Launch the Camoufox anti-detection browser.

The trio of i_know_what_im_doing=True + disable_coop=True + force_scope_access=True is critical for Cloudflare-style challenges: without them, Camoufox runs in a sandbox iframe and CF hands out a hard challenge with no solvable iframe. These match what the project's test.py smoke test uses.

Close the Camoufox browser and release all resources.

Navigate to a URL, with optional hook pre-injection and captcha challenge auto-solve.

Args: url: Target URL. wait_until: "load", "domcontentloaded", or "networkidle". pre_inject_hooks: Hook preset names to register before navigation. collect_response_chain: Record responses for final_status resolution. clear_network_capture: Clear stale network buffer before navigating. auto_solve_challenge: After the page loads, run auto_solve_captcha if a captcha challenge is detected. Built-in alternative to the project's test.py flow. captcha_type: Captcha provider (default "cloudflare"). Future-proof: new providers supported by camoufox_captcha will be usable here. challenge_type: "auto" (default), "interstitial", or "turnstile". Forwarded to auto_solve_captcha when auto_solve_challenge=True. challenge_ready_delay: Seconds to wait for the challenge iframe to mount before clicking. Forwarded to auto_solve_captcha. expected_content_selector: Optional CSS selector to wait for after solving.

Returns: dict with url, title, initial_status, final_status, redirect_chain, hooks_injected, reloaded, challenge (detection + solve result when auto_solve_challenge=True), warnings.

Reload the current page, preserving any init scripts.

Take a screenshot of the current page or a specific element.

Get the accessibility tree of the current page (token-efficient).

Click on a page element.

Type text into an input field with realistic keystroke delays.

Wait for an element to appear or a network request matching a URL pattern.

Get current page URL, title, and viewport size.

Reset MCP-side browser residual state without closing the browser.

Script inspection.

Search keyword in loaded scripts.

Execute an arbitrary JavaScript expression in the page context and return the result.

Hook or trace a function.

Inject a pre-built hook template for common reverse engineering tasks.

Remove installed hooks and restore original objects.

Get console output collected from the page.

Unified network capture control.

List captured network requests with optional filters.

Get full details of a specific captured network request.

Get the JS call stack that initiated a network request.

Intercept network requests matching a pattern.

Cookie management.

Get the contents of localStorage or sessionStorage.

Export the complete browser state to a JSON file.

Import browser state from a JSON file by creating a new context.

Install a JSVMP runtime probe.

Collect browser environment fingerprint data for comparison with Node.js/jsdom.

One-stop self-check of MCP environment, dependencies, and browser state.

Verify a signing function against known samples (offline, no browser needed).

Args: signer_code: JavaScript code that exports a signing function. Must be a function expression or arrow function: e.g. "(s) => mySign(s)" samples: List of samples, each with expected request/response pairs: [{"id": "r1", "input": {...}, "expected": {"X-Bogus": "..."}}]

Returns: dict with overall passed/failed, per-sample results, and first mismatch.

Engine-level DOM property access tracing (JSVMP-undetectable).

List all trace files on disk.

Query a specific historical trace file.

Auto-detect and solve a captcha challenge on the current page.

Wraps camoufox_captcha.solve_captcha (same library as project test.py). Probes the page for captcha indicators, clicks through the challenge, and verifies the protected content actually loaded.

Args: captcha_type: Captcha provider, e.g. "cloudflare". The library is future-proof; new providers (hcaptcha, recaptcha, ...) will be supported as camoufox_captcha adds them — pass the new name here. challenge_type: "auto" (recommended), "interstitial", or "turnstile". "auto" probes both variants and solves whichever is detected. ready_delay: Seconds to wait for the captcha iframe to mount before attempting to click. expected_content_selector: Optional CSS selector to wait for after solving. solve_attempts: Maximum solve attempts (passed to solver). solve_click_delay: Seconds to wait after clicking so the provider can validate the click. wait_checkbox_attempts: Maximum polls to wait for the checkbox to appear. wait_checkbox_delay: Seconds between checkbox-wait polls. checkbox_click_attempts: Maximum click attempts on the checkbox itself. attempt_delay: Seconds between top-level solve attempts. verify: Re-read page.content() after solving and confirm the provider's challenge marker is gone. Strongly recommended.

Returns: dict with detected, challenge_type_used, solved, attempts, verified, final_url, error (if any).

Detect whether a captcha challenge is currently shown.

Lightweight probe: returns detection flags without attempting to solve anything. Useful when you want to decide whether to call auto_solve_captcha.

