Launch the Camoufox anti-detection browser.

Args: headless: Run in headless mode (default False). os_type: OS fingerprint - "auto", "windows", "macos", or "linux". locale: Browser locale (e.g. "zh-CN"). "auto" detects system locale. proxy: Proxy server URL (e.g. "http://127.0.0.1:7890"). humanize: Enable humanized mouse movement. geoip: Auto-infer geolocation from proxy IP. block_images: Block image loading. block_webrtc: Block WebRTC to prevent IP leaks. enable_trace: Enable engine-level property access tracing. Requires camoufox-reverse custom browser build. When enabled, use trace_property_access() to capture DOM access.

Returns: dict with status, config, and page list.

Close the Camoufox browser and release all resources.

Navigate to a URL, with optional hook pre-injection and redirect tracing.

Args: url: Target URL. wait_until: "load", "domcontentloaded", or "networkidle". pre_inject_hooks: Hook preset names to register before navigation. collect_response_chain: Record responses for final_status resolution. clear_network_capture: Clear stale network buffer before navigating.

Returns: dict with url, title, initial_status, final_status, redirect_chain, hooks_injected, reloaded, warnings.

Reload the current page, preserving any init scripts.

Take a screenshot of the current page or a specific element.

Args: full_page: Capture the entire scrollable page. selector: CSS selector of a specific element to capture.

Get the accessibility tree of the current page (token-efficient).

Click on a page element.

Type text into an input field with realistic keystroke delays.

Wait for an element to appear or a network request matching a URL pattern.

Get current page URL, title, and viewport size.

Reset MCP-side browser residual state without closing the browser.

Args: clear_persistent_hooks: Remove all persistent init scripts. clear_network_capture: Clear network request buffer and stop captures. clear_active_routes: Clear instrumentation routes. clear_cookies: ALSO clear browser cookies (destructive; default False). clear_storage: ALSO clear localStorage/sessionStorage (default False).

Script inspection (v0.9.0 unified).

Replaces list_scripts / get_script_source / save_script.

Args: action: "list" — list all loaded scripts (src, type, inline preview) "get" — get full source of one script (requires url; use "inline:" for inline scripts) "save" — save script source to local file (requires url + save_path) url: Script URL or "inline:" (required for "get" and "save"). save_path: Local file path (required for "save").

Returns: For "list": list of script info dicts. For "get": dict with source string. For "save": dict with status, path, size.

Search keyword in loaded scripts (v0.9.0 unified).

Replaces search_code (all scripts) + search_code_in_script (single script).

Args: keyword: The keyword to search for (case-sensitive substring match). script_url: If None, search across ALL loaded scripts. If given, search within that one script only (supports "inline:" for inline scripts). Single-script mode auto-detects minified files and uses character-based context. context_chars: Context window in char mode (default 200 = +/-200 chars). Used when searching single minified scripts. context_lines: Context window in line mode (default 3). max_results: Maximum matches to return (default 200).

Returns: dict with matches, total_matches, mode ("line" | "char"), etc.

Execute an arbitrary JavaScript expression in the page context and return the result.

v1.0.1 fix: correctly handles undefined/null/void/Symbol return values without triggering JSON.parse crashes.

Return value is aggressively cleaned (strips BOM, fixes lone surrogates, trims whitespace, auto-parses JSON strings). If direct evaluate fails with serialization error, automatically falls back to evaluate_handle.

Args: expression: JavaScript expression. Must be a single expression, not top-level var/let/const/function declarations (Playwright limitation). Wrap in IIFE if needed: (() => { var x = 1; return x; })() await_promise: If True, awaits Promise results (default True).

Returns: dict with keys: value - cleaned value (parsed JSON if applicable) value_raw - raw string before cleaning (only when cleaning applied) type - "primitive" | "json" | "handle_fallback" | "error" warnings - list of applied cleanups, if any hint - (error only) friendly fix suggestion or None

Hook or trace a function (v0.9.0 unified).

Replaces hook_function + trace_function.

