JS Reverse MCP

English | 中文

Pro fork: Derived from zhizhuodemao/js-reverse-mcp (Patchright stealth core preserved) and selectively ports capabilities from NoOne-hub/JSReverser-MCP — hook framework, static deobfuscation, AI analysis, session snapshots, artifacts, case library. See LICENSE (Apache-2.0) and LICENSE.JSReverser-MCP (MIT, NoOne-hub).

A JavaScript reverse engineering MCP server that enables AI coding assistants (Claude, Cursor, Codex) to debug and analyze JavaScript code in web pages.

Built on the Patchright anti-detection engine with multi-layered anti-bot bypass capabilities, allowing it to work on sites with bot detection such as Zhihu and Google.

Features

From upstream (preserved)

• Anti-detection browser — Patchright (Playwright anti-detection fork), 60+ stealth launch arguments

• Script analysis — list / search / get / save sources

• Breakpoint debugging — set_breakpoint_on_text, break_on_xhr, step, get_paused_info

• Function tracing — trace_function (logpoint mode, doesn't pause)

• Network & WebSocket — request initiator stacks, WS message analysis

• inject_before_load — CDP Page.addScriptToEvaluateOnNewDocument

Pro fork additions

• Hook framework — 5 built-in templates (function/crypto/network/encoding/storage), CDP injection + Symbol-keyed sink + CDP Runtime.evaluate drain; survives navigation

• Static deobfuscation — deobfuscate_code (Babel fast: string-array inline, constant fold, dead branch, _0xabcd rename, bracket→dot; optional webcrack deep)

• Code collection — collect_code (scans for sign/encrypt/hmac etc. + AST heuristic ranking)

• AI assist (default OFF) — understand_code / risk_panel, OpenAI / Anthropic / Gemini, dynamic-imported

• Session snapshots — save/restore/dump/load_session_state, AES-256-GCM round-trip

• Artifacts tasks — start_reverse_task / record_evidence / export_replay_bundle / export_portable_bundle, shareable .jrmcp.json bundles plus single-file portable / replay JS extraction

• Two-layer stealth — --cloak opts into CloakBrowser source-level fingerprint patches (canvas / WebGL / audio / GPU); --legacyStealth is the explicit fork-default fallback that keeps the original stealth-args path

• Tool profile gating — --toolProfile kernel|compact|full (default kernel); restart with compact for broader workflow controls, full to expose every tool

• Browser state reset — clear_site_data clears cookies, HTTP cache, persistent storage, and sessionStorage for the current page's HTTP(S) frame origins without reloading

• Network export — export_network_request writes captured request / response bytes, query params, or a metadata bundle to disk (and into the active task's evidence/ directory when taskId is set)

• Local-file input for evaluate_script — pipe local files into in-page evaluation for replay and fixture-driven runs

Related MCP server: JS Reverse MCP

Requirements

• Node.js v22 or later

• Chrome stable

Installation

This fork is not published to npm; build from source:

git clone https://github.com/a0yark/js-reverse-pro-mcp.git
cd js-reverse-pro-mcp
npm install
npm run build

Claude Code

claude mcp add -s user js-reverse-pro -- node /ABS/PATH/js-reverse-mcp/build/src/index.js

Codex

codex mcp add js-reverse-pro -- node /ABS/PATH/js-reverse-mcp/build/src/index.js

Generic JSON config

{
  "mcpServers": {
    "js-reverse-pro": {
      "command": "node",
      "args": ["/ABS/PATH/js-reverse-mcp/build/src/index.js"]
    }
  }
}

Anti-Detection

Two coexisting stealth layers, selectable per launch:

• Legacy stealth-args path (fork default; also gated by --legacyStealth): Patchright + 60+ stealth launch arguments. Matches behavior before --cloak existed.

• Cloak path (--cloak): CloakBrowser stealth-patched Chromium with source-level fingerprint patches (canvas / WebGL / audio / GPU). Binary auto-downloads (~200MB) on first use; identity is persisted per profile in <profile>/.cloak-seed. Conflicts with --browserUrl, --wsEndpoint, --executablePath, --channel.

