Launch the Camoufox anti-detection browser.

Args: headless: Run in headless mode (default False for debugging visibility). os_type: OS fingerprint to emulate - "auto" (detect host OS), "windows", "macos", or "linux". Using "auto" ensures CJK fonts render correctly on the host system. locale: Browser locale such as "zh-CN", "en-US". Defaults to "auto" which detects the system locale. Affects Accept-Language headers and content language preferences. proxy: Proxy server URL (e.g. "http://127.0.0.1:7890"). humanize: Enable humanized mouse movement to mimic real users. geoip: Auto-infer geolocation from proxy IP. block_images: Block image loading for faster page loads. block_webrtc: Block WebRTC to prevent IP leaks.

Returns: dict with status, headless flag, os type, locale, and page list. If browser is already running, returns full session state including active page, page URLs, context list, and capture status.

Close the Camoufox browser and release all resources.

Returns: dict with status "closed".

Navigate to the specified URL.

Args: url: Target URL to navigate to. wait_until: When to consider navigation complete - "load", "domcontentloaded", or "networkidle".

Returns: dict with url, title, and HTTP status.

Reload the current page, preserving any init scripts.

Args: wait_until: "load", "domcontentloaded", or "networkidle".

Returns: dict with url and title after reload.

Navigate back in browser history.

Returns: dict with url and title after going back.

Take a screenshot of the current page or a specific element.

Args: full_page: Capture the entire scrollable page (default False). selector: CSS selector of a specific element to capture.

Returns: dict with base64-encoded PNG image data.

Get the accessibility tree of the current page as a structured text representation.

More token-efficient than screenshots for AI analysis. Returns the page's semantic structure including roles, names, and values of UI elements.

Returns: dict with the accessibility tree snapshot.

Click on a page element.

Args: selector: CSS selector of the element to click.

Returns: dict with status and the selector that was clicked.

Type text into an input field with realistic keystroke delays.

Args: selector: CSS selector of the input element. text: Text to type. delay: Delay between keystrokes in milliseconds (default 50).

Returns: dict with status, selector, and the text typed.

Wait for an element to appear or a network request matching a URL pattern.

Args: selector: CSS selector to wait for (element appearance). url_pattern: URL glob pattern to wait for (network request completion). timeout: Maximum wait time in milliseconds (default 30000).

Returns: dict with status and what was waited for.

Get information about the current page including URL, title, and viewport size.

Returns: dict with url, title, and viewport dimensions.

Export the rendered DOM content of the current page in one call.

Returns rendered HTML, page title, meta tags, and visible text. Saves writing ad-hoc evaluate_js scripts for common extraction needs.

Returns: dict with title, meta tags, rendered_html (first 50KB), and visible_text (first 20KB).

Get the current session state: browser, contexts, pages, capture status.

Shows exactly what browser/context/page is active and what hooks/captures are in place. Use this to understand the current debugging environment.

Returns: dict with browser status, context list, page list, active page, capture state, persistent scripts, and init scripts.

List all JavaScript scripts loaded in the current page.

Collects both external and inline elements. For inline scripts, returns a preview of the first 200 characters.

Returns: List of dicts with src, type, inline_length, is_module, and preview fields.

Get the full source code of a JavaScript file by URL.

For external scripts, fetches the source via the browser's fetch API. For inline scripts, pass the index as "inline:" (e.g. "inline:0") to get the textContent of the corresponding element.

Args: url: The script URL, or "inline:" for inline scripts.

Returns: The raw JavaScript source code string.

Search for a keyword across all loaded JavaScript sources in the page.

Fetches each script's source and searches for the keyword, returning matching lines with 2 lines of surrounding context.

Args: keyword: The keyword or pattern to search for (case-sensitive substring match). max_results: Maximum number of matches to return (default 50, max 200).

Returns: dict with matches list, total_matches count, scripts_searched count, and scripts_with_matches list. When results are truncated, total_matches shows the real total so you know how many were omitted.

Search for a keyword within a specific script file.

More targeted than search_code — avoids scanning all scripts and provides more results from the target script.

Args: script_url: URL of the script to search in. Use "inline:" for inline scripts. keyword: The keyword to search for (case-sensitive substring match). max_results: Maximum number of matches (default 100).

Returns: dict with matches list, total_matches count, and script info.

Download a JavaScript file from the page and save it to a local path.

