@vintcessun: The first time you encounter anti-scraping encryption parameters, you'll probably think "manual breakpoints, environment patching, endless trial and error." But this project directly installs an AI reverse engineering Agent in Firefox — it automatically captures traffic, locates parameters, and non-invasively traces the SpiderMonkey engine at the C++ layer, completely invisible to the page. The core idea is to extract the black-box signature from the browser environment and reduce it to a standalone Node.js algorithm.

X AI KOLs Timeline Tools

Summary

An AI reverse engineering Agent project based on Firefox that non-invasively traces at the engine's C++ layer and strips out webpage encryption parameters, reducing them to standalone Node.js algorithms.

The first time you encounter anti-scraping encryption parameters, you'll probably think "manual breakpoints, environment patching, endless trial and error." But this project directly installs an AI reverse engineering Agent in Firefox — it automatically captures traffic, locates parameters, and non-invasively traces the SpiderMonkey engine at the C++ layer, completely invisible to the page. The core idea is to extract the "black-box signature" from the browser environment and reduce it to a pure Node.js algorithm. Turns out JS reverse engineering can be done like this: engine-level omniscient perspective + AI autonomously using 45 tools, bypassing anti-debugging, and directly extracting the encryption logic. Repo is here.
Original Article
View Cached Full Text

Cached at: 07/04/26, 12:46 PM

When you first encounter anti-scraping encrypted parameters, you probably think “manual breakpoints, environment patching, endless trial and error.” But this project directly installs an AI reverse engineering Agent inside Firefox — it captures traffic, locates, non-invasively traces at the SpiderMonkey engine C++ layer, and the page is completely unaware. The core idea is to strip the “black-box signature” from the browser environment and restore it into a pure Node.js algorithm. Turns out JS reverse engineering can be done this way: engine-level god’s-eye view + AI autonomously calls 45 tools, bypasses anti-debugging, and “extracts” the encryption logic directly.

The repo is here:


WhiteNightShadow/firefox-reverse

Source: https://github.com/WhiteNightShadow/firefox-reverse

Firefox-Reverse

A Firefox with a built-in AI Reverse Engineer

Turning encryption / signing / risk-control parameters on web pages from a “black box” into a “standalone, browser-free pure algorithm.”

Firefox | Windows | macOS | Linux | AI Engine | License

📥 Download (Releases) · Quick Start · Full Tool List · Build from Source


Overview

Many websites include an encrypted parameter when making requests — a signature sign, token token, risk-control fingerprint, etc. To replicate the request outside the browser (in your own Node / Python script), you need to figure out how this parameter is computed. That’s JS Reverse Engineering, and it’s usually hard: logic is obfuscated, packed inside JSVMP (JS Virtual Machine Protection), or compiled into WASM, and deeply depends on a bunch of browser environment fingerprints. Traditional approaches involve manually setting breakpoints in DevTools, patching the environment, and trying values repeatedly — time-consuming and easy to get stuck in circles.

Firefox-Reverse hands this entire task to a built-in AI Agent. It lives in the browser’s sidebar and acts like a professional reverse engineer — autonomously capturing packets, reading code, instrumenting at the engine’s C++ kernel layer (page is unaware), patching the environment, writing scripts, and actually hitting the API to verify — all with the goal of turning an encrypted parameter into a pure algorithm that you can run independently in Node.js.

The key difference from “AI + normal browser automation”: its critical observation tools (signature parameter tracing / JSVMP instruction-by-instruction trace / WASM import boundary / engine-level branch differential) are all implemented inside the C++ engine of SpiderMonkey/Gecko — these are “god’s-eye view” that the page’s JS cannot reflect or detect, making them especially vital against strong anti-debugging / anti-hook sites.


