AI_JS_DEBUGGER is an automated JavaScript reverse-engineering tool that leverages the Chrome DevTools Protocol (CDP) and AI to analyze front-end code. It assists security researchers and developers by automatically debugging JavaScript, identifying encryption algorithms, extracting keys, and generating analysis reports along with mitmproxy scripts, significantly accelerating the reverse-engineering process.

How It Works

The project utilizes the Chrome DevTools Protocol (CDP) to interact with and debug JavaScript execution within supported browsers like Chrome and Edge. It employs AI models, compatible with OpenAI's API format, to analyze intercepted data, identify cryptographic functions, and infer key generation methods. JavaScript hooking techniques are integrated to capture sensitive information such as encryption keys and plaintext/ciphertext pairs, enabling automated analysis of common algorithms like AES and RSA.

Quick Start & Requirements

• Installation: Clone the repository (git clone https://github.com/Valerian7/AI_JS_DEBUGGER.git), navigate into the directory, and install dependencies (pip install -r requirements.txt).
• Prerequisites: Python 3.11+, Google Chrome or Microsoft Edge browser, and an LLM API key (compatible with OpenAI's format, e.g., Qwen, deepseek, ChatGPT, Claude).
• Running: Start the Flask web service using python3 run_flask.py. Access the web UI at http://localhost:5001.
• Documentation: Links to specific quick-start guides or demos are not explicitly provided beyond the README instructions.

Highlighted Details

• Automated debugging of front-end JavaScript.
• AI-driven analysis of encryption algorithms, keys, and key generation methods.
• Support for JavaScript file breakpoints and XHR request breakpoints with automatic call stack backtracking.
• Generation of analysis reports and mitmproxy scripts.

Maintenance & Community

Contributions are welcomed via Pull Requests or Issues. Community interaction channels like Discord or Slack are not specified in the README.

Licensing & Compatibility

The project is released under the MIT License, permitting commercial use and integration with closed-source projects, subject to the license terms.

Limitations & Caveats

Handling heavily minified or obfuscated JavaScript might require specific configuration, such as disabling browser JS beautification to accurately determine breakpoint line and column numbers. XHR breakpoints necessitate a secondary trigger after the initial breakpoint is hit to enable the call stack backtracking feature.