WebTrace Server
БесплатноНе проверенExposes reverse engineering capabilities via MCP protocol, enabling AI agents to automatically detect, analyze, trace, and deobfuscate JSVMP protected JavaScrip
Описание
Exposes reverse engineering capabilities via MCP protocol, enabling AI agents to automatically detect, analyze, trace, and deobfuscate JSVMP protected JavaScript code.
README
AI-driven JSVMP Auto-Reversal Chrome/Edge Extension with MCP Server
Features
- MCP Server: Expose reverse engineering capabilities via MCP protocol for AI Agents
- JSVMP Auto-Detection: Automatically identify VM dispatch loops (while-switch/if-else/handler-table)
- QuickJS WASM Sandbox: Execute and trace JSVMP bytecode in isolated environment
- Stealth Engine: Three-layer stealth (Extension hiding + Proxy Hook cloaking + Timing alignment)
- Babel AST Instrumentation: Auto-instrument VM dispatch loops for trace collection
- Cross-browser: Chrome & Edge (Manifest V3)
Quick Start
Build
npm install
npm run build
Load Extension
- Open
chrome://extensions/ - Enable "Developer mode"
- Click "Load unpacked" → select
dist/directory
Connect AI Agent
Connect Codex CLI
WebTrace now includes a local stdio bridge for MCP clients that cannot connect to
an Edge extension RuntimePort directly. The bridge listens for the extension at
ws://127.0.0.1:3100/mcp and proxies MCP JSON-RPC over stdio to Codex. If the
port is already used by another Codex session, the bridge automatically tries
the next ports in the range.
codex mcp add webtrace -- node /Users/kk/git/web-trace/bin/webtrace-codex-bridge.mjs
After changing extension code, rebuild and reload the unpacked extension in
edge://extensions. The extension service worker automatically connects to the
bridge port range when Codex starts it, so multiple Codex sessions can use
WebTrace at the same time.
Architecture
┌─────────────────────────────────────────────────────┐
│ AI Agent (MCP Client) │
│ Qoder / Cursor / Claude Code │
└────────────────────┬────────────────────────────────┘
│ MCP Protocol (WebSocket/Port)
┌────────────────────▼────────────────────────────────┐
│ Service Worker (Background) │
│ ┌─────────┐ ┌──────────┐ ┌──────────────────┐ │
│ │MCP Server│ │Tab Manager│ │Offscreen Manager │ │
│ └─────────┘ └──────────┘ └────────┬─────────┘ │
└───────────────────────────────────────┼─────────────┘
│
┌───────────────────────────────────────▼─────────────┐
│ Offscreen Document │
│ ┌──────────────────┐ ┌─────────────────────────┐ │
│ │QuickJS WASM │ │Babel AST Engine │ │
│ │(Sandbox + Trace) │ │(Detect + Instrument) │ │
│ └──────────────────┘ └─────────────────────────┘ │
└─────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────┐
│ Target Web Page │
│ ┌────────────┐ ┌────────────┐ ┌──────────────┐ │
│ │Stealth │ │VM Tracer │ │API Hooks │ │
│ │Bootstrap │ │(Proxy) │ │(fetch/XHR) │ │
│ └────────────┘ └────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────┘
MCP Tools
| Tool | Description |
|---|---|
detect_protection |
Detect page protection type and level |
analyze_jsvmp |
Analyze JSVMP code structure |
trace_execution |
Execute in sandbox with full trace |
extract_bytecode |
Extract bytecode arrays from page |
hook_api |
Set up API hooks on page |
get_hook_logs |
Retrieve hook logs |
page_state |
Get page state (cookies/storage/scripts), optionally by tabId or url |
list_tabs |
List browser tabs, including window and incognito metadata |
activate_tab |
Activate a tab by tabId |
navigate |
Navigate the current tab, a target tab, or a new tab |
dom_snapshot |
Read visible text, forms, inputs, buttons, and links from a tab |
query_dom |
Query DOM nodes by CSS selector |
deobfuscate |
Deobfuscate JS code |
For InPrivate/incognito pages, Edge must allow the extension in InPrivate mode. Site access set to "all sites" is not enough by itself.
Integration
Tech Stack
- TypeScript + Vite
- Chrome Extension Manifest V3
- MCP (Model Context Protocol)
- QuickJS WASM (quickjs-emscripten)
- Babel AST (@babel/parser + traverse)
License
MIT
Установка WebTrace Server
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/kings0527/web-traceFAQ
WebTrace Server MCP бесплатный?
Да, WebTrace Server MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для WebTrace Server?
Нет, WebTrace Server работает без API-ключей и переменных окружения.
WebTrace Server — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить WebTrace Server в Claude Desktop, Claude Code или Cursor?
Открой WebTrace Server на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare WebTrace Server with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
