@jshookmcp/jshook 0.2.2 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +661 -661
- package/README.md +15 -6
- package/README.zh.md +19 -4
- package/dist/native/scripts/linux/enum-windows.sh +12 -12
- package/dist/native/scripts/macos/enum-windows.applescript +22 -22
- package/dist/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
- package/dist/native/scripts/windows/enum-windows.ps1 +44 -44
- package/dist/native/scripts/windows/inject-dll.ps1 +21 -21
- package/dist/packages/extension-sdk/src/bridges/shared.js +2 -2
- package/dist/packages/extension-sdk/src/plugin.d.ts +5 -0
- package/dist/packages/extension-sdk/src/plugin.js +119 -33
- package/dist/packages/extension-sdk/src/workflow.d.ts +156 -0
- package/dist/packages/extension-sdk/src/workflow.js +236 -0
- package/dist/src/config/search-defaults.js +161 -0
- package/dist/src/constants.d.ts +3 -0
- package/dist/src/constants.js +4 -1
- package/dist/src/index.d.ts +1 -1
- package/dist/src/index.js +13 -17
- package/dist/src/modules/analyzer/CodeAnalyzer.d.ts +1 -3
- package/dist/src/modules/analyzer/CodeAnalyzer.js +16 -28
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.d.ts +1 -2
- package/dist/src/modules/analyzer/CodeAnalyzerDataFlow.js +1 -45
- package/dist/src/modules/analyzer/IntelligentAnalyzer.d.ts +1 -37
- package/dist/src/modules/analyzer/IntelligentAnalyzer.js +9 -142
- package/dist/src/modules/analyzer/PatternDetector.js +3 -3
- package/dist/src/modules/analyzer/PatternDetectorAuthPatterns.js +1 -1
- package/dist/src/modules/browser/BrowserDiscovery.d.ts +6 -5
- package/dist/src/modules/browser/BrowserDiscovery.js +3 -3
- package/dist/src/modules/browser/BrowserModeManager.d.ts +1 -1
- package/dist/src/modules/browser/BrowserModeManager.js +11 -10
- package/dist/src/modules/browser/TabRegistry.js +2 -2
- package/dist/src/modules/browser/UnifiedBrowserManager.d.ts +1 -0
- package/dist/src/modules/browser/UnifiedBrowserManager.js +19 -4
- package/dist/src/modules/captcha/AICaptchaDetector.d.ts +14 -23
- package/dist/src/modules/captcha/AICaptchaDetector.js +8 -202
- package/dist/src/modules/captcha/CaptchaDetector.d.ts +31 -17
- package/dist/src/modules/captcha/CaptchaDetector.js +1 -1
- package/dist/src/modules/collector/CodeCache.d.ts +2 -2
- package/dist/src/modules/collector/CodeCollector.d.ts +12 -9
- package/dist/src/modules/collector/CodeCollector.js +5 -6
- package/dist/src/modules/collector/DOMInspector.d.ts +3 -2
- package/dist/src/modules/collector/DOMInspector.js +49 -59
- package/dist/src/modules/collector/PageController.d.ts +17 -4
- package/dist/src/modules/collector/PageController.js +2 -5
- package/dist/src/modules/collector/PageScriptCollectors.js +3 -3
- package/dist/src/modules/crypto/CryptoDetector.d.ts +1 -4
- package/dist/src/modules/crypto/CryptoDetector.js +2 -42
- package/dist/src/modules/crypto/CryptoRules.js +1 -1
- package/dist/src/modules/debugger/BlackboxManager.js +1 -1
- package/dist/src/modules/debugger/DebuggerManager.impl.core.scope.js +1 -1
- package/dist/src/modules/debugger/ScriptManager.impl.extract-function-tree.js +5 -3
- package/dist/src/modules/debugger/WatchExpressionManager.js +1 -1
- package/dist/src/modules/deobfuscator/Deobfuscator.d.ts +1 -4
- package/dist/src/modules/deobfuscator/Deobfuscator.js +4 -39
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.d.ts +0 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.js +2 -8
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.d.ts +2 -3
- package/dist/src/modules/deobfuscator/JSVMPDeobfuscator.restore.js +5 -57
- package/dist/src/modules/deobfuscator/JScramblerDeobfuscator.js +3 -4
- package/dist/src/modules/deobfuscator/PackerDeobfuscator.js +1 -1
- package/dist/src/modules/deobfuscator/VMDeobfuscator.d.ts +2 -10
- package/dist/src/modules/deobfuscator/VMDeobfuscator.js +3 -128
- package/dist/src/modules/deobfuscator/webcrack.js +15 -2
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.d.ts +5 -8
- package/dist/src/modules/emulator/AIEnvironmentAnalyzer.js +10 -102
- package/dist/src/modules/emulator/EnvironmentEmulator.d.ts +1 -5
- package/dist/src/modules/emulator/EnvironmentEmulator.js +7 -91
- package/dist/src/modules/emulator/EnvironmentEmulatorFetch.js +58 -61
- package/dist/src/modules/emulator/templates/chrome-env.d.ts +17 -7
- package/dist/src/modules/emulator/templates/chrome-env.js +14 -7
- package/dist/src/modules/external/ExternalToolRunner.d.ts +1 -1
- package/dist/src/modules/external/ExternalToolRunner.js +26 -23
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.d.ts +13 -0
- package/dist/src/modules/monitor/ConsoleMonitor.impl.core.class.js +42 -0
- package/dist/src/modules/monitor/FetchInterceptor.d.ts +46 -0
- package/dist/src/modules/monitor/FetchInterceptor.js +191 -0
- package/dist/src/modules/monitor/PerformanceMonitor.js +8 -7
- package/dist/src/modules/process/BaseMemoryManager.d.ts +1 -1
- package/dist/src/modules/process/LinuxProcessManager.js +4 -2
- package/dist/src/modules/process/MacProcessManager.js +1 -1
- package/dist/src/modules/process/MemoryManager.d.ts +1 -1
- package/dist/src/modules/process/MemoryManager.js +2 -2
- package/dist/src/modules/process/ProcessManager.impl.js +1 -1
- package/dist/src/modules/process/memory/AuditTrail.js +1 -1
- package/dist/src/modules/process/memory/reader.js +35 -3
- package/dist/src/modules/process/memory/regions.enumerate.js +1 -1
- package/dist/src/modules/process/memory/regions.protection.js +42 -9
- package/dist/src/modules/process/memory/scanner.d.ts +5 -1
- package/dist/src/modules/process/memory/scanner.darwin.js +57 -0
- package/dist/src/modules/process/memory/scanner.js +88 -4
- package/dist/src/modules/process/memory/writer.js +44 -4
- package/dist/src/modules/security/ExecutionSandbox.js +7 -8
- package/dist/src/modules/stealth/FingerprintManager.js +1 -1
- package/dist/src/modules/stealth/StealthScripts.d.ts +4 -2
- package/dist/src/modules/stealth/StealthScripts.js +53 -14
- package/dist/src/modules/stealth/StealthVerifier.d.ts +1 -1
- package/dist/src/modules/stealth/StealthVerifier.js +2 -4
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.d.ts +14 -0
- package/dist/src/modules/symbolic/JSVMPSymbolicExecutor.js +181 -2
- package/dist/src/modules/trace/TraceDB.js +12 -6
- package/dist/src/modules/trace/TraceRecorder.js +1 -5
- package/dist/src/native/AntiCheatDetector.js +67 -16
- package/dist/src/native/CodeInjector.js +4 -4
- package/dist/src/native/HardwareBreakpoint.js +25 -16
- package/dist/src/native/HeapAnalyzer.js +2 -2
- package/dist/src/native/MemoryController.js +1 -1
- package/dist/src/native/MemoryScanSession.js +2 -2
- package/dist/src/native/MemoryScanner.js +4 -8
- package/dist/src/native/NativeMemoryManager.impl.js +2 -2
- package/dist/src/native/PEAnalyzer.js +14 -15
- package/dist/src/native/PointerChainEngine.js +2 -4
- package/dist/src/native/ScriptLoader.js +4 -9
- package/dist/src/native/Speedhack.js +1 -1
- package/dist/src/native/StructureAnalyzer.js +52 -33
- package/dist/src/native/Win32API.d.ts +1 -0
- package/dist/src/native/Win32API.js +13 -0
- package/dist/src/native/Win32Debug.js +19 -19
- package/dist/src/native/platform/darwin/DarwinAPI.d.ts +2 -0
- package/dist/src/native/platform/darwin/DarwinAPI.js +8 -0
- package/dist/src/native/platform/darwin/DarwinMemoryProvider.js +6 -1
- package/dist/src/server/MCPServer.context.d.ts +2 -1
- package/dist/src/server/MCPServer.d.ts +2 -1
- package/dist/src/server/MCPServer.domain.d.ts +1 -1
- package/dist/src/server/MCPServer.domain.js +81 -16
- package/dist/src/server/MCPServer.js +42 -14
- package/dist/src/server/MCPServer.resources.d.ts +2 -0