Args: captcha_type: Captcha provider to probe, e.g. "cloudflare".

Returns: dict with provider-specific detection flags and the current URL. For "cloudflare" today: {turnstile: bool, interstitial: bool}. Other providers will report under their own keys.

Detect what kind of JavaScript VM Protection the page is running.

Returns a structured report with vmp_type in: - none: no VMP signals found - obfuscated: identifier rename + control-flow flattening + string arrays - string_eval: heavy use of eval / new Function to generate code - vm_dispatch: large object literal / opcode table / switch dispatch - wasm: WebAssembly / .wasm references

This is purely read-only: no hooks are installed, no scripts are rewritten.

Install a signature-safe tap and record what the VMP reads.

Args: properties: list of property names to watch on navigator/screen/history/ location prototypes. If empty, uses a default high-signal set. trigger_js: optional JS expression to evaluate AFTER the tap is installed, to actually invoke the VMP (e.g. "sign(payload)"). max_entries: cap on the recorded log. track_calls: also instrument Date.now / etc. clear_log: clear any previous tap log first. wait_ms: extra delay after trigger_js before reading the log.

Returns: dict with the tap summary, count of recorded reads, and a condensed view of the VMP's reads (prop -> latest value preview).

Read what was recorded by trace_vmp_for_sign.

Disassemble a WebAssembly binary to text (wat) + summarize imports/exports.

Args: wasm_source: - if source_kind=='base64': base64-encoded wasm bytes - if source_kind=='hex': hex-encoded wasm bytes - if source_kind=='url': a URL to fetch the wasm from (uses the active page so cookies / headers apply) source_kind: see above. generate_wat: if True, run wabt to produce WAT. Falls back to exports + imports only when wabt is unavailable. auto_install_wabt: if True and wabt is missing, attempt npm i -g wabt.

Returns: dict with imports, exports, optional wat text, and entry-function candidates (for replay_vmp_offline).

Patch the page's Worker constructor and record every Worker created.

Use this when VMP bytecode is delivered via a Web Worker (e.g. the page does new Worker(blob:...) containing the VMP, then postMessage inputs and gets signs back). After the patch is installed, leave the page alone for duration_ms so VMP can spin up its workers.

Returns: dict with workers[] (id, url, source_preview if blob:), events[].

Patch the page's WebSocket constructor and record every connection's send/recv.

Use this when VMP fetches its bytecode over WebSocket (e.g. an onmessage pushes an opaque blob that is then assembled into a Worker or eval'd).

Args: duration_ms: how long to keep the patch alive after install. url_filter: if set, only record connections whose URL contains this string. max_events: ring buffer cap.

Returns: dict with connections[] (url, sent[], received[]), events[].

Given a trace log (or just an error string), guess which props a Node-side VMP replay is missing.

This combines two signals:

1. Every property the VMP read in the browser (from trace_vmp_for_sign)

2. A curated set of high-frequency fingerprint properties that VMPs commonly read but that our default Node sandbox doesn't supply

Args: trace_log: the entries returned by trace_vmp_for_sign/get_tap_log (optional). If absent, only the curated list is returned. failed_replay_error: the error string from a previous failed replay_vmp_offline call (e.g. "ReferenceError: navigator is not defined"). Used to extract additional hints. supplied_env: dict of props you've already fed to replay. We won't suggest these.

Returns: dict with suggestions (list of {prop, type, default, hint}) and a sandbox_template you can paste into your VMP replay code to cover the missing props.

Run captured VMP code in headless Node and call the entry function.

Useful for verifying you've correctly extracted the signing algorithm: call the VMP's signing function with the inputs a real request would use, and check that the output matches what the browser actually sent.

Args: vmp_code: The JavaScript source that defines the VMP / sign function. entry: The name of the function exported on global that we should call. input: A dict to pass to the entry function. Will be JSON-serialized and re-parsed inside the Node sandbox. timeout_ms: VM timeout. JS that runs longer triggers a V8 timeout error. expected_sign: optional reference sign captured from the browser. When set and auto_diff is True, the response includes a structured diff (match / common_prefix_len / first_diff_idx). auto_diff: if True and expected_sign is set, compute a structured diff. supplied_env: optional dict merged into the sandbox before the VMP code runs. Use this to feed navigator.userAgent, screen.width, Date.now(), document.cookie etc. (see auto_suggest_missing_props).

Returns: dict with status, output, elapsed_ms, optional diff, and optional suggestion hint when outputs don't match.