🚀 Quick Start (5 Steps)

1 Download & Install

Go to the Releases page of this repo, and download the installer for your system:

SystemFileInstallation
Windowsfirefox-*.win64.zipUnzip, double-click firefox.exe (if SmartScreen blocks → “More info” → “Run anyway”)
macOS (Apple Silicon)firefox-*.mac.dmgOpen → drag to “Applications”; if first launch shows “damaged,” see the ⚠️ note below
Linux (x86_64)firefox-*.linux-x86_64.tar.xzUnzip, run ./firefox

⚠️ First launch on macOS shows ““Firefox Reverse” is damaged and can’t be opened“? This is not actually damaged — our browser is a self-signed application, not Apple-notarized (costs $99/year). After downloading via browser, the system sets a “quarantine” flag, which causes this on Apple Silicon. Run this single line in “Terminal” to remove the quarantine and open normally:

xattr -dr com.apple.quarantine "/Applications/Firefox Reverse.app"

(Replace the path with your actual install location; alternatively: System Settings → Privacy & Security → scroll down and click “Open Anyway”.)

2 Open the AI Sidebar

Launch the browser → click the Firefox-Reverse tool icon (robot/reverse icon) in the right sidebar to open the Agent panel.

Open sidebar and select Firefox-Reverse Agent

3 Configure a LLM Key (configure once per use, stored locally)

Click the ⚙️ settings icon in the top-right of the panel → select a model provider, enter your API Key:

  • Supports DeepSeek, Zhipu GLM, Kimi (Moonshot), MiniMax, Tongyi Qianwen (Qwen), Claude, OpenAI, or any OpenAI / Anthropic protocol-compatible custom endpoint (fill in baseUrl + token + model name).

💡 Model selection advice: For simple / small sites, use a cheap model (e.g., DeepSeek) to get started; for complex / large sites, weak models tend to get lost in long chains — for such targets, use the “custom model” endpoint to connect Opus 4.8 or the latest flagship model for steadier reverse engineering progress with fewer detours.

4 New Session → Choose Mode

Click “New Conversation”, a selection card will appear:

  • ⚡ Full Auto — give it the target interface/parameter, it handles everything autonomously (suitable for “set and forget”);
  • 🧭 AI Assisted — it first proposes a plan, then stops after each phase, gives you direction options, and you decide step by step (suitable for learning / complex targets).

5 Tell It Your Target

State the task using the format below (the more specific the info, the fewer detours the AI takes):

【Site URL】https://example.com/list  # page where the target request is visible
【API URL】GET https://example.com/api/v1/list?page=1  # the request you want to replicate
【Target Parameter】X-Sign in the request header (signature). Also list any other dynamic parameters (timestamp / device fingerprint / token etc.)
【Output Goal】1 Black-box usable version: Use Node.js to reproduce the parameter generation algorithm, making the API call successfully outside the browser. 2 White-box pure algorithm version: Further rewrite it as a pure JS implementation that does not depend on the original obfuscated code (optional)

Then watch it autonomously capture traffic, locate, patch the environment, and verify by actually hitting the API. The outputs (scripts, reconstructed code, notes) will be saved to the working directory you specify for this session.

Quick glossary for beginners (click to expand)

  • Signature / encrypted parameter: A computed string in the request (e.g., sign, token, X-Bogus) that the server uses to verify the request’s legitimacy.
  • Environment patching: Signature algorithms often rely on browser-specific things (navigator, DOM, crypto, etc.). “Patching the environment” means providing these “pretend” implementations in Node so the algorithm can run.
  • JSVMP: Compiles JS into custom “bytecode + interpreter”, making the original logic unreadable — a common strong protection.
  • WASM: Compiles the algorithm into a binary module that the browser executes directly; the source code is invisible.
  • White-box pure algorithm: Completely understand the algorithm and rewrite it with plain code, so that the original JSVMP/WASM binary is no longer needed.
  • Working directory: A local folder you assign for a session. The Agent’s captured scripts, traces, reconstructed code, and progress notes are all stored here.