- package/dist/src/server/MCPServer.resources.js +91 -0
- package/dist/src/server/MCPServer.search.handlers.call.js +2 -1
- package/dist/src/server/MCPServer.search.helpers.js +2 -2
- package/dist/src/server/MCPServer.tools.js +1 -1
- package/dist/src/server/MCPServer.transport.js +12 -0
- package/dist/src/server/ToolCallContextGuard.d.ts +5 -0
- package/dist/src/server/ToolCallContextGuard.js +85 -0
- package/dist/src/server/ToolRouter.d.ts +26 -10
- package/dist/src/server/ToolRouter.intent.d.ts +26 -0
- package/dist/src/server/ToolRouter.intent.js +77 -0
- package/dist/src/server/ToolRouter.js +103 -284
- package/dist/src/server/ToolRouter.policy.d.ts +22 -0
- package/dist/src/server/ToolRouter.policy.js +163 -0
- package/dist/src/server/ToolRouter.probe.d.ts +17 -0
- package/dist/src/server/ToolRouter.probe.js +103 -0
- package/dist/src/server/ToolRouter.renderer.d.ts +9 -0
- package/dist/src/server/ToolRouter.renderer.js +52 -0
- package/dist/src/server/activation/ActivationController.js +15 -12
- package/dist/src/server/activation/CompoundConditionEngine.js +1 -1
- package/dist/src/server/activation/PredictiveBooster.js +1 -3
- package/dist/src/server/domains/analysis/definitions.js +155 -655
- package/dist/src/server/domains/analysis/handlers.impl.d.ts +8 -8
- package/dist/src/server/domains/analysis/handlers.impl.js +34 -28
- package/dist/src/server/domains/analysis/handlers.web-tools.js +4 -3
- package/dist/src/server/domains/analysis/manifest.js +6 -4
- package/dist/src/server/domains/antidebug/definitions.js +25 -111
- package/dist/src/server/domains/browser/definitions.tools.advanced.js +59 -88
- package/dist/src/server/domains/browser/definitions.tools.behavior.js +120 -227
- package/dist/src/server/domains/browser/definitions.tools.page-core.js +157 -386
- package/dist/src/server/domains/browser/definitions.tools.page-system.js +108 -250
- package/dist/src/server/domains/browser/definitions.tools.runtime.js +61 -174
- package/dist/src/server/domains/browser/definitions.tools.security.js +92 -237
- package/dist/src/server/domains/browser/handlers/camoufox-browser.js +3 -2
- package/dist/src/server/domains/browser/handlers/captcha-solver.js +3 -3
- package/dist/src/server/domains/browser/handlers/dom-query.js +2 -1
- package/dist/src/server/domains/browser/handlers/facade-initializer.d.ts +3 -3
- package/dist/src/server/domains/browser/handlers/facade-initializer.js +3 -3
- package/dist/src/server/domains/browser/handlers/framework-state.js +231 -3
- package/dist/src/server/domains/browser/handlers/indexeddb-dump.js +21 -20
- package/dist/src/server/domains/browser/handlers/script-management.js +1 -1
- package/dist/src/server/domains/browser/handlers/stealth-injection.js +8 -2
- package/dist/src/server/domains/browser/handlers.impl.d.ts +15 -12
- package/dist/src/server/domains/browser/handlers.impl.js +5 -6
- package/dist/src/server/domains/browser/manifest.js +37 -13
- package/dist/src/server/domains/coordination/definitions.js +50 -149
- package/dist/src/server/domains/coordination/index.d.ts +20 -1
- package/dist/src/server/domains/coordination/index.js +133 -0
- package/dist/src/server/domains/coordination/manifest.js +15 -0
- package/dist/src/server/domains/debugger/definitions.tools.advanced.js +72 -189
- package/dist/src/server/domains/debugger/definitions.tools.core.js +114 -288
- package/dist/src/server/domains/debugger/manifest.js +9 -2
- package/dist/src/server/domains/encoding/definitions.js +43 -153
- package/dist/src/server/domains/encoding/handlers.base.js +2 -2
- package/dist/src/server/domains/evidence/definitions.d.ts +2 -0
- package/dist/src/server/domains/evidence/definitions.js +42 -0
- package/dist/src/server/domains/evidence/handlers.d.ts +582 -0
- package/dist/src/server/domains/evidence/handlers.js +60 -0
- package/dist/src/server/domains/evidence/index.d.ts +2 -0
- package/dist/src/server/domains/evidence/index.js +2 -0
- package/dist/src/server/domains/evidence/manifest.d.ts +63 -0
- package/dist/src/server/domains/evidence/manifest.js +78 -0
- package/dist/src/server/domains/graphql/definitions.js +53 -141
- package/dist/src/server/domains/graphql/handlers.impl.core.runtime.replay.js +92 -114
- package/dist/src/server/domains/hooks/ai-handlers.d.ts +0 -7
- package/dist/src/server/domains/hooks/ai-handlers.js +4 -70
- package/dist/src/server/domains/hooks/definitions.js +69 -335
- package/dist/src/server/domains/hooks/manifest.d.ts +1 -1
- package/dist/src/server/domains/hooks/manifest.js +1 -2
- package/dist/src/server/domains/instrumentation/definitions.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/definitions.js +99 -0
- package/dist/src/server/domains/instrumentation/handlers.d.ts +78 -0
- package/dist/src/server/domains/instrumentation/handlers.js +206 -0
- package/dist/src/server/domains/instrumentation/index.d.ts +2 -0
- package/dist/src/server/domains/instrumentation/index.js +2 -0
- package/dist/src/server/domains/instrumentation/manifest.d.ts +63 -0
- package/dist/src/server/domains/instrumentation/manifest.js +114 -0
- package/dist/src/server/domains/macro/definitions.js +16 -43
- package/dist/src/server/domains/maintenance/definitions.js +60 -219
- package/dist/src/server/domains/maintenance/handlers.d.ts +2 -2
- package/dist/src/server/domains/maintenance/handlers.extensions.js +78 -20
- package/dist/src/server/domains/maintenance/handlers.js +2 -2
- package/dist/src/server/domains/memory/definitions.js +387 -559
- package/dist/src/server/domains/memory/handlers/hooks.d.ts +55 -0
- package/dist/src/server/domains/memory/handlers/hooks.js +115 -0
- package/dist/src/server/domains/memory/handlers/integrity.d.ts +77 -0
- package/dist/src/server/domains/memory/handlers/integrity.js +180 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/pointer-chain.js +82 -0
- package/dist/src/server/domains/memory/handlers/readwrite.d.ts +41 -0
- package/dist/src/server/domains/memory/handlers/readwrite.js +78 -0
- package/dist/src/server/domains/memory/handlers/scan.d.ts +35 -0
- package/dist/src/server/domains/memory/handlers/scan.js +97 -0
- package/dist/src/server/domains/memory/handlers/session.d.ts +23 -0
- package/dist/src/server/domains/memory/handlers/session.js +49 -0
- package/dist/src/server/domains/memory/handlers/structure.d.ts +29 -0
- package/dist/src/server/domains/memory/handlers/structure.js +74 -0
- package/dist/src/server/domains/memory/handlers.impl.d.ts +49 -54
- package/dist/src/server/domains/memory/handlers.impl.js +63 -494
- package/dist/src/server/domains/memory/manifest.js +236 -64
- package/dist/src/server/domains/native-bridge/definitions.js +54 -192
- package/dist/src/server/domains/native-bridge/index.d.ts +1 -0
- package/dist/src/server/domains/native-bridge/index.js +2 -1
- package/dist/src/server/domains/network/auth-extractor.js +1 -1
- package/dist/src/server/domains/network/definitions.js +175 -578
- package/dist/src/server/domains/network/handlers.base.core.d.ts +64 -0
- package/dist/src/server/domains/network/handlers.base.core.js +623 -0
- package/dist/src/server/domains/network/handlers.base.d.ts +2 -124
- package/dist/src/server/domains/network/handlers.base.js +3 -878
- package/dist/src/server/domains/network/handlers.base.performance.d.ts +63 -0
- package/dist/src/server/domains/network/handlers.base.performance.js +193 -0
- package/dist/src/server/domains/network/handlers.base.types.d.ts +42 -0
- package/dist/src/server/domains/network/handlers.base.types.js +89 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.d.ts +1 -1