Args: function_path: Full path like "window.encrypt", "XMLHttpRequest.prototype.open", "JSON.stringify". mode: "intercept" — inject custom JS before/after/replace the function. Requires hook_code. (was: hook_function) "trace" — non-invasive trace logging args, return values, and optionally call stacks. (was: trace_function) hook_code: JS code for "intercept" mode. Context vars: - arguments: original args - __this: the 'this' context - __result: return value (only in position="after") position: For "intercept": "before", "after", or "replace". non_overridable: For "intercept": use Object.defineProperty to lock. persistent: If True, survives page navigation. log_args: For "trace": record arguments (default True). log_return: For "trace": record return values (default True). log_stack: For "trace": record call stacks (default False). max_captures: For "trace": max calls to record (default 50).

Returns: dict with status, target, mode.

Inject a pre-built hook template for common reverse engineering tasks.

Available presets: - "xhr": Hook XMLHttpRequest to log all XHR requests. - "fetch": Hook window.fetch to log all fetch requests. - "crypto": Hook btoa/atob/JSON.stringify to capture encryption I/O. - "websocket": Hook WebSocket to log all WS messages. - "debugger_bypass": Bypass anti-debugging traps. - "cookie": Hook document.cookie writes. - "runtime_probe": Full runtime probe.

Args: preset: One of the above preset names. persistent: If True (default), survives page navigation.

Returns: dict with status and the preset name.

Remove installed hooks and restore original objects in-place.

Args: keep_persistent: If True, keep persistent init_scripts registered.

Returns: dict with status, restored_objects, cleared counts.

Get console output collected from the page.

Args: level: Filter by log level - "log", "warn", "error", or "info". keyword: Filter logs containing this keyword in the text. clear: If True, clear the log buffer after retrieval.

Returns: List of dicts with level, text, timestamp, and location.

Unified network capture control (v0.9.0).

Replaces start_network_capture / stop_network_capture.

Args: action: "start" — begin capturing network events "stop" — stop capturing (buffer retained) "clear" — clear the capture buffer "status" — return current capture state url_pattern: Glob pattern for "start" (default "**/*" captures all). capture_body: For "start" only; capture response bodies (more memory).

Returns: dict with action result + current status snapshot.

List captured network requests with optional filters.

Args: url_filter: Substring filter for request URLs. url_contains_domain: Convenience domain filter (e.g. 'nmpa.gov.cn'). method: HTTP method filter (e.g. "GET", "POST"). resource_type: Resource type filter (e.g. "xhr", "fetch", "script", "document"). status_code: HTTP status code filter.

Returns: List of request summaries with id, url, method, status, type, ms, size.

Get full details of a specific captured network request.

Args: request_id: The ID of the request (from list_network_requests). include_body: Include response body (default False). include_headers: Include request/response headers (default True). max_body_size: Max chars of body when include_body=True. Pass -1 for unlimited.

Returns: dict with request and response details.

Get the JS call stack that initiated a network request.

Golden path: see encrypted param -> get_request_initiator -> find signing function. Requires inject_hook_preset("xhr"/"fetch") BEFORE navigating.

KNOWN LIMITATIONS (v0.8.1+):

1. For requests modified by an interceptor registered BEFORE MCP's hooks (e.g. SDKs loaded via sync ), the initiator will be the interceptor's call, not the original business code. Workaround: use reload_with_hooks().

2. For fetch on Firefox, Playwright-native initiator is often null. Requires inject_hook_preset('fetch', persistent=True).

Args: request_id: The ID of the request.

Returns: dict with url, initiator_stack, source, diagnostics.

Intercept network requests matching a pattern.

Args: url_pattern: URL glob pattern (e.g. "**/api/login*"). action: "log", "block", "modify", "mock", or "stop" (unroute). modify_headers: Headers to add/override (action="modify"). modify_body: Request body replacement (action="modify"). mock_response: Dict with "status", "headers", "body" (action="mock").

Cookie management (v0.9.0 unified).