✨ Core Highlights

  • 🧠 Built-in Autonomous Agent — Not just a chat box; it’s a reverse engineering agent that can continuously call 45+ tools, autonomously completing the entire pipeline: “capture → locate → verify → patch environment → actually hit the API”.
  • 🔬 Engine-level “God’s Eye” Tools — Signature parameter tracing, JSVMP instruction-by-instruction trace, WASM import boundary, browser truth value vs Node replica branch differential — all observed inside the C++ engine, undetectable by the page, unblockable by anti-debugging.
  • 🎛 Two Working Modes — Full Auto / AI Assisted (you pilot), persisted per session, switchable anytime.
  • 🌐 Site-agnostic — Targets general JS / JSVMP / WASM / signature reverse engineering, not customized for any specific site; case studies are just test examples.
  • 🔌 Any LLM — DeepSeek / Zhipu GLM / Kimi / MiniMax / Tongyi Qianwen / Claude / OpenAI and any OpenAI/Anthropic protocol-compatible endpoint. Keys are stored locally, never sent out.
  • 💾 Cross-session Memory — Verified facts / pitfalls are stored in the built-in SQLite, so the next session won’t repeat the same mistakes.
  • 🧩 Persistent Engine — The conversation engine runs as a parent-process system module; switching tabs / closing sidebar doesn’t interrupt it. Multi-window working directories are isolated from each other.

🤖 Two Working Modes

When creating a new session for the first time, choose between them. The session will stick with that mode (you can switch anytime from the mode indicator at the top):

⚡ Full Auto🧭 AI Assisted
PaceGive target → runs from start to finishFirst proposes a plan → stops after each phase → you choose the direction
InterruptionDoesn’t interrupt midway; only stops when it truly needs you (login / CAPTCHA / pure business decisions) or when doneStops after each phase (entry point location / bytecode trace / DOM-API analysis / construction/implementation) to report and give 2–3 direction options
Suits“Set and forget,” clear goal, trust the modelComplex targets, want to learn while watching, want to control the direction
ValueHassle-freeWeak model + human pilot = fewer dead ends, more stable for complex cases

🧭 AI Assisted’s “pilot” can be a human, or another strong model — two ways to play:

  • 1 Human pilot — You read its conclusions from each phase, give direction corrections, manually guide it out of detours.
  • 2 MCP auto-pilot (cost splitting) — A strong model director (Claude / GPT etc. latest flagship) uses MCP to automatically “command” the built-in reverse Agent in this browser: the browser Agent is operated by a cheap worker model (e.g., DeepSeek / Tongyi Qianwen / GLM) in AI Assisted mode, doing all the grunt tool work; the director only reads phase conclusions, makes direction corrections, and does not run tools itself. The expensive model’s judgment + cheap model’s tireless tool grinding — token cost split (expensive model spends very few tokens per round, cheap model pays for all the grinding).
  • Supporting MCP repo → frx-director-mcp (https://github.com/WhiteNightShadow/frx-director-mcp) (ready to use: after connecting MCP, copy the 「🟢 One-click paste to your AI」section from its README to your director; it will self-check the environment, guide you to fill in anything missing with one sentence, then automatically create directories / choose AI Assisted / start a new session / assign tasks / read conclusions / push directions in a loop until results are produced — you only need to provide the target site when it asks).

💡 Worker model selection (important): In long tool loops like MCP, the worker must be a standard / fast tier — recommended: deepseek-v4-flash — tested zero drift, ~2-3 minutes per phase, smoothest coordination. Do NOT use reasoning-tier models (e.g., deepseek-v4-pro): reasoning tiers tend to degenerate into “only spit out plain-text plans, stop calling tools” in long loops, which is the primary failure mode for workers. You can set the worker to this tier in the browser Agent ⚙️ settings, or have the director temporarily specify it with agent_start({ model: "deepseek-v4-flash" }) (same key, no config change needed).


🎯 Two Phases: Black-box Usable → White-box Pure Algorithm

The Agent’s progression follows a pragmatic route — first get something working, then pursue a thorough understanding:

  1. Black-box usable version: Node.js environment patching runs the original WASM/JSVMP — verified by “locally generated signature actually hits the target API, server returns valid data”. ✅ Both JSVMP and WASM carriers are mature.
  2. White-box pure algorithm: Extract the internal algorithm, rewrite it in plain code, completely independent of the original binary. ✅ JSVMP toolchain is complete and battle-tested; WASM provides disassembly (WAT) + engine-level branch diagnostics for deep analysis.