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.d.ts +21 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.intercept.js +186 -0
- package/dist/src/server/domains/network/handlers.impl.core.runtime.js +1 -1
- package/dist/src/server/domains/network/manifest.js +15 -0
- package/dist/src/server/domains/network/replay.js +1 -4
- package/dist/src/server/domains/platform/definitions.js +121 -112
- package/dist/src/server/domains/platform/handlers/bridge-handlers.d.ts +5 -1
- package/dist/src/server/domains/platform/handlers/bridge-handlers.js +194 -5
- package/dist/src/server/domains/platform/handlers/electron-asar-helpers.js +26 -6
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-dual-cdp.js +170 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.d.ts +3 -0
- package/dist/src/server/domains/platform/handlers/electron-fuse-handler.js +193 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.d.ts +6 -0
- package/dist/src/server/domains/platform/handlers/electron-handlers.js +95 -2
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-ipc-sniffer.js +370 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/electron-userdata-handler.js +78 -0
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.d.ts +1 -1
- package/dist/src/server/domains/platform/handlers/miniapp-handlers.js +4 -4
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.d.ts +2 -0
- package/dist/src/server/domains/platform/handlers/v8-bytecode-handler.js +207 -0
- package/dist/src/server/domains/platform/handlers.d.ts +48 -0
- package/dist/src/server/domains/platform/handlers.js +29 -0
- package/dist/src/server/domains/platform/manifest.js +38 -0
- package/dist/src/server/domains/process/definitions.js +163 -647
- package/dist/src/server/domains/process/handlers.base.d.ts +3 -95
- package/dist/src/server/domains/process/handlers.base.js +7 -462
- package/dist/src/server/domains/process/handlers.base.process.d.ts +61 -0
- package/dist/src/server/domains/process/handlers.base.process.js +417 -0
- package/dist/src/server/domains/process/handlers.base.types.d.ts +57 -0
- package/dist/src/server/domains/process/handlers.base.types.js +50 -0
- package/dist/src/server/domains/process/handlers.impl.core.runtime.inject.js +19 -17
- package/dist/src/server/domains/process/manifest.js +6 -1
- package/dist/src/server/domains/sandbox/definitions.js +11 -33
- package/dist/src/server/domains/sandbox/handlers.js +8 -3
- package/dist/src/server/domains/shared/ResponseBuilder.d.ts +209 -0
- package/dist/src/server/domains/shared/ResponseBuilder.js +48 -0
- package/dist/src/server/domains/shared/modules.d.ts +0 -2
- package/dist/src/server/domains/shared/modules.js +0 -1
- package/dist/src/server/domains/sourcemap/definitions.js +27 -111
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-common.js +7 -2
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-main.js +1 -1
- package/dist/src/server/domains/sourcemap/handlers.impl.sourcemap-parse-base.js +1 -1
- package/dist/src/server/domains/sourcemap/manifest.d.ts +1 -1
- package/dist/src/server/domains/sourcemap/manifest.js +1 -1
- package/dist/src/server/domains/streaming/definitions.js +36 -148
- package/dist/src/server/domains/streaming/handlers.impl.streaming-sse.js +163 -164
- package/dist/src/server/domains/streaming/handlers.impl.streaming-ws.js +1 -1
- package/dist/src/server/domains/trace/TraceSummarizer.d.ts +60 -0
- package/dist/src/server/domains/trace/TraceSummarizer.js +112 -0
- package/dist/src/server/domains/trace/definitions.tools.js +51 -176
- package/dist/src/server/domains/trace/handlers.d.ts +2 -1
- package/dist/src/server/domains/trace/handlers.js +62 -9
- package/dist/src/server/domains/trace/index.d.ts +2 -1
- package/dist/src/server/domains/trace/index.js +2 -1
- package/dist/src/server/domains/trace/manifest.js +18 -4
- package/dist/src/server/domains/transform/definitions.js +50 -210
- package/dist/src/server/domains/transform/handlers.impl.transform-base.js +6 -6
- package/dist/src/server/domains/transform/handlers.impl.transform-crypto.js +18 -19
- package/dist/src/server/domains/transform/manifest.d.ts +1 -1
- package/dist/src/server/domains/transform/manifest.js +1 -1
- package/dist/src/server/domains/wasm/definitions.js +55 -232
- package/dist/src/server/domains/wasm/handlers.js +3 -3
- package/dist/src/server/domains/workflow/definitions.js +144 -414
- package/dist/src/server/domains/workflow/handlers.impl.workflow-account-bundle.js +2 -2
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.d.ts +2 -0
- package/dist/src/server/domains/workflow/handlers.impl.workflow-base.js +126 -87
- package/dist/src/server/domains/workflow/handlers.impl.workflow-batch.js +5 -5
- package/dist/src/server/evidence/ReverseEvidenceGraph.d.ts +20 -0
- package/dist/src/server/evidence/ReverseEvidenceGraph.js +208 -0
- package/dist/src/server/evidence/index.d.ts +2 -0
- package/dist/src/server/evidence/index.js +1 -0
- package/dist/src/server/evidence/types.d.ts +22 -0
- package/dist/src/server/evidence/types.js +1 -0
- package/dist/src/server/extensions/ExtensionManager.d.ts +1 -0
- package/dist/src/server/extensions/ExtensionManager.discovery.js +72 -9
- package/dist/src/server/extensions/ExtensionManager.integrity.js +1 -1
- package/dist/src/server/extensions/ExtensionManager.js +193 -40
- package/dist/src/server/extensions/ExtensionManager.roots.d.ts +1 -1
- package/dist/src/server/extensions/ExtensionManager.roots.js +19 -9
- package/dist/src/server/extensions/plugin-config.js +1 -1
- package/dist/src/server/extensions/plugin-env.d.ts +1 -1
- package/dist/src/server/extensions/plugin-env.js +10 -4
- package/dist/src/server/extensions/types.d.ts +17 -0
- package/dist/src/server/extensions/types.js +1 -1
- package/dist/src/server/http/HttpMiddleware.js +1 -1
- package/dist/src/server/instrumentation/EvidenceGraphBridge.d.ts +13 -0
- package/dist/src/server/instrumentation/EvidenceGraphBridge.js +150 -0
- package/dist/src/server/instrumentation/InstrumentationSession.d.ts +60 -0
- package/dist/src/server/instrumentation/InstrumentationSession.js +269 -0
- package/dist/src/server/instrumentation/index.d.ts +2 -0
- package/dist/src/server/instrumentation/index.js +2 -0
- package/dist/src/server/instrumentation/types.d.ts +62 -0
- package/dist/src/server/instrumentation/types.js +7 -0
- package/dist/src/server/macros/MacroConfigLoader.d.ts +6 -5
- package/dist/src/server/macros/MacroConfigLoader.js +61 -59
- package/dist/src/server/macros/MacroRunner.js +6 -2
- package/dist/src/server/macros/builtins/index.d.ts +2 -3
- package/dist/src/server/macros/builtins/index.js +51 -7
- package/dist/src/server/plugins/PluginContract.d.ts +1 -1
- package/dist/src/server/registry/contracts.d.ts +7 -1
- package/dist/src/server/registry/discovery.js +5 -4
- package/dist/src/server/registry/ensure-browser-core.js +0 -3
- package/dist/src/server/registry/index.js +4 -4
- package/dist/src/server/registry/tool-builder.d.ts +46 -0
- package/dist/src/server/registry/tool-builder.js +105 -0
- package/dist/src/server/sandbox/MCPBridge.d.ts +9 -0
- package/dist/src/server/sandbox/MCPBridge.js +22 -0
- package/dist/src/server/sandbox/QuickJSSandbox.d.ts +4 -1
- package/dist/src/server/sandbox/QuickJSSandbox.js +162 -2
- package/dist/src/server/sandbox/types.d.ts +13 -0
- package/dist/src/server/search/AffinityGraph.d.ts +7 -1
- package/dist/src/server/search/AffinityGraph.js +24 -3
- package/dist/src/server/search/EmbeddingWorker.js +5 -3
- package/dist/src/server/search/FeedbackTracker.d.ts +9 -0
- package/dist/src/server/search/FeedbackTracker.js +26 -0
- package/dist/src/server/search/QueryNormalizer.d.ts +6 -0
