
400
|
<details>
|
|
356
401
|
<summary>CDP debugger control, breakpoints, watches, XHR/event breakpoints, session persistence, blackboxing</summary>
|
|
@@ -397,7 +442,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
397
442
|
|
|
398
443
|
</details>
|
|
399
444
|
|
|
400
|
-
### Network
|
|
445
|
+
### Network
|
|
401
446
|
|
|
402
447
|
<details>
|
|
403
448
|
<summary>CDP network monitoring, performance tracing, CPU/heap profiling, auth extraction, HAR export, request replay, console injection</summary>
|
|
@@ -433,7 +478,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
433
478
|
|
|
434
479
|
</details>
|
|
435
480
|
|
|
436
|
-
### Hooks
|
|
481
|
+
### Hooks
|
|
437
482
|
|
|
438
483
|
<details>
|
|
439
484
|
<summary>AI-generated JavaScript hooks and 20+ built-in presets</summary>
|
|
@@ -453,7 +498,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
453
498
|
|
|
454
499
|
</details>
|
|
455
500
|
|
|
456
|
-
### Maintenance
|
|
501
|
+
### Maintenance
|
|
457
502
|
|
|
458
503
|
<details>
|
|
459
504
|
<summary>Token budget tracking and cache management</summary>
|
|
@@ -469,7 +514,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
469
514
|
|
|
470
515
|
</details>
|
|
471
516
|
|
|
472
|
-
### Process / Memory / Electron
|
|
517
|
+
### Process / Memory / Electron
|
|
473
518
|
|
|
474
519
|
<details>
|
|
475
520
|
<summary>Process enumeration, memory diagnostics and audit export, controlled DLL/shellcode injection, Electron attachment</summary>
|
|
@@ -507,7 +552,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
507
552
|
|
|
508
553
|
</details>
|
|
509
554
|
|
|
510
|
-
### Workflow / Composite
|
|
555
|
+
### Workflow / Composite
|
|
511
556
|
|
|
512
557
|
<details>
|
|
513
558
|
<summary>High-level orchestration for full-chain JavaScript analysis and security analysis tasks, plus batch operations</summary>
|
|
@@ -527,7 +572,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
527
572
|
|
|
528
573
|
</details>
|
|
529
574
|
|
|
530
|
-
### WASM
|
|
575
|
+
### WASM
|
|
531
576
|
|
|
532
577
|
<details>
|
|
533
578
|
<summary>WebAssembly dump, disassembly, decompilation, inspection, optimization, offline execution, VMP tracing</summary>
|
|
@@ -547,7 +592,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
547
592
|
|
|
548
593
|
</details>
|
|
549
594
|
|
|
550
|
-
### Streaming
|
|
595
|
+
### Streaming
|
|
551
596
|
|
|
552
597
|
<details>
|
|
553
598
|
<summary>WebSocket frame capture and SSE event interception</summary>
|
|
@@ -563,7 +608,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
563
608
|
|
|
564
609
|
</details>
|
|
565
610
|
|
|
566
|
-
### Encoding
|
|
611
|
+
### Encoding
|
|
567
612
|
|
|
568
613
|
<details>
|
|
569
614
|
<summary>Binary format detection, entropy analysis, Protobuf/MessagePack decoding, encode/decode</summary>
|
|
@@ -578,7 +623,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
578
623
|
|
|
579
624
|
</details>
|
|
580
625
|
|
|
581
|
-
### Anti-Debug
|
|
626
|
+
### Anti-Debug
|
|
582
627
|
|
|
583
628
|
<details>
|
|
584
629
|
<summary>Bypass anti-debugging protections and detect protection techniques</summary>
|
|
@@ -594,7 +639,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
594
639
|
|
|
595
640
|
</details>
|
|
596
641
|
|
|
597
|
-
### GraphQL / Call Graph
|
|
642
|
+
### GraphQL / Call Graph
|