🧰 Full Tool List (45+)

Tools that the Agent can autonomously invoke, categorized by purpose:

CategoryToolDescription
Page Automationpage_navigate page_click page_scroll page_type page_eval page_screenshot page_elements page_infoNavigation / Click / Scroll / Fill forms / Execute JS / Screenshot / Get elements
Networknet_capture net_list net_get net_intercept hook_inject find_param_entryCapture packets, view request details (including initiator call stacks), intercept/modify, document-start inject hook (catch requests from first paint/refresh), locate parameter entry points
🔑 Signer / Closure Tracingsigner_trace closure_readEngine-level Debugger captures real input parameters of the signer function + reads real closure variable values (dispatcher / runtime-decoded bytecode / RC4 S-box / constant pool — things page_eval can’t reach, page-unaware)
Code / Scriptscode_search scripts_list scripts_save scripts_capture_allSearch code in the corpus + working directory, dump scripts
WebAPI Fingerprintingwebapi_trace webapi_queryRecords which navigator/document/canvas… fingerprints the page read
🔒 JSVMP White-boxjsvmp_trace jsvmp_split_dispatcher dispatcher_probe jsvmp_disassemble jsvmp_query jsvmp_statusPer-opcode trace → identify dispatcher (structure-agnostic dispatcher_probe handles switch/if-else/jump-table) / decode → bytecode disassembly → algorithm reconstruction
🔎 Cryptography Identificationcrypto_scanInstantly identifies RC4 S-box, XXTEA delta, MD5/SHA IV, AES S-box/Te table, SM4, custom base64 alphabet — classify by type without brute-force constant scanning
🧬 WASMwasm_probe wasm_disasmImport tracing (explores DOM/env boundaries that WASM reads), .wasm → readable WAT
🩺 White-box Diagnosticswhitebox_diffEngine-level branch differential between browser truth and Node replica — turns “guessing values in a black box” into “white-box pinpointing which branch / which env is causing the divergence.” Fully non-invasive
General JS Tracejs_traceAST instrumentation + Node execution, trace per function (non-JSVMP regular JS)
Execution / Filesrun_node run_python npm_install fs_read fs_write fs_list fs_copy fs_mkdirRun scripts in the working directory, make actual API calls for verification, read/write files
🍪 Cookie Managementcookies (action: list / set / remove)List (including httpOnly, inaccessible via document.cookie) / add/modify / delete cookies — via the engine’s nsICookieManager, can manage login state
Methodology / Memoryskill_get notes_add notes_getFetch built-in reverse engineering methodology, persist cross-session site experience

🖥 Platform & Downloads

PlatformArchitectureStatus
Windowsx86_64✅ Installer available (continually improving, feedback welcome)
macOSApple Silicon (arm64)✅ Installer available
Linuxx86_64✅ Installer available

Installers for all three platforms are cross-compiled on a Linux build machine (macOS arm64 / Windows64 / Linux x86_64) and published to Releases.


🏗 Build from Source

If you just want to use it, go directly to Releases to download — no need to compile yourself.

This repo is a set of patches for Firefox (additions/), not containing the Firefox source itself. Build process:

# 1. Get Firefox 153.0a1 source into upstream/ (first time)
#    (see scripts/, or use mach's standard bootstrap)
# 2. Apply this repo's additions (agent-sidebar + engine-layer C++ patches)
bash scripts/apply-patches.sh
# 3. Compile + package
cd upstream && ./mach build && ./mach package
  • Frontend (sidebar React UI): additions/browser/components/agent-sidebar/, npm run build produces the bundle.
  • Engine patches (non-invasive tracing): C++ files in additions/js/..., additions/dom/....
  • Automated build scripts can be found in .github/workflows/release.yml.

🏛 Architecture

┌─────────────────────────── Firefox-Reverse ───────────────────────────┐
│                                                                       │
│  Sidebar React UI (omni.ja)         Persistent Engine (parent process │
│  ├ Conversation / Mode Cards /      system module, .sys.mjs)          │
│  │ Working Directory                ├ AgentSession survives panel     │
│  └ Subscribe only to snapshots,     │   reloads                       │
│    holds no business state          ├ AgentLoop tool loop / context   │
│                                     │   compression                   │
│                                     ├ ToolRouter 40+ tool routing    │
│                                     └ ConfigStore / Memory (SQLite)   │
│                                                                       │
│  Engine-level C++ Instrumentation (page-unaware, unreflected)         │
│  ├ JSVMP instruction-by-instruction trace (SpiderMonkey interpreter   │
│  │   instrumentation)                                                 │
│  ├ WebAPI fingerprint trace (DOM boundary)                            │
│  └ Coverage / Branch differential (whitebox_diff)                     │
└────────────────────────────────────────────────────────────────────────┘