Replaces get_cookies / set_cookies / delete_cookies.

Args: action: "get" — return cookies (optionally filtered by domain) "set" — set cookies (requires cookies_list: [{name, value, domain, ...}]) "delete" — delete cookies (filter by name and/or domain; no filter = clear all) domain: Domain filter for "get" and "delete" (e.g. ".example.com"). cookies_list: List of cookie dicts for "set". name: Cookie name filter for "delete".

Returns: For "get": list of cookie dicts. For "set"/"delete": dict with status and count.

Get the contents of localStorage or sessionStorage.

Args: storage_type: "local" for localStorage, "session" for sessionStorage.

Returns: dict with all key-value pairs in the storage.

Export the complete browser state (cookies + storage) to a JSON file.

Args: save_path: Local file path to save the state JSON.

Returns: dict with status and the save path.

Import browser state from a JSON file by creating a new context.

Args: state_path: Path to the state JSON file (exported by export_state).

Returns: dict with status and the new context name.

Install a JSVMP runtime probe.

Multi-path instrumentation for JSVMP interpreters. Wraps Reflect.get/apply, installs Proxies on globals (navigator, screen, etc.), intercepts timing APIs.

LIMITATIONS: "proxy" mode is DETECTABLE by RS/AK-style signature-based anti-bot. For those, use instrumentation(action='install') (source-level rewrite) or mode='transparent' instead.

IMPORTANT — timing for sync-loaded SDKs (e.g. webmssdk): JSVMP interpreters capture native references at startup via closures. If you install hooks AFTER the SDK has loaded, the SDK's closures already hold the original (un-hooked) references — your hooks will never fire. You MUST install hooks BEFORE navigate(): 1. launch_browser() 2. hook_jsvmp_interpreter(mode='transparent', persistent=True) 3. navigate("https://www.douyin.com/...") If already navigated, call instrumentation(action='reload') after installing hooks to force a page reload with hooks active.

Args: script_url: Target script URL substring for stack filtering. persistent: Survive navigation (default True). mode: "proxy" (full coverage, detectable) or "transparent" (safe, lower coverage). track_calls, track_props, track_reflect: Only for mode="proxy". proxy_objects: Objects to proxy (default: navigator, screen, etc.). max_entries: Log buffer cap (default 10000).

Returns: dict with status, mode, coverage summary.

Collect browser environment fingerprint data for comparison with Node.js/jsdom.

Args: properties: Optional list of specific properties to check. If omitted, checks navigator, screen, canvas, WebGL, audio, timing.

Returns: dict with categorized environment data and their values.

JSVMP source-level instrumentation (v0.9.0 unified).

Replaces instrument_jsvmp_source / get_instrumentation_log / stop_instrumentation / reload_with_hooks.

Args: action: "install" — register route + AST/regex rewrite on matched scripts. Requires url_pattern. (was: instrument_jsvmp_source) "log" — fetch accumulated tap events from instrumented code. (was: get_instrumentation_log) "stop" — unregister instrumentation route. (was: stop_instrumentation) "reload" — reload page so persistent hooks fire before page JS. (was: reload_with_hooks) "status" — show active instrumentations and stats. (was: get_instrumentation_status) url_pattern: For "install"/"stop" — glob pattern matching VMP script URLs. mode: For "install" — "ast" (default) or "regex". tag: For "install"/"log" — group identifier. rewrite_member_access: For "install" — tap obj[key] reads. rewrite_calls: For "install" — tap fn(args) calls. max_rewrites: For "install" — hard cap on rewrites per file. fallback_on_error: For "install" — auto-fallback to regex if AST fails. ignore_csp: For "install" — skip CSP pre-flight check. clear_log: For "reload" — clear JSVMP logs before reload. wait_until: For "reload" — "load" / "domcontentloaded" / "networkidle". tag_filter: For "log" — filter by tag. type_filter: For "log" — "tap_get", "tap_call", "tap_method", "tap_call_err". key_filter: For "log" — substring match on property/method name. limit: For "log" — max entries to return. clear: For "log" — clear log after retrieval. filter_property_names: For "install" — only rewrite access to these property names (e.g. ['userAgent', 'platform', 'webdriver']). Dramatically reduces overhead for large files like webmssdk. filter_object_names: For "install" — only rewrite when base object matches (e.g. ['navigator', 'screen', 'document']). max_file_size: For "install" — files larger than this (bytes) trigger on_oversized behavior. Default 200KB. on_oversized: For "install" — "selective" (require filters), "skip", or "force" (full rewrite anyway). Default "selective".