- package/dist/src/server/search/QueryNormalizer.js +94 -0
- package/dist/src/server/search/ToolSearchEngineImpl.d.ts +2 -3
- package/dist/src/server/search/ToolSearchEngineImpl.js +38 -88
- package/dist/src/server/workflows/WorkflowContract.d.ts +24 -0
- package/dist/src/server/workflows/WorkflowContract.js +12 -0
- package/dist/src/server/workflows/WorkflowEngine.d.ts +1 -0
- package/dist/src/server/workflows/WorkflowEngine.js +136 -3
- package/dist/src/types/config.d.ts +0 -14
- package/dist/src/types/deobfuscator.d.ts +0 -1
- package/dist/src/types/index.d.ts +1 -1
- package/dist/src/utils/DetailedDataManager.js +2 -0
- package/dist/src/utils/RingBuffer.js +5 -5
- package/dist/src/utils/TokenBudgetManager.js +1 -1
- package/dist/src/utils/UnifiedCacheManager.d.ts +1 -1
- package/dist/src/utils/UnifiedCacheManager.js +3 -3
- package/dist/src/utils/artifactRetention.js +2 -2
- package/dist/src/utils/betterSqlite3.d.ts +11 -0
- package/dist/src/utils/betterSqlite3.js +88 -0
- package/dist/src/utils/browserExecutable.js +2 -2
- package/dist/src/utils/cliFastPath.js +17 -6
- package/dist/src/utils/config.js +4 -26
- package/dist/src/utils/environmentDoctor.js +138 -11
- package/dist/src/utils/outputPaths.js +16 -9
- package/dist/src/utils/parallel.js +1 -3
- package/package.json +76 -72
- package/scripts/postinstall.cjs +37 -37
- package/src/native/scripts/linux/enum-windows.sh +12 -12
- package/src/native/scripts/macos/enum-windows.applescript +22 -22
- package/src/native/scripts/windows/enum-windows-by-class.ps1 +51 -51
- package/src/native/scripts/windows/enum-windows.ps1 +44 -44
- package/src/native/scripts/windows/inject-dll.ps1 +21 -21
- package/workflows/.gitkeep +0 -0
- package/dist/src/modules/analyzer/AISummarizer.d.ts +0 -39
- package/dist/src/modules/analyzer/AISummarizer.js +0 -122
- package/dist/src/modules/hook/AIHookGenerator.d.ts +0 -52
- package/dist/src/modules/hook/AIHookGenerator.js +0 -360
- package/dist/src/modules/hook/AIHookGeneratorTemplates.d.ts +0 -9
- package/dist/src/modules/hook/AIHookGeneratorTemplates.js +0 -157
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/deobfuscate-ast-flow.js +0 -25
- package/dist/src/server/macros/builtins/unpacker-flow.d.ts +0 -2
- package/dist/src/server/macros/builtins/unpacker-flow.js +0 -25
- package/dist/src/services/LLMService.d.ts +0 -37
- package/dist/src/services/LLMService.js +0 -233
- package/dist/src/services/prompts/analysis.d.ts +0 -9
- package/dist/src/services/prompts/analysis.js +0 -158
- package/dist/src/services/prompts/crypto.d.ts +0 -2
- package/dist/src/services/prompts/crypto.js +0 -108
- package/dist/src/services/prompts/deobfuscation.d.ts +0 -6
- package/dist/src/services/prompts/deobfuscation.js +0 -300
- package/dist/src/services/prompts/environment.d.ts +0 -16
- package/dist/src/services/prompts/environment.js +0 -372
- package/dist/src/services/prompts/intelligence.d.ts +0 -4
- package/dist/src/services/prompts/intelligence.js +0 -250
- package/dist/src/services/prompts/taint.d.ts +0 -2
- package/dist/src/services/prompts/taint.js +0 -54
|
@@ -1,300 +0,0 @@
|
|
|
1
|
-
export function generateCodeCleanupMessages(code, techniques) {
|
|
2
|
-
const codeSnippet = code.length > 2000 ? code.slice(0, 2000) + '\n...(truncated)' : code;
|
|
3
|
-
const systemPrompt = `# Role
|
|
4
|
-
You are an expert JavaScript code reviewer and refactoring specialist with expertise in:
|
|
5
|
-
- Code readability and maintainability improvement
|
|
6
|
-
- Semantic variable naming based on usage context
|
|
7
|
-
- Code smell detection and refactoring
|
|
8
|
-
- JavaScript best practices (ES6+, clean code principles)
|
|
9
|
-
- Preserving exact program functionality during refactoring
|
|
10
|
-
|
|
11
|
-
# Task
|
|
12
|
-
Clean up and improve deobfuscated JavaScript code while preserving 100% of its functionality.
|
|
13
|
-
|
|
14
|
-
# Refactoring Principles
|
|
15
|
-
1. **Semantic Naming**: Infer variable purpose from usage patterns
|
|
16
|
-
- API calls -> apiClient, fetchData, apiResponse
|
|
17
|
-
- DOM elements -> userInput, submitButton, errorMessage
|
|
18
|
-
- Crypto operations -> encryptedData, decryptionKey, hashValue
|
|
19
|
-
- Loops/counters -> index, itemCount, currentPage
|
|
20
|
-
|
|
21
|
-
2. **Code Simplification**: Remove obfuscation artifacts
|
|
22
|
-
- Unnecessary IIFEs and closures
|
|
23
|
-
- Redundant variable assignments
|
|
24
|
-
- Complex ternary chains -> if-else
|
|
25
|
-
- Magic numbers -> named constants
|
|
26
|
-
|
|
27
|
-
3. **Structure Improvement**: Enhance readability
|
|
28
|
-
- Extract repeated code to functions
|
|
29
|
-
- Group related operations
|
|
30
|
-
- Consistent indentation and spacing
|
|
31
|
-
- Logical code organization
|
|
32
|
-
|
|
33
|
-
# Critical Constraints
|
|
34
|
-
- **NEVER** change program logic or behavior
|
|
35
|
-
- **NEVER** remove functional code (even if it looks redundant)
|
|
36
|
-
- **NEVER** add new functionality
|
|
37
|
-
- **ONLY** improve naming, structure, and readability
|
|
38
|
-
- Output must be syntactically valid JavaScript
|
|
39
|
-
- Preserve all side effects and edge cases
|
|
40
|
-
|
|
41
|
-
# Output Format
|
|
42
|
-
Return ONLY the cleaned JavaScript code (no markdown, no explanations).`;
|
|
43
|
-
const userPrompt = `# Code Cleanup Task
|
|
44
|
-
|
|
45
|
-
## Detected Obfuscation Techniques
|
|
46
|
-
${techniques.map((t) => `- ${t}`).join('\n')}
|
|
47
|
-
|
|
48
|
-
## Deobfuscated Code (needs cleanup)
|
|
49
|
-
\`\`\`javascript
|
|
50
|
-
${codeSnippet}
|
|
51
|
-
\`\`\`
|
|
52
|
-
|
|
53
|
-
## Your Task
|
|
54
|
-
Clean up and improve this deobfuscated JavaScript code:
|
|
55
|
-
|
|
56
|
-
1. **Variable Naming**: Rename variables to meaningful names based on their usage
|
|
57
|
-
- Avoid generic names like 'a', 'b', 'temp'
|
|
58
|
-
- Use descriptive names like 'userConfig', 'apiEndpoint', 'responseData'
|
|
59
|
-
|
|
60
|
-
2. **Code Structure**: Improve readability
|
|
61
|
-
- Remove unnecessary parentheses and brackets
|
|
62
|
-
- Simplify complex expressions
|
|
63
|
-
- Extract magic numbers to named constants
|
|
64
|
-
|
|
65
|
-
3. **Comments**: Add brief comments for:
|
|
66
|
-
- Complex logic or algorithms
|
|
67
|
-
- Non-obvious functionality
|
|
68
|
-
- Important data structures
|
|
69
|
-
|
|
70
|
-
4. **Consistency**: Ensure consistent code style
|
|
71
|
-
- Use consistent indentation
|
|
72
|
-
- Follow JavaScript best practices
|
|
73
|
-
|
|
74
|
-
## Important Rules
|
|
75
|
-
- Preserve ALL original functionality
|
|
76
|
-
- Do NOT remove any functional code
|
|
77
|
-
- Do NOT change the program logic
|
|
78
|
-
- Output ONLY valid JavaScript code
|
|
79
|
-
- Do NOT add explanations outside the code
|
|
80
|
-
|
|
81
|
-
## Output Format
|
|
82
|
-
Return only the cleaned JavaScript code without markdown formatting.`;
|
|
83
|
-
return [
|
|
84
|
-
{ role: 'system', content: systemPrompt },
|
|
85
|
-
{ role: 'user', content: userPrompt },
|
|
86
|
-
];
|
|
87
|
-
}
|
|
88
|
-
export function generateVMAnalysisMessages(code) {
|
|
89
|
-
const codeSnippet = code.substring(0, 5000);
|
|
90
|
-
const userPrompt = `Analyze this JavaScript code protected by JSVMP (JavaScript Virtual Machine Protection).
|
|
91
|
-
|
|
92
|
-
JSVMP-protected JavaScript code:
|
|
93
|
-
|
|
94
|
-
\`\`\`javascript
|
|
95
|
-
${codeSnippet}
|
|
96
|
-
\`\`\`
|
|
97
|
-
|
|
98
|
-
Please analyze:
|
|
99
|
-
|
|
100
|
-
1. **VM Type**: What type of VM protection is this? (obfuscator.io / custom VM / other)
|
|
101
|
-
|
|
102
|
-
2. **VM Structure**:
|
|
103
|
-
- Is there a Program Counter (PC)?