Final product: A pure Node.js / Python algorithm, no longer requires the browser

❓ FAQ

  • Do I need to know compilation / environment setup? No. Download the installer from Releases, configure a LLM key, and you’re ready to go.
  • Which LLMs are supported? DeepSeek / Zhipu GLM / Kimi (Moonshot) / MiniMax / Tongyi Qianwen (Qwen) / Claude / OpenAI, and any OpenAI/Anthropic protocol-compatible custom endpoint. Keys are stored locally.
  • Will my key / data be uploaded? No. Keys are stored in your local browser configuration, used only to connect directly to your chosen model endpoint.
  • Which mode should I choose: Full Auto or AI Assisted? Clear goal, trust the model → Full Auto; complex / want to control direction / want to learn → AI Assisted.
  • Can this guarantee cracking any site? No. Strong protections (deep JSVMP / WASM with built-in keys) remain very difficult. This tool maximizes analysis efficiency, but is not a silver bullet.

⚖️ Legal & License Statement

This project is a reverse engineering analysis tool intended for security research, API integration, and authorized testing. Users are responsible for their own actions:

  • Only use on targets you have legal authorization for (your own platforms, penetration testing targets with permission, CTF / educational purposes, etc.).
  • Do not use for unauthorized access, bypassing security mechanisms of others’ systems, large-scale scraping, or any activity that violates the target’s terms of service or local laws.
  • The author and contributors are not responsible for any misuse. Downloading implies you understand and agree to these terms.

📝 Changelog

v0.19 (2026-06-10)

  • New models: Kimi (Moonshot, kimi-k2.6), MiniMax (MiniMax-M3), Tongyi Qianwen (Qwen, qwen3-max) — together with existing DeepSeek / Zhipu GLM / Claude / OpenAI, mainstream LLMs are broadly covered.
  • MCP external drive visibility: Added AgentSession.listRunning() + sidebar “auto-follow when idle / busy banner” — sessions driven externally (e.g., MCP director) can automatically switch to, stream in real-time, and show the bound working directory in the sidebar (for the cost-splitting approach with the companion frx-director-mcp (https://github.com/WhiteNightShadow/frx-director-mcp) , see “Two Working Modes”).
  • “Stop” immediate effect (framework fix): Clicking stop while run_node / run_python is stuck will immediately kill the child process (previously it would wait until timeout expired); run_node default timeout reduced from 300s → 30s (enough for normal JS loading, faster release when hanging).
  • Tool additions: crypto_scan (cryptographic constant identification), closure_read (engine-level read of real closure variable values), hook_inject (document-start hook injection), dispatcher_probe (structure-agnostic JSVMP dispatcher detection) — total tools increased from 40+ to 44+.
  • Methodology / Robustness: “Fast lane” for simple sites (classify by hooking and comparing against standard algorithms first, without struggling through obfuscation), page_eval full privilege + large output saveTo disk, SSR site recognition, long-task guardrails softened for strong models (hard limits → soft hints, scaling with context window).

v0.17 – v0.18 (Since 2026-06-08)

  • Official builds for all three platforms (Windows / macOS / Linux) released to Releases; context window auto-scales based on selected model (modelBudget, long reverse engineering tasks no longer easily truncated); ongoing polish of skill methodology, tool stability, and long-task robustness.

Earlier (v0.12 – v0.16)

  • JSVMP offline toolchain (dispatcher splitting / bytecode disassembly) packaged as first-class tools; general WebAPI fingerprint tracer (C++ engine layer, page-unaware); WASM boundary detection wasm_probe + disassembly wasm_disasm; general JS per-function trace js_trace; signer input tracing signer_trace; white-box branch differential whitebox_diff; built-in reverse engineering methodology skill_get + cross-session SQLite memory + anti-detour guards; conversation engine moved to parent process persistent (switching tabs / closing sidebar doesn’t interrupt).