Args: url: URL of the script to download. save_path: Local file path to save the script to.

Returns: dict with status, save path, and file size in bytes.

Get the full page HTML or the outerHTML of a specific element.

Args: selector: Optional CSS selector. If provided, returns only that element's outerHTML. If omitted, returns the full page HTML.

Returns: HTML string of the page or selected element.

Execute an arbitrary JavaScript expression in the page context and return the result.

This is the most fundamental and powerful tool for reverse engineering. Use it to inspect variables, call functions, check prototypes, etc.

Examples: - evaluate_js("window._token") - evaluate_js("window.encrypt('test')") - evaluate_js("Object.getOwnPropertyNames(XMLHttpRequest.prototype)")

Args: expression: JavaScript expression to evaluate. await_promise: If True, awaits Promise results (default True).

Returns: dict with result value and its JavaScript type.

Execute a JavaScript expression and return a structured view of the result object.

Unlike evaluate_js, this preserves complex object references and enumerates their properties, useful for inspecting DOM elements, prototypes, etc.

Args: expression: JavaScript expression to evaluate.

Returns: dict with the object's properties (name, type, value preview).

Inject a script that runs automatically before any page JavaScript on every navigation.

This is the core method for installing hooks — the hook code runs before the target site's JS loads, ensuring interception is in place.

Args: script: JavaScript code string to inject. path: Path to a .js file to inject (alternative to script). persistent: If True, inject at context level so the script survives page navigation, new tabs, and reload automatically. Recommended for hooks that must always be present. name: Optional identifier for persistent scripts (for later removal).

Returns: dict with status and the method used (inline or file path).

Make a prototype method non-overridable by page scripts.

After calling this, any attempt by page JS to reassign the method will silently fail (or throw in strict mode). Use after installing hooks to prevent the target site from restoring original methods.

Args: class_name: The class/constructor name, e.g. "XMLHttpRequest", "Document", "Navigator". method_name: The method name on the prototype, e.g. "open", "send".

Returns: dict with status and the frozen target.

Set a pseudo-breakpoint on a function via JS hooking.

When the target function is called, captures its arguments, call stack, this context, timestamp, and return value. Data is stored in window.__mcp_breakpoints and can be retrieved with get_breakpoint_data.

Args: target_function: Full path to the function (e.g. "window.encrypt", "XMLHttpRequest.prototype.open"). script_url_pattern: Optional URL pattern to limit which scripts are affected. persistent: If True, the breakpoint survives page navigation.

Returns: dict with status and the target function name.

Retrieve all data captured by pseudo-breakpoints.

Args: clear: If True, clear the captured data after retrieval.

Returns: List of dicts with args, stack, thisContext, returnValue, timestamp.

Get console output collected from the page.

Args: level: Filter by log level - "log", "warn", "error", or "info". keyword: Filter logs containing this keyword in the text. clear: If True, clear the log buffer after retrieval.

Returns: List of dicts with level, text, timestamp, and location.

Trace all calls to a function without pausing execution.

Records arguments, return values, and optionally call stacks for each invocation. Data can be retrieved with get_trace_data.

Args: function_path: Full path to the function, e.g. "XMLHttpRequest.prototype.open", "window.encrypt", "JSON.stringify". log_args: Record function arguments (default True). log_return: Record return values (default True). log_stack: Record call stacks (default False, enable for call chain analysis). max_captures: Maximum number of calls to record (default 50). persistent: If True, the trace survives page navigation. Trace data is collected Python-side via console events and won't be lost on reload.

Returns: dict with status and the target function path.

Retrieve trace data collected by trace_function.

Args: function_path: If specified, return traces only for this function. If omitted, return all traces. clear: If True, clear the trace data after retrieval. include_persistent: Include trace data collected across navigations (stored Python-side). Default True.

Returns: dict mapping function paths to lists of call records (args, return_value, stack, timestamp).

Inject custom hook code on a target function.

Args: function_path: Full path to the function, e.g. "window.encrypt". hook_code: JavaScript code to execute. Available context variables: - arguments: original function arguments - __this: the 'this' context - __result: original function's return value (only in "after" mode) position: When to run hook_code relative to the original function: - "before": Run hook_code before the original function. - "after": Run hook_code after the original function (can access __result). - "replace": Completely replace the original function with hook_code. non_overridable: If True, use Object.defineProperty to prevent page scripts from overwriting the hook. Default False.