|
|
104
|
-
- Is there a Stack?
|
|
105
|
-
- Are there Registers?
|
|
106
|
-
- What is the bytecode format?
|
|
107
|
-
|
|
108
|
-
3. **Key Components**:
|
|
109
|
-
- VM interpreter function (main loop)
|
|
110
|
-
- Dispatcher (switch statement)
|
|
111
|
-
- Bytecode array
|
|
112
|
-
|
|
113
|
-
4. **Restoration Strategy**:
|
|
114
|
-
- How to extract bytecode?
|
|
115
|
-
- How to map opcodes?
|
|
116
|
-
- Recommended restoration steps?
|
|
117
|
-
|
|
118
|
-
Return JSON:
|
|
119
|
-
{
|
|
120
|
-
"vmType": "VM type description",
|
|
121
|
-
"programCounter": "PC variable description",
|
|
122
|
-
"stack": "stack description",
|
|
123
|
-
"registers": "registers description",
|
|
124
|
-
"bytecodeArray": "bytecode array description",
|
|
125
|
-
"interpreterFunction": "interpreter function description",
|
|
126
|
-
"restorationSteps": ["step 1", "step 2", ...],
|
|
127
|
-
"warnings": ["warning 1", "warning 2", ...]
|
|
128
|
-
}`;
|
|
129
|
-
return [{ role: 'user', content: userPrompt }];
|
|
130
|
-
}
|
|
131
|
-
export function generateDeobfuscationPrompt(code) {
|
|
132
|
-
const systemPrompt = `# Role
|
|
133
|
-
You are an expert JavaScript analyst specializing in:
|
|
134
|
-
- Code deobfuscation and obfuscation pattern recognition
|
|
135
|
-
- Obfuscator tool identification (javascript-obfuscator, UglifyJS, Terser, Webpack, etc.)
|
|
136
|
-
- Control flow analysis and simplification
|
|
137
|
-
- Semantic code understanding and variable naming
|
|
138
|
-
- AST manipulation and code transformation
|
|
139
|
-
|
|
140
|
-
# Known Obfuscation Techniques
|
|
141
|
-
1. String Array Obfuscation: Strings stored in arrays with index-based access
|
|
142
|
-
2. Control Flow Flattening: Switch-case state machines replacing normal control flow
|
|
143
|
-
3. Dead Code Injection: Unreachable code blocks
|
|
144
|
-
4. Opaque Predicates: Always-true/false conditions
|
|
145
|
-
5. Variable Name Mangling: _0x1234, _0xabcd style names
|
|
146
|
-
6. Encoding: Hex, Unicode, Base64 encoded strings
|
|
147
|
-
7. VM Protection: Custom virtual machine interpreters
|
|
148
|
-
|
|
149
|
-
# Task
|
|
150
|
-
Analyze the obfuscated code to:
|
|
151
|
-
1. Identify the obfuscation type and tool used
|
|
152
|
-
2. Understand the actual program logic
|
|
153
|
-
3. Suggest meaningful variable and function names
|
|
154
|
-
4. Provide deobfuscated code if possible
|
|
155
|
-
5. Explain the deobfuscation process step-by-step`;
|
|
156
|
-
const userPrompt = `# Obfuscated Code
|
|
157
|
-
\`\`\`javascript
|
|
158
|
-
${code.length > 3000 ? code.substring(0, 3000) + '\n\n// ... (code truncated)' : code}
|
|
159
|
-
\`\`\`
|
|
160
|
-
|
|
161
|
-
# Required Output Schema
|
|
162
|
-
Return ONLY valid JSON:
|
|
163
|
-
|
|
164
|
-
\`\`\`json
|
|
165
|
-
{
|
|
166
|
-
"obfuscationType": {
|
|
167
|
-
"primary": "string-array | control-flow-flattening | vm-protection | mixed | unknown",
|
|
168
|
-
"techniques": ["technique 1"],
|
|
169
|
-
"tool": "javascript-obfuscator | webpack | uglify | terser | custom | unknown",
|
|
170
|
-
"toolVersion": "string or null",
|
|
171
|
-
"confidence": 0.85
|
|
172
|
-
},
|
|
173
|
-
"analysis": {
|
|
174
|
-
"codeStructure": "description of overall structure",
|
|
175
|
-
"mainLogic": "what the code actually does",
|
|
176
|
-
"keyFunctions": [
|
|
177
|
-
{
|
|
178
|
-
"obfuscatedName": "_0x1234",
|
|
179
|
-
"purpose": "what it does",
|
|
180
|
-
"confidence": 0.9
|
|
181
|
-
}
|
|
182
|
-
],
|
|
183
|
-
"dataFlow": "how data flows through the code"
|
|
184
|
-
},
|
|
185
|
-
"suggestions": {
|
|
186
|
-
"variableRenames": {
|
|
187
|
-
"_0x1234": {"suggested": "userId", "reason": "stores user ID from API", "confidence": 0.95}
|
|
188
|
-
},
|
|
189
|
-
"functionRenames": {
|
|
190
|
-
"_0xabcd": {"suggested": "encryptPassword", "reason": "calls CryptoJS.AES.encrypt", "confidence": 0.92}
|
|
191
|
-
},
|
|
192
|
-
"simplifications": [
|
|
193
|
-
{
|
|
194
|
-
"type": "remove dead code | unflatten control flow | decode strings",
|
|
195
|
-
"description": "what to simplify",
|
|
196
|
-
"impact": "high | medium | low"
|
|
197
|
-
}
|
|
198
|
-
]
|
|
199
|
-
},
|
|
200
|
-
"deobfuscationSteps": [
|
|
201
|
-
"Step 1: Extract string array at line 1-5"
|
|
202
|
-
],
|
|
203
|
-
"deobfuscatedCode": "string or null",
|
|
204
|
-
"limitations": ["what couldn't be deobfuscated and why"],
|
|
205
|
-
"summary": "Brief summary of obfuscation and deobfuscation results"
|
|
206
|
-
}
|
|
207
|
-
\`\`\`
|
|
208
|
-
|
|
209
|
-
Return ONLY the JSON output.`;
|
|
210
|
-
return [
|
|
211
|
-
{ role: 'system', content: systemPrompt },
|
|
212
|
-
{ role: 'user', content: userPrompt },
|
|
213
|
-
];
|
|
214
|
-
}
|
|
215
|
-
export function generateVMDeobfuscationMessages(userPrompt) {
|
|
216
|
-
const systemPrompt = `# Role
|
|
217
|
-
You are a world-class expert in JavaScript VM deobfuscation and program analysis with expertise in:
|
|
218
|
-
- Virtual machine architecture and instruction set design
|
|
219
|
-
- Bytecode interpretation and JIT compilation
|
|
220
|
-
- Control flow reconstruction from VM instructions
|
|
221
|
-
- Stack-based and register-based VM analysis
|
|
222
|
-
- Obfuscation techniques used by TikTok, Shopee, and commercial protectors
|
|
223
|
-
|
|
224
|
-
# Task
|
|
225
|
-
Analyze VM-protected JavaScript code and reconstruct the original, readable JavaScript.
|
|
226
|
-
|
|
227
|
-
# Methodology
|
|
228
|
-
1. **Identify VM Components**: Locate instruction array, interpreter loop, stack/registers
|
|
229
|
-
2. **Decode Instructions**: Map VM opcodes to JavaScript operations
|
|
230
|
-
3. **Reconstruct Control Flow**: Convert VM jumps/branches to if/while/for
|
|
231
|
-
4. **Simplify**: Remove VM overhead and restore natural code structure
|
|
232
|
-
5. **Validate**: Ensure output is syntactically valid and functionally equivalent
|
|
233
|
-
|
|
234
|
-
# Critical Requirements
|
|
235
|
-
- Output ONLY valid, executable JavaScript (no markdown, no explanations)
|
|
236
|
-
- Preserve exact program logic and side effects
|
|
237
|
-
- Use meaningful variable names based on context
|
|
238
|
-
- Add brief comments for complex patterns
|
|
239
|
-
- Do NOT hallucinate or guess functionality
|
|
240
|
-
- If uncertain, preserve original code structure
|
|
241
|
-
|
|
242
|
-
# Output Format
|
|
243
|
-
Return clean JavaScript code without any wrapper or formatting.`;
|
|
244
|
-
return [
|
|
245
|
-
{ role: 'system', content: systemPrompt },
|
|
246
|
-
{ role: 'user', content: userPrompt },
|
|
247
|
-
];
|
|
248
|
-
}
|
|
249
|
-
export function generateControlFlowUnflatteningMessages(codeSnippet) {
|
|
250
|
-
const systemPrompt = `# Role
|
|
251
|
-
You are an expert in JavaScript control flow deobfuscation specializing in:
|
|
252
|
-
- Control flow flattening detection and removal
|
|
253
|
-
- Switch-case state machine analysis
|
|
254
|
-
- Dispatcher loop identification
|
|
255
|
-
- Control flow graph (CFG) reconstruction
|
|
256
|
-
|
|
257
|
-
# Task
|
|
258
|
-
Analyze control flow flattened JavaScript and reconstruct the original, natural control flow.