🔑 External Support · Model Key Application

Firefox-Reverse connects directly to your chosen model; keys are stored locally and not routed through any third party. Below are the application links for each model’s key, grab as needed:

Model / ServiceDescription
DeepSeek (https://platform.deepseek.com/usage)Good cost-performance ratio, default recommendation for the Agent
Zhipu GLM (https://open.bigmodel.cn/)
Kimi (Moonshot) (https://platform.moonshot.cn/)
MiniMax (https://platform.minimaxi.com/)
Tongyi Qianwen (Qwen) (https://bailian.console.aliyun.com/)Alibaba Cloud Bailian

How to connect: All of the above are built-in providers in the Agent ⚙️ settings; just select them and fill in the key. For other OpenAI/Anthropic compatible endpoints, select “Custom” and enter baseUrl + Key + model name.


📮 Feedback / Contact

If you encounter problems, want to report a bug, or discuss reverse engineering ideas, feel free to add us on WeChat or join the group:

WeChat ID: han8888v8888 (Please note “Firefox-Reverse” when adding as a friend)


License

MPL-2.0 (https://www.mozilla.org/MPL/2.0/) — same as upstream Firefox. This project is a derivative work of Firefox; relevant trademarks belong to Mozilla.

Similar Articles

@GitHub_Daily: AI agents automating browser operations or scraping data often get blocked by anti-scraping mechanisms, and get stuck when encountering captchas or human verification. Recently, the BrowserAct team open-sourced a Skill, a browser automation command-line tool designed specifically for AI agents. It provides three layers of anti-blocking mechanisms, from…

X AI KOLs Timeline

The BrowserAct team open-sourced a browser automation command-line tool designed specifically for AI agents, providing three layers of anti-blocking mechanisms (fingerprint spoofing, captcha cracking, human takeover), supports multi-browser parallelism and account isolation, and optimizes output format to save tokens.

@vista8: An open-source browser project that bypasses all major anti-bot detection: CloakBrowser. It is said to bypass all major anti-bot measures, such as Cloudflare. Directly modified from Chromium C++ source code, it changes 57 fingerprinting details at compile time. As the saying goes, the measure is high, the devil is higher, hahaha. Github…

X AI KOLs Timeline

CloakBrowser is an open-source browser project directly modified from Chromium C++ source code, bypassing anti-bot measures like Cloudflare by changing 57 fingerprinting details at compile time.

@apivixtls: Now let me recommend an open-source project. If you're interested in web penetration and API packet capture, you can use this directly. This project boils down to one thing: helping you do less manual work and focus on results. What exactly does it do? Your usual packet capture goes like: Open Charles / mitmproxy → a bunch of requests → you slowly sift through them…

X AI KOLs Timeline

Recommend an open-source web penetration and API packet capture analysis tool that uses AI to automatically filter, analyze requests, handle encryption, and generate analysis summaries and reproduction steps, greatly improving reverse engineering efficiency.

@XAMTO_AI: Wow! Just found a crazy plugin — after installing it, you can directly see the tech stack of any webpage! Front-end frameworks, backends, CDNs all exposed. Click on names to jump to official sites. Even getting a quick overview is this intense in the AI era? Jump on it and research before others leave you in the dust. https://github.com/setube/stac…

X AI KOLs Timeline

Introducing StackPrism, a browser extension that automatically identifies the tech stack of web pages, including front-end frameworks, backends, and CDNs. Supports Chrome/Edge/Firefox, built on Manifest V3, collects clues through multiple channels and presents them in a categorized view.

@cevenif: Reverse engineering used to be the crown jewel of the hacker world – now it's been packaged into a skill set and shoved right at AI's mouth!! Just drop in a routing.md, and AI automatically knows which path to take for security tasks: APK reverse engineering, IDA static analysis, front-end JS cracking, firmware penetration, EDR bypass, exploit chains…

X AI KOLs Timeline

This project is an AI skill routing package for reverse engineering and penetration testing. Through routing.md, it enables AI to automatically select the appropriate tools and methods, lowering the barriers to security offense and defense.