Returns: dict with status, target, and position.

Inject a pre-built hook template for common reverse engineering tasks.

Hooks are injected with Object.defineProperty protection to prevent page scripts from overriding them. By default, hooks are persistent across navigations.

Available presets: - "xhr": Hook XMLHttpRequest to log all XHR requests (URL, method, headers, body, stack). - "fetch": Hook window.fetch to log all fetch requests. - "crypto": Hook btoa/atob/JSON.stringify to capture encryption I/O. - "websocket": Hook WebSocket to log all WS messages. - "debugger_bypass": Bypass anti-debugging traps (infinite debugger loops, Function constructor checks, setInterval checks).

Args: preset: One of "xhr", "fetch", "crypto", "websocket", "debugger_bypass". persistent: If True (default), inject at context level so hooks survive page navigation and reload automatically.

Returns: dict with status and the preset name.

Track property access on specified objects to reveal what environment info is being read.

Critical for JSVMP analysis: reveals which browser properties (navigator, screen, canvas, etc.) the VM reads to generate fingerprints.

Args: targets: List of property paths to monitor. Use "." suffix for all properties on an object. Examples: - "navigator." — track all navigator property reads - "screen.*" — track all screen property reads - "document.cookie" — track cookie reads - "canvas.getContext" — track specific method persistent: If True, tracking survives page navigation. max_entries: Maximum number of access records (default 2000).

Returns: dict with status and targets being tracked.

Retrieve property access records collected by trace_property_access.

Args: property_filter: Optional substring filter for property names. clear: If True, clear the log after retrieval.

Returns: dict with access records and count.

Remove all injected hooks by reloading the page.

Args: keep_persistent: If True, persistent (context-level) hooks will be preserved and re-applied after reload. If False, all hooks including persistent ones are removed.

Returns: dict with status after reload.

Start capturing network requests matching the given URL pattern.

Captured data includes URL, method, headers, body, status, response headers, resource type, timing, etc. Use list_network_requests to view captures.

Args: url_pattern: Glob pattern to filter captured URLs (default "**/*" captures all). capture_body: If True, also capture response bodies. This increases memory usage but allows inspecting actual response data. Default False.

Returns: dict with status and the active capture pattern.

Stop capturing network requests.

Returns: dict with status and total number of captured requests.

List captured network requests with optional filters.

Args: url_filter: Substring filter for request URLs. method: HTTP method filter (e.g. "GET", "POST"). resource_type: Resource type filter (e.g. "xhr", "fetch", "script", "document"). status_code: HTTP status code filter.

Returns: List of request summaries with id, url, method, status, resource_type, duration, size.

Get full details of a specific captured network request.

Args: request_id: The ID of the request (from list_network_requests). include_body: Include response body (default True). Set False for large responses. include_headers: Include request/response headers (default True). Set False to save tokens.

Returns: dict with request and response details.

Get the JS call stack that initiated a network request. Golden path: see encrypted param → get_request_initiator → find signing function. Requires inject_hook_preset("xhr"/"fetch") BEFORE navigating.

Args: request_id: The ID of the request.

Intercept network requests matching a pattern.

Args: url_pattern: URL glob pattern (e.g. "**/api/login*"). action: "log", "block", "modify", or "mock". modify_headers: Headers to add/override (action="modify"). modify_body: Request body replacement (action="modify"). mock_response: Dict with "status", "headers", "body" (action="mock").

Stop intercepting requests.

Args: url_pattern: Specific pattern to stop intercepting. If omitted, stops all interceptions.

Returns: dict with status.

Search for a keyword across all captured response bodies.

Requires start_network_capture(capture_body=True) to have been called first.

Args: keyword: Substring to search for in response bodies (case-insensitive). url_filter: Optional URL substring to narrow the search scope. max_results: Maximum matches to return (default 20).

Returns: dict with matches (request id, url, context around match) and total count.

Read a slice of a captured response body for paginated viewing of large responses.

Args: request_id: The request ID (from list_network_requests). offset: Character offset to start reading from (default 0). length: Number of characters to read (default 10000, max 50000).

Returns: dict with body slice, total size, and whether more data is available.

Extract a value from a captured JSON response body by dot-notation path.

Supports array indexing like "data.items[0].name" or "data.list[*].id" (wildcard returns all matching values).