|
|
259
|
-
|
|
260
|
-
# Control Flow Flattening Pattern
|
|
261
|
-
Obfuscators replace normal if/while/for with a dispatcher loop:
|
|
262
|
-
\`\`\`javascript
|
|
263
|
-
var state = '0';
|
|
264
|
-
while (true) {
|
|
265
|
-
switch (state) {
|
|
266
|
-
case '0': console.log('a'); state = '1'; break;
|
|
267
|
-
case '1': console.log('b'); state = '2'; break;
|
|
268
|
-
case '2': return;
|
|
269
|
-
}
|
|
270
|
-
}
|
|
271
|
-
|
|
272
|
-
console.log('a');
|
|
273
|
-
console.log('b');
|
|
274
|
-
return;
|
|
275
|
-
\`\`\`
|
|
276
|
-
|
|
277
|
-
# Requirements
|
|
278
|
-
- Output ONLY valid JavaScript code
|
|
279
|
-
- Preserve exact program logic
|
|
280
|
-
- Remove dispatcher loops and state variables
|
|
281
|
-
- Restore natural if/while/for structures
|
|
282
|
-
- Use meaningful variable names`;
|
|
283
|
-
const userPrompt = `# Control Flow Flattened Code
|
|
284
|
-
\`\`\`javascript
|
|
285
|
-
${codeSnippet}
|
|
286
|
-
\`\`\`
|
|
287
|
-
|
|
288
|
-
# Instructions
|
|
289
|
-
1. Identify the dispatcher loop (while/for with switch-case)
|
|
290
|
-
2. Trace state transitions to determine execution order
|
|
291
|
-
3. Reconstruct original control flow (if/while/for)
|
|
292
|
-
4. Remove state variables and dispatcher overhead
|
|
293
|
-
5. Return ONLY the deobfuscated code (no explanations)
|
|
294
|
-
|
|
295
|
-
Output the deobfuscated JavaScript code:`;
|
|
296
|
-
return [
|
|
297
|
-
{ role: 'system', content: systemPrompt },
|
|
298
|
-
{ role: 'user', content: userPrompt },
|
|
299
|
-
];
|
|
300
|
-
}
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
import type { LLMMessage } from '../LLMService.js';
|
|
2
|
-
export declare function generateBrowserEnvAnalysisMessages(code: string, detected: object, missing: Array<{
|
|
3
|
-
path: string;
|
|
4
|
-
type: string;
|
|
5
|
-
}>, browserType: string): LLMMessage[];
|
|
6
|
-
export declare function generateAntiCrawlAnalysisMessages(code: string): LLMMessage[];
|
|
7
|
-
export declare function generateAPIImplementationMessages(apiPath: string, context: string): LLMMessage[];
|
|
8
|
-
export declare function generateEnvironmentSuggestionsMessages(detected: Record<string, string[]>, missing: Array<{
|
|
9
|
-
path: string;
|
|
10
|
-
type: string;
|
|
11
|
-
}>, browserType: string): LLMMessage[];
|
|
12
|
-
export declare function generateMissingAPIImplementationsMessages(missingAPIs: Array<{
|
|
13
|
-
path: string;
|
|
14
|
-
type: string;
|
|
15
|
-
}>, code: string): LLMMessage[];
|
|
16
|
-
export declare function generateMissingVariablesMessages(browserType: string, missingPaths: string[], code: string, existingManifest: Record<string, unknown>): LLMMessage[];
|
|
@@ -1,372 +0,0 @@
|
|
|
1
|
-
export function generateBrowserEnvAnalysisMessages(code, detected, missing, browserType) {
|
|
2
|
-
const codeSnippet = code.length > 5000 ? code.substring(0, 5000) + '\n\n...(truncated)' : code;
|
|
3
|
-
const systemPrompt = `# Role
|
|
4
|
-
You are an expert JavaScript analyst and anti-detection specialist with 10+ years of experience in:
|
|
5
|
-
- Browser environment emulation and fingerprinting
|
|
6
|
-
- Anti-bot and anti-scraping technique analysis
|
|
7
|
-
- JavaScript obfuscation and deobfuscation
|
|
8
|
-
- Browser API implementation and polyfills
|
|
9
|
-
- Web security and privacy technologies
|
|
10
|
-
|
|
11
|
-
# Expertise Areas
|
|
12
|
-
- **Browser Fingerprinting**: Canvas, WebGL, Audio, Font, CSS fingerprinting
|
|
13
|
-
- **Environment Detection**: WebDriver, Headless Chrome, Puppeteer detection
|
|
14
|
-
- **API Emulation**: DOM, BOM, Web APIs (Crypto, Storage, Performance, etc.)
|
|
15
|
-
- **Anti-Detection**: Stealth techniques, environment consistency checks
|
|
16
|
-
- **Browser Internals**: Chrome, Firefox, Safari implementation differences
|
|
17
|
-
|
|
18
|
-
# Task
|
|
19
|
-
Analyze the provided JavaScript code to:
|
|
20
|
-
1. Identify ALL browser environment variables and APIs being accessed
|
|
21
|
-
2. Detect anti-bot and fingerprinting techniques
|
|
22
|
-
3. Recommend realistic values for missing environment variables
|
|
23
|
-
4. Provide working JavaScript implementations for missing APIs
|
|
24
|
-
5. Assess detection risks and provide mitigation strategies
|
|
25
|
-
|
|
26
|
-
# Analysis Standards
|
|
27
|
-
- Follow W3C Web API specifications
|
|
28
|
-
- Use real browser behavior patterns (not placeholder values)
|
|
29
|
-
- Ensure environment consistency (e.g., userAgent matches platform)
|
|
30
|
-
- Detect common anti-bot libraries (Cloudflare, PerimeterX, DataDome, etc.)
|
|
31
|
-
- Identify fingerprinting scripts (FingerprintJS, CreepJS, etc.)`;
|
|
32
|
-
const userPrompt = `# Target Browser
|
|
33
|
-
${browserType.toUpperCase()} (Latest stable version)
|
|
34
|
-
|
|
35
|
-
# Detected Environment Variable Access
|
|
36
|
-
\`\`\`json
|
|
37
|
-
${JSON.stringify(detected, null, 2)}
|
|
38
|
-
\`\`\`
|
|
39
|
-
|
|
40
|
-
# Missing APIs (Need Implementation)
|
|
41
|
-
\`\`\`json
|
|
42
|
-
${JSON.stringify(missing, null, 2)}
|
|
43
|
-
\`\`\`
|
|
44
|
-
|
|
45
|
-
# Code to Analyze
|
|
46
|
-
\`\`\`javascript
|
|
47
|
-
${codeSnippet}
|
|
48
|
-
\`\`\`
|
|
49
|
-
|
|
50
|
-
# Required Output Schema
|
|
51
|
-
Return ONLY valid JSON with this EXACT structure (all fields required):
|
|
52
|
-
|
|
53
|
-
\`\`\`json
|
|
54
|
-
{
|
|
55
|
-
"recommendedVariables": {
|
|
56
|
-
"navigator.userAgent": "string - realistic UA matching target browser",
|
|
57
|
-
"navigator.platform": "string - must match UA (Win32, MacIntel, Linux x86_64)",
|
|
58
|
-
"navigator.vendor": "string - Google Inc. for Chrome, empty for Firefox",
|
|
59
|
-
"window.chrome": "object | undefined - Chrome-specific object",
|
|
60
|
-
"navigator.webdriver": "boolean - MUST be false or undefined for stealth",
|
|
61
|
-
"navigator.plugins": "PluginArray - realistic plugin list, not empty array",
|
|
62
|
-
"...": "other detected variables with realistic values"
|
|
63
|
-
},
|
|
64
|
-
"recommendedAPIs": [
|
|
65
|
-
{
|
|
66
|
-
"path": "string - full API path (e.g., 'window.requestAnimationFrame')",
|
|
67
|
-
"implementation": "string - complete working JavaScript code",
|
|
68
|
-
"reason": "string - why this API is needed and how it's used in the code",
|
|
69
|
-
"priority": "critical | high | medium | low",
|
|
70
|
-
"complexity": "simple | moderate | complex"
|
|
71
|
-
}
|
|
72
|
-
],
|
|
73
|
-
"antiCrawlFeatures": [
|
|
74
|
-
{
|
|
75
|
-
"feature": "string - specific technique name",
|
|
76
|
-
"type": "fingerprinting | detection | obfuscation | challenge",
|
|
77
|
-
"severity": "critical | high | medium | low",
|
|
78
|
-
"description": "string - detailed technical description",
|
|
79
|
-
"location": "string - line number or function name if identifiable",
|
|
80
|
-
"mitigation": "string - specific bypass technique with code example",
|
|
81
|
-
"confidence": 0.95
|
|
82
|
-
}
|
|
83
|
-
],
|
|
84
|
-
"environmentConsistency": {
|
|
85
|
-
"issues": [
|
|
86
|
-
{
|
|
87
|
-
"variable1": "navigator.userAgent",
|
|
88
|
-
"variable2": "navigator.platform",
|
|
89
|
-
"issue": "UA indicates Windows but platform is MacIntel",
|
|
90
|
-
"fix": "Ensure platform matches UA OS"
|
|
91
|
-
}
|
|
92
|
-
],
|
|
93
|
-
"score": 85
|
|
94
|
-
},
|
|
95
|
-
"suggestions": [
|
|
96
|
-
"string - actionable recommendation 1",
|
|
97
|
-
"string - actionable recommendation 2",
|
|
98
|
-
"string - actionable recommendation 3"
|
|
99
|
-
],
|
|
100
|
-
"confidence": 0.85,
|
|
101
|
-
"summary": "2-3 sentence summary of findings and main risks"
|
|
102
|
-
}
|
|
103
|
-
\`\`\`
|
|
104
|
-
|
|
105
|
-
Now analyze the code and return ONLY the JSON output (no markdown, no explanations).`;
|
|
106
|
-
return [
|
|
107
|
-
{ role: 'system', content: systemPrompt },
|
|
108
|
-
{ role: 'user', content: userPrompt },
|
|
109
|
-
];
|
|
110
|
-
}
|
|
111
|
-
export function generateAntiCrawlAnalysisMessages(code) {
|
|
112
|
-
const systemPrompt = `# Role
|
|
113
|
-
You are an expert in web anti-bot and anti-scraping technologies with deep knowledge of:
|
|
114
|
-
- Commercial anti-bot solutions (Cloudflare, PerimeterX, DataDome, Akamai, etc.)