Returns: dict with action-specific results.

IMPORTANT — timing for sync-loaded scripts (e.g. webmssdk): Route interception only catches requests made AFTER the route is registered. For scripts loaded via during page load, you MUST call instrumentation(action='install') BEFORE navigate(). Pattern: 1. launch_browser() 2. instrumentation(action='install', url_pattern='**/webmssdk*') 3. navigate("https://www.douyin.com/...") If called after navigate, use instrumentation(action='reload') to re-trigger page load with routes active.

One-stop self-check of MCP environment, dependencies, and browser state.

v1.0.0: session-related checks removed (session mechanism removed). Checks MCP version, critical dependencies (esprima, playwright), browser state (residuals, captures).

Returns: dict with sections: mcp, deps, browser, overall_ok, recommendations.

Offline verify a signing function against user-provided samples.

Typical workflow:

1. Capture real signed requests via network_capture + list_network_requests

2. Extract samples into a list

3. Write candidate signing code

4. Call this tool -> get pass_rate + first_divergence

5. Iterate

Args: signer_code: JS evaluating to a function: (sample) => {param: computed_value}. Runs in current page context. samples: List of sample dicts, each with: - id: user-defined identifier - input: dict passed to signer function - expected: dict of {param_name: expected_value_str} compare_params: Which params to compare. If None, compare all keys in each sample's expected.

Returns: dict with total_samples, passed, failed, pass_rate, first_divergence, details.

Engine-level DOM property access tracing (JSVMP-undetectable).

Traces which DOM properties (navigator, screen, window, canvas, webgl, etc.) are accessed by page JavaScript including JSVMP bytecode interpreters. Operates at the C++ SpiderMonkey engine level — completely invisible to JS.

Requires camoufox-reverse custom browser launched with enable_trace=True. Falls back to compare_env when using official Camoufox.

Args: duration: Trace duration in seconds (default 10). Set to 0 to read existing trace data from browser startup (useful when you want to capture navigate() events). mode: Aggregation view type: - "summary" (default): Property access frequency ranking. Best for deciding which properties to patch in env emulation. - "timeline": Time-bucketed view showing when properties are first accessed. - "sequence": Raw event sequence with timestamps. - "search": Same as sequence but filtered by search_query. filter_object: Only include events from this object (e.g. "navigator"). search_query: Only include events matching this string in property/value. limit: Max events for sequence/search mode (default 1000). bucket_ms: Bucket size for timeline mode (default 500ms). collect_values: If True, after trace completes, use evaluate_js to read real values of all traced properties from the browser. Large values (Canvas dataURL, WebGL params etc.) are saved to files under ~/.cache/camoufox-reverse/values/ and returned as file paths.

Returns: summary mode: {mode, duration_s, total_events, unique_properties, by_property, by_object} If collect_values=True, adds "values" dict: {property_path: value_or_filepath} timeline mode: {mode, duration_s, bucket_ms, buckets} sequence mode: {mode, total_events, returned, truncated, events}

List all trace files on disk (for post-hoc analysis).

Returns: dict with traces_dir, total file count, and file details.

Query a specific historical trace file (post-hoc analysis).

Args: file_path: Path to the .jsonl trace file. mode: Same as trace_property_access (summary/timeline/sequence/search). filter_object: Filter by object name. search_query: Filter by search string. limit: Max events for sequence mode. bucket_ms: Bucket size for timeline mode.