|
598
643
|
|
|
599
644
|
<details>
|
|
600
645
|
<summary>GraphQL introspection, query extraction, replay, runtime call graph analysis, script replacement</summary>
|
|
@@ -609,7 +654,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
609
654
|
|
|
610
655
|
</details>
|
|
611
656
|
|
|
612
|
-
### Platform
|
|
657
|
+
### Platform
|
|
613
658
|
|
|
614
659
|
<details>
|
|
615
660
|
<summary>Miniapp package tools, Electron ASAR extraction/inspection, Frida/Jadx bridge</summary>
|
|
@@ -628,7 +673,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
628
673
|
|
|
629
674
|
</details>
|
|
630
675
|
|
|
631
|
-
### Burp Suite Bridge
|
|
676
|
+
### Burp Suite Bridge
|
|
632
677
|
|
|
633
678
|
<details>
|
|
634
679
|
<summary>Burp Suite REST API integration: proxy status, request replay, HAR import/diff, repeater</summary>
|
|
@@ -645,7 +690,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
645
690
|
|
|
646
691
|
</details>
|
|
647
692
|
|
|
648
|
-
### Native Analysis Tool Bridge
|
|
693
|
+
### Native Analysis Tool Bridge
|
|
649
694
|
|
|
650
695
|
<details>
|
|
651
696
|
<summary>Ghidra and IDA Pro bridge: decompilation, symbol lookup, script execution, cross-reference analysis</summary>
|
|
@@ -661,7 +706,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
661
706
|
|
|
662
707
|
</details>
|
|
663
708
|
|
|
664
|
-
### Source Map / Extension
|
|
709
|
+
### Source Map / Extension
|
|
665
710
|
|
|
666
711
|
<details>
|
|
667
712
|
<summary>Source map discovery, VLQ decoding, project tree reconstruction, Chrome extension interaction</summary>
|
|
@@ -676,7 +721,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
676
721
|
|
|
677
722
|
</details>
|
|
678
723
|
|
|
679
|
-
### Transform / Crypto
|
|
724
|
+
### Transform / Crypto
|
|
680
725
|
|
|
681
726
|
<details>
|
|
682
727
|
<summary>AST-like transforms (pure regex), crypto function extraction, sandbox testing, implementation comparison</summary>
|
|
@@ -692,7 +737,7 @@ Session IDs are issued via the `Mcp-Session-Id` response header.
|
|
|
692
737
|
|
|
693
738
|
</details>
|
|
694
739
|
|
|
695
|
-
### Meta-Tools
|
|
740
|
+
### Meta-Tools
|
|
696
741
|
|
|
697
742
|
<details>
|
|
698
743
|
<summary>Open the meta-tool list</summary>
|
|
@@ -814,7 +859,7 @@ pnpm run doctor
|
|
|
814
859
|
- **Path Traversal**: HAR export and debugger sessions validate paths with `fs.realpath` and symlink detection
|
|
815
860
|
- **Injection Prevention**: All PowerShell-based operations use `execFile` with input sanitization; `BranchNode.predicateId` whitelist replaces arbitrary JS eval in workflow graphs
|
|
816
861
|
- **External Tool Safety**: `ExternalToolRunner` uses allowlist-only tool registry with `shell: false` execution
|
|
817
|
-
- **CAPTCHA
|
|
862
|
+
- **CAPTCHA Solver Isolation**: Unsupported legacy service overrides are explicitly rejected to prevent credential misrouting
|
|
818
863
|
- **PII Protection**: Batch registration logs mask identifying data (first 2 + last 2 chars only)
|
|
819
864
|
- **Parameter Clamping**: All user-facing numeric parameters in behavior/captcha handlers have runtime hard caps independent of JSON Schema
|
|
820
865
|
- **Plugin Security**: In production, plugin signature enforcement defaults to enabled unless explicitly overridden; digest allowlists remain the pre-import trust boundary
|