|
|
115
|
-
- Browser fingerprinting techniques (Canvas, WebGL, Audio, Font, CSS, etc.)
|
|
116
|
-
- Bot detection methods (behavioral analysis, TLS fingerprinting, etc.)
|
|
117
|
-
- Stealth and evasion techniques
|
|
118
|
-
|
|
119
|
-
# Known Anti-Bot Techniques
|
|
120
|
-
1. **Browser Fingerprinting**
|
|
121
|
-
- Canvas fingerprinting (toDataURL, getImageData)
|
|
122
|
-
- WebGL fingerprinting (renderer, vendor, extensions)
|
|
123
|
-
- Audio fingerprinting (AudioContext, OscillatorNode)
|
|
124
|
-
- Font fingerprinting (measureText, font enumeration)
|
|
125
|
-
- CSS fingerprinting (getComputedStyle)
|
|
126
|
-
|
|
127
|
-
2. **Environment Detection**
|
|
128
|
-
- WebDriver detection (navigator.webdriver)
|
|
129
|
-
- Headless detection (chrome.runtime, permissions)
|
|
130
|
-
- Automation tool detection (window.cdc_, $cdc_, __webdriver_)
|
|
131
|
-
- Plugin detection (navigator.plugins length check)
|
|
132
|
-
|
|
133
|
-
3. **Behavioral Analysis**
|
|
134
|
-
- Mouse movement patterns (entropy, velocity, acceleration)
|
|
135
|
-
- Keyboard timing analysis
|
|
136
|
-
- Scroll behavior patterns
|
|
137
|
-
- Touch event simulation detection
|
|
138
|
-
|
|
139
|
-
4. **Advanced Techniques**
|
|
140
|
-
- TLS/SSL fingerprinting (JA3, JA3S)
|
|
141
|
-
- HTTP/2 fingerprinting
|
|
142
|
-
- Timing attacks (performance.now() precision)
|
|
143
|
-
- Memory/CPU profiling
|
|
144
|
-
- Stack trace analysis
|
|
145
|
-
|
|
146
|
-
# Task
|
|
147
|
-
Analyze the code and identify ALL anti-bot and fingerprinting techniques with high precision.`;
|
|
148
|
-
const userPrompt = `# Code to Analyze
|
|
149
|
-
\`\`\`javascript
|
|
150
|
-
${code.substring(0, 3000)}${code.length > 3000 ? '\n\n...(truncated)' : ''}
|
|
151
|
-
\`\`\`
|
|
152
|
-
|
|
153
|
-
# Required Output Schema
|
|
154
|
-
Return ONLY valid JSON array with this structure:
|
|
155
|
-
|
|
156
|
-
\`\`\`json
|
|
157
|
-
[
|
|
158
|
-
{
|
|
159
|
-
"feature": "string - specific technique name (e.g., 'Canvas Fingerprinting via toDataURL')",
|
|
160
|
-
"type": "fingerprinting | detection | behavioral | challenge | obfuscation",
|
|
161
|
-
"severity": "critical | high | medium | low",
|
|
162
|
-
"description": "string - detailed technical description of what the code does",
|
|
163
|
-
"location": "string - line number, function name, or code pattern",
|
|
164
|
-
"mitigation": "string - specific bypass code or technique",
|
|
165
|
-
"confidence": 0.95,
|
|
166
|
-
"vendor": "string | null - if identifiable (Cloudflare, PerimeterX, etc.)"
|
|
167
|
-
}
|
|
168
|
-
]
|
|
169
|
-
\`\`\`
|
|
170
|
-
|
|
171
|
-
# Analysis Guidelines
|
|
172
|
-
- Be specific: "Canvas toDataURL fingerprinting" not just "Canvas detection"
|
|
173
|
-
- Provide working mitigation code when possible
|
|
174
|
-
- Identify vendor if signature matches known products
|
|
175
|
-
- Only report techniques you actually see in the code
|
|
176
|
-
- Use confidence scores honestly (0.7-0.8 for uncertain, 0.9+ for definite)
|
|
177
|
-
|
|
178
|
-
Now analyze and return ONLY the JSON array.`;
|
|
179
|
-
return [
|
|
180
|
-
{ role: 'system', content: systemPrompt },
|
|
181
|
-
{ role: 'user', content: userPrompt },
|
|
182
|
-
];
|
|
183
|
-
}
|
|
184
|
-
export function generateAPIImplementationMessages(apiPath, context) {
|
|
185
|
-
const systemPrompt = `# Role
|
|
186
|
-
You are a browser API implementation expert with deep knowledge of:
|
|
187
|
-
- W3C Web API specifications
|
|
188
|
-
- Browser internals (V8, SpiderMonkey, JavaScriptCore)
|
|
189
|
-
- DOM, BOM, and Web APIs implementation details
|
|
190
|
-
- Cross-browser compatibility
|
|
191
|
-
- Anti-detection and stealth techniques
|
|
192
|
-
|
|
193
|
-
# Task
|
|
194
|
-
Provide a realistic, working JavaScript implementation for the requested browser API that:
|
|
195
|
-
1. Follows W3C specifications
|
|
196
|
-
2. Matches real browser behavior
|
|
197
|
-
3. Passes anti-detection checks
|
|
198
|
-
4. Is production-ready (handles edge cases)
|
|
199
|
-
5. Is concise but complete
|
|
200
|
-
|
|
201
|
-
# Implementation Standards
|
|
202
|
-
- Return realistic values (not null/undefined unless spec requires)
|
|
203
|
-
- Handle all parameter variations
|
|
204
|
-
- Include proper error handling
|
|
205
|
-
- Match browser-specific behavior when needed
|
|
206
|
-
- Consider performance implications`;
|
|
207
|
-
const userPrompt = `# API to Implement
|
|
208
|
-
\`${apiPath}\`
|
|
209
|
-
|
|
210
|
-
# Usage Context
|
|
211
|
-
\`\`\`javascript
|
|
212
|
-
${context.substring(0, 1000)}${context.length > 1000 ? '\n...(truncated)' : ''}
|
|
213
|
-
\`\`\`
|
|
214
|
-
|
|
215
|
-
# Requirements
|
|
216
|
-
1. Provide ONLY the JavaScript implementation code
|
|
217
|
-
2. Code must be production-ready and handle edge cases
|
|
218
|
-
3. Match real browser behavior (not a mock/stub)
|
|
219
|
-
4. Include JSDoc comment explaining the implementation
|
|
220
|
-
5. Consider anti-detection (e.g., function.toString() should look native)
|
|
221
|
-
|
|
222
|
-
# Output Format
|
|
223
|
-
Return ONLY JavaScript code in a code block, no explanations outside the code.