Args: request_id: The request ID. json_path: Dot-notation path, e.g. "data.token", "result[0].sign", "data[*].id" (wildcard collects all).

Returns: dict with the extracted value(s) and the path used.

Get all cookies from the current browser context.

Args: domain: Optional domain filter (e.g. ".example.com").

Returns: List of cookie dicts with name, value, domain, path, expires, etc.

Add cookies to the current browser context.

Args: cookies: List of cookie dicts. Each should contain at minimum: - name: Cookie name - value: Cookie value - domain: Cookie domain (e.g. ".example.com") Optional: path, expires, httpOnly, secure, sameSite.

Returns: dict with status and count of cookies set.

Delete cookies by name and/or domain.

Args: name: Specific cookie name to delete. domain: Delete all cookies for this domain.

Returns: dict with status and count of cookies deleted.

Get the contents of localStorage or sessionStorage.

Args: storage_type: "local" for localStorage, "session" for sessionStorage.

Returns: dict with all key-value pairs in the storage.

Set a value in localStorage or sessionStorage.

Args: storage_type: "local" or "session". key: Storage key. value: Storage value.

Returns: dict with status, storage type, and the key set.

Export the complete browser state (cookies + storage) to a JSON file.

Args: save_path: Local file path to save the state JSON.

Returns: dict with status and the save path.

Import browser state from a JSON file by creating a new context.

Creates a new browser context with the saved state (cookies, localStorage, sessionStorage) and switches to it.

Args: state_path: Path to the state JSON file (exported by export_state).

Returns: dict with status and the new context name.

Get the current browser fingerprint information.

Reads navigator, screen, WebGL, and canvas fingerprint data from the browser to verify what fingerprint the anti-detection engine is presenting.

Returns: dict with userAgent, platform, language, screen dimensions, WebGL info, canvas fingerprint hash, and other fingerprint markers.

Navigate to a bot detection site and take a screenshot to verify anti-detection.

Opens a fingerprint/bot detection site (default: bot.sannysoft.com) and captures a screenshot for visual inspection of detection results.

Args: url: Detection site URL. Common choices: - "https://bot.sannysoft.com" (default) - "https://browserscan.net" - "https://abrahamjuliot.github.io/creepjs/"

Returns: dict with screenshot_base64 and any detected issues.

Inject anti-debugging bypass script to neutralize debugger traps.

Bypasses common anti-debugging techniques:

• Infinite debugger loops via Function constructor

• setInterval/setTimeout debugger checks

• Function.prototype.toString detection

This is a convenience wrapper around inject_hook_preset("debugger_bypass").

Returns: dict with injection status.

Instrument a JSVMP-protected script to trace its interpreter execution.

Automatically hooks Function.prototype.apply/call and sensitive browser property reads to log all external interactions made by the JSVMP interpreter. This reveals which browser APIs and environment properties the VM accesses, without needing to reverse-engineer the bytecode.

Args: script_url: URL of the JSVMP-protected script (e.g. "webmssdk.es5.js"). Can be a partial URL — matching uses 'includes'. persistent: If True (default), instrumentation survives page navigation.

Returns: dict with status and the script being monitored.

Retrieve JSVMP interpreter execution log.

Args: type_filter: Filter by entry type: "api_call" or "prop_read". property_filter: Filter property read entries by property name substring. func_filter: Filter API call entries by function name substring. clear: If True, clear the log after retrieval. limit: Maximum entries to return (default 500).

Returns: dict with entries list, counts, and summary of accessed APIs/properties.

Extract and decode strings from a JSVMP-protected script.

Parses the script to find string arrays (common in JSVMP/OB obfuscation), attempts to decode XOR-encrypted or shifted string tables, and returns all readable strings. This reveals which API names, property names, and constants the JSVMP interpreter uses internally.

Args: script_url: URL of the JSVMP-protected script.

Returns: dict with decoded_strings, string_arrays found, and analysis info.

Collect browser environment fingerprint data for comparison with Node.js/jsdom.

Runs a comprehensive set of environment checks in the browser and returns structured results. Compare these with your Node.js/jsdom environment to identify fingerprint differences that cause JSVMP validation failures.

Args: properties: Optional list of specific properties to check. If omitted, checks a comprehensive default set including navigator, screen, canvas, WebGL, audio, and more.

Returns: dict with categorized environment data (navigator, screen, canvas, webgl, audio, timing, etc.) and their values.