JSReverser-MCP is a comprehensive tool designed for JavaScript reverse engineering, enabling developers to efficiently analyze front-end logic within real browser environments. It addresses the need for a standardized, reusable workflow by integrating script retrieval, debugging, network analysis, and code deobfuscation. Targeting security researchers, front-end engineers, and power users, it streamlines the process of locating critical logic like encryption, authentication, and business flows, ultimately accelerating debugging and security audits.

How It Works

The project champions a structured methodology: "Observe-first, Hook-preferred, Breakpoint-last, Rebuild-oriented, Evidence-first." This approach prioritizes initial observation in the browser, followed by minimal hooking for runtime sampling, then local rebuilding with environment patching in Node.js. Each step generates distinct artifacts, fostering a reproducible workflow that moves beyond ad-hoc debugging to systematic evidence collection and analysis. This methodology aims to provide a robust, repeatable process for complex JavaScript analysis.

Quick Start & Requirements

• Installation: npm install and npm run build.
• Execution: npm run start for basic operation.
• Prerequisites: Node.js and npm.
• AI Integration: Supports OpenAI, Anthropic, and Gemini LLMs for enhanced analysis, configurable via environment variables.
• Documentation: Extensive guides are available for client configuration (docs/guides/client-configuration.md) and browser connection (docs/guides/browser-connection.md).

Highlighted Details

• Unified Toolset: Integrates a wide array of capabilities including script discovery, dynamic hooking, breakpoint debugging, network request tracing, WebSocket analysis, page automation, and session state management.
• MCP Compatibility: Designed for seamless integration with MCP-compatible clients (e.g., Claude, Codex, Cursor), acting as a standardized backend service.
• AI-Assisted Analysis: Leverages external LLMs for advanced code understanding, deobfuscation, and risk assessment, though core functions remain operational without AI.
• Pre-built Cases: Includes indexed examples for common parameter chains on popular platforms like JD, Kuaishou, and Douyin.

Maintenance & Community

No specific details on contributors, sponsorships, or community channels (like Discord/Slack) were found in the provided text. The extensive documentation suggests active development.

Licensing & Compatibility

• License: Apache-2.0.
• Compatibility: The Apache-2.0 license is permissive, generally allowing for commercial use and integration into closed-source projects.

Limitations & Caveats

Advanced AI-dependent features, such as deep code semantic understanding and complex deobfuscation, may be degraded or unavailable if external LLM providers are not configured. While a quick start is provided, full setup and integration can be complex.