|
|
224
|
-
|
|
225
|
-
Now provide the implementation for \`${apiPath}\`:`;
|
|
226
|
-
return [
|
|
227
|
-
{ role: 'system', content: systemPrompt },
|
|
228
|
-
{ role: 'user', content: userPrompt },
|
|
229
|
-
];
|
|
230
|
-
}
|
|
231
|
-
export function generateEnvironmentSuggestionsMessages(detected, missing, browserType) {
|
|
232
|
-
const totalVars = Object.values(detected).flat().length;
|
|
233
|
-
const systemPrompt = `# Role
|
|
234
|
-
You are a browser automation and anti-detection expert providing actionable recommendations.
|
|
235
|
-
|
|
236
|
-
# Task
|
|
237
|
-
Generate 3-5 specific, prioritized recommendations for browser environment emulation.
|
|
238
|
-
|
|
239
|
-
# Recommendation Criteria
|
|
240
|
-
1. **Actionable**: Provide specific steps or code snippets
|
|
241
|
-
2. **Prioritized**: Most critical issues first
|
|
242
|
-
3. **Realistic**: Based on real-world anti-bot scenarios
|
|
243
|
-
4. **Concise**: One clear sentence per recommendation
|
|
244
|
-
5. **Technical**: Include specific API names or techniques`;
|
|
245
|
-
const userPrompt = `# Environment Analysis
|
|
246
|
-
- **Target Browser**: ${browserType.toUpperCase()}
|
|
247
|
-
- **Detected Variables**: ${totalVars} environment variables accessed
|
|
248
|
-
- **Missing APIs**: ${missing.length} APIs need implementation
|
|
249
|
-
|
|
250
|
-
# Missing API Details
|
|
251
|
-
${missing
|
|
252
|
-
.slice(0, 20)
|
|
253
|
-
.map((m) => `- \`${m.path}\` (${m.type})`)
|
|
254
|
-
.join('\n')}${missing.length > 20 ? `\n... and ${missing.length - 20} more` : ''}
|
|
255
|
-
|
|
256
|
-
# Key Patterns Detected
|
|
257
|
-
- Navigator access: ${(detected.navigator || []).length} properties
|
|
258
|
-
- Window access: ${(detected.window || []).length} properties
|
|
259
|
-
- Document access: ${(detected.document || []).length} properties
|
|
260
|
-
- Screen access: ${(detected.screen || []).length} properties
|
|
261
|
-
|
|
262
|
-
# Required Output
|
|
263
|
-
Return ONLY a JSON array of 3-5 actionable recommendations:
|
|
264
|
-
|
|
265
|
-
\`\`\`json
|
|
266
|
-
[
|
|
267
|
-
"Recommendation 1 with specific action",
|
|
268
|
-
"Recommendation 2 with specific action",
|
|
269
|
-
"Recommendation 3 with specific action"
|
|
270
|
-
]
|
|
271
|
-
\`\`\`
|
|
272
|
-
|
|
273
|
-
# Guidelines
|
|
274
|
-
- Focus on high-impact, easy-to-implement fixes first
|
|
275
|
-
- Mention specific tools (Puppeteer Stealth, undetected-chromedriver) when relevant
|
|
276
|
-
- Include code snippets in recommendations when helpful
|
|
277
|
-
- Prioritize anti-detection over completeness
|
|
278
|
-
|
|
279
|
-
Now generate recommendations:`;
|
|
280
|
-
return [
|
|
281
|
-
{ role: 'system', content: systemPrompt },
|
|
282
|
-
{ role: 'user', content: userPrompt },
|
|
283
|
-
];
|
|
284
|
-
}
|
|
285
|
-
export function generateMissingAPIImplementationsMessages(missingAPIs, code) {
|
|
286
|
-
const systemPrompt = `# Role
|
|
287
|
-
You are a browser API implementation expert.
|
|
288
|
-
|
|
289
|
-
# Task
|
|
290
|
-
Generate realistic JavaScript implementations for missing browser APIs.
|
|
291
|
-
|
|
292
|
-
# Requirements
|
|
293
|
-
1. Follow W3C specifications
|
|
294
|
-
2. Match real browser behavior
|
|
295
|
-
3. Handle edge cases
|
|
296
|
-
4. Include proper error handling
|
|
297
|
-
5. Make functions look native (toString returns "[native code]")`;
|
|
298
|
-
const userPrompt = `# Missing APIs
|
|
299
|
-
${JSON.stringify(missingAPIs.slice(0, 10), null, 2)}
|
|
300
|
-
|
|
301
|
-
# Code Context
|
|
302
|
-
\`\`\`javascript
|
|
303
|
-
${code.substring(0, 1500)}${code.length > 1500 ? '\n...(truncated)' : ''}
|
|
304
|
-
\`\`\`
|
|
305
|
-
|
|
306
|
-
# Required Output
|
|
307
|
-
Return ONLY valid JSON object mapping API paths to implementations:
|
|
308
|
-
|
|
309
|
-
\`\`\`json
|
|
310
|
-
{
|
|
311
|
-
"window.requestAnimationFrame": "function(callback) { return setTimeout(callback, 16); }",
|
|
312
|
-
"navigator.getBattery": "function() { return Promise.resolve({ level: 1, charging: true }); }",
|
|
313
|
-
"...": "other implementations"
|
|
314
|
-
}
|
|
315
|
-
\`\`\`
|
|
316
|
-
|
|
317
|
-
Return ONLY the JSON object:`;
|
|
318
|
-
return [
|
|
319
|
-
{ role: 'system', content: systemPrompt },
|
|
320
|
-
{ role: 'user', content: userPrompt },
|
|
321
|
-
];
|
|
322
|
-
}
|
|
323
|
-
export function generateMissingVariablesMessages(browserType, missingPaths, code, existingManifest) {
|
|
324
|
-
const systemPrompt = `# Role
|
|
325
|
-
You are a browser environment expert specializing in realistic browser API value generation.
|
|
326
|
-
|
|
327
|
-
# Task
|
|
328
|
-
Generate realistic values for missing browser environment variables based on code analysis.
|
|
329
|
-
|
|
330
|
-
# Requirements
|
|
331
|
-
1. Values must be realistic and match real browser behavior
|
|
332
|
-
2. Ensure consistency across related variables (e.g., UA matches platform)
|
|
333
|
-
3. Consider anti-detection (avoid obvious fake values)
|
|
334
|
-
4. Follow W3C specifications for API return types`;
|
|
335
|
-
const userPrompt = `# Target Browser
|
|
336
|
-
${browserType.toUpperCase()}
|
|
337
|
-
|
|
338
|
-
# Missing Variables (need values)
|
|
339
|
-
${JSON.stringify(missingPaths, null, 2)}
|
|
340
|
-
|
|
341
|
-
# Code Context (for understanding usage)
|
|
342
|
-
\`\`\`javascript
|
|
343
|
-
${code.substring(0, 2000)}${code.length > 2000 ? '\n...(truncated)' : ''}
|
|
344
|
-
\`\`\`
|
|
345
|
-
|
|
346
|
-
# Existing Variables (for consistency)
|
|
347
|
-
${JSON.stringify(existingManifest, null, 2)}
|
|
348
|
-
|
|
349
|
-
# Required Output
|
|
350
|
-
Return ONLY valid JSON object with missing variable paths as keys and realistic values:
|
|
351
|
-
|
|
352
|
-
\`\`\`json
|
|
353
|
-
{
|
|
354
|
-
"navigator.userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...",
|
|
355
|
-
"navigator.platform": "Win32",
|
|
356
|
-
"window.innerWidth": 1920,
|
|
357
|
-
"...": "other missing variables"
|
|
358
|
-
}
|
|
359
|
-
\`\`\`
|
|
360
|
-
|
|
361
|
-
# Guidelines
|
|
362
|
-
- Use realistic values matching target browser
|
|
363
|
-
- Ensure cross-variable consistency
|
|
364
|
-
- Consider code usage patterns
|
|
365
|
-
- Avoid placeholder values like "test" or "example"
|
|
366
|
-
|
|
367
|
-
Return ONLY the JSON object:`;
|
|
368
|
-
return [
|
|
369
|
-
{ role: 'system', content: systemPrompt },
|
|
370
|
-
{ role: 'user', content: userPrompt },
|
|
371
|
-
];
|
|
372
|
-
}
|
|
@@ -1,4 +0,0 @@
|
|
|
1
|
-
import type { LLMMessage } from '../LLMService.js';
|
|
2
|
-
export declare function generateRequestAnalysisMessages(requestSummary: object): LLMMessage[];
|
|
3
|
-
export declare function generateLogAnalysisMessages(logSummary: object[]): LLMMessage[];
|
|
4
|
-
export declare function generateKeywordExpansionMessages(domain: string, urlPatterns: object[], logKeywords: string[]): LLMMessage[];
|