Hook framework stealth discipline (Pro fork)

The 18 new tools follow strict stealth rules:

• Injection path: CDP Page.addScriptToEvaluateOnNewDocument (same channel as upstream inject_before_load); no Playwright addInitScript / exposeBinding

• Data sink: globalThis[Symbol.for('__jr_sink')] array + CDP Runtime.evaluate drain; no fixed string-named property on window, no console pollution

• Function.prototype.toString self-cloaking: a stealth shim uses WeakMap<wrapped, orig> so Function.prototype.toString.call(fetch) returns function fetch() { [native code] }; the patched toString itself is registered, so Function.prototype.toString.toString() is also native

• storage template cookie option default OFF: Object.defineProperty(document, 'cookie') leaves a non-native descriptor that advanced fingerprinters can detect

• AI default OFF: only loads when --enableAI and the matching API key are both set; OpenAI / Anthropic / Gemini SDKs are dynamic-imported

See src/hooks/stealth-shim.ts header comment and the automated test tests/phase-b-smoke.mjs.

Tools (44)

From upstream (23)

Page & Navigation

Script Analysis

Breakpoint & Execution Control

Function Tracing & Injection

Network & WebSocket

Inspection

Pro fork (21 new)

Browser state & network export (2)

Hook framework (5)

Built-in templates:

• function — wrap any global by dotted path

• crypto — CryptoJS / WebCrypto / JSEncrypt

• network — XHR / fetch / WebSocket, with urlPattern filter + call stack

• encoding — btoa / atob / TextEncoder / TextDecoder (JSON.* opt-in)

• storage — localStorage / sessionStorage (cookie opt-in)

Static analysis (4)

Session management (5)

Artifacts tasks (5)

Configuration Options

Upstream flags

Pro fork flags

Example configurations

Full setup (AI + enhanced stealth):

OPENAI_API_KEY=sk-... node build/src/index.js \
  --browserUrl=http://localhost:9222 \
  --enableAI --llmProvider=openai \
  --blockWebrtc \
  --artifactsDir=./my-tasks

Isolated (no persistent login, fresh each time):

{
  "mcpServers": {
    "js-reverse-pro": {
      "command": "node",
      "args": ["/ABS/PATH/build/src/index.js", "--isolated"]
    }
  }
}

Connect to running Chrome

Launch Chrome (close all Chrome windows first):

Windows

"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --user-data-dir="%TEMP%\chrome-debug"

macOS

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --remote-debugging-port=9222 --user-data-dir=/tmp/chrome-debug

Then connect with --browserUrl=http://127.0.0.1:9222.

Workflow Cases

See scripts/cases/ for end-to-end workflows:

• JD H5 — h5st parameter chain (URL sort + AES-CBC + timestamp watermark)

• TikTok web — a_bogus (custom obfuscation VM + sha256/md5)

• Xiaohongshu web — x-s / x-t / x-mns (Falcon, with toString reflection caveat)

General workflow:

1. start_reverse_task creates a task
2. new_page to target site → list_network_requests to find signed requests
3. get_request_initiator to inspect call stack
4. create_hook(network, urlPattern=...) + inject_hook
5. trigger requests → get_hook_data for context
6. create_hook(crypto) + inject_hook → see which algorithms run
7. get_script_source for the chunk → deobfuscate_code(level=deep)
8. collect_code on deobfuscated source to locate the sign function
9. understand_code (optional) lets the LLM explain it
10. record_evidence per finding
11. export_replay_bundle (shareable `.jrmcp.json`) or export_portable_bundle (single-file `run/portable.js` / `run/replay.js`)

Troubleshooting

Blocked by anti-bot systems

If you are blocked when visiting certain sites (e.g. Zhihu returning error 40362):

1. Clear the contaminated profile: delete ~/.cache/chrome-devtools-mcp/chrome-profile

2. Use isolated mode: add --isolated

3. Enable Canvas noise: add --hideCanvas

Hook captures no events

1. Confirm inject_hook returned INJECTED (use list_hooks)

2. Confirm rendered hook source has no syntax errors (start with --logFile)

3. Re-injecting the same hook on a loaded page nests the wrap; clear_hook(hookId) first or reload

deobfuscate_code level=deep complains about webcrack

webcrack is an optional dependency that itself requires @babel/core. This fork already promotes @babel/core to dependencies; if it still complains, run npm install to refresh.

Security Notice

This tool exposes browser content to MCP clients, allowing inspection, debugging, and modification of any data in the browser. Do not use it on pages containing sensitive information.

License

Apache-2.0, inherited from upstream zhizhuodemao/js-reverse-mcp.

Pro fork ports reference NoOne-hub/JSReverser-MCP (MIT, original license preserved at LICENSE.JSReverser-MCP).