Summary Anything Analyzer automates web protocol reverse engineering, encryption analysis, and security auditing. It targets developers, security researchers, and crawler engineers by leveraging an embedded browser and AI to analyze web traffic, significantly reducing manual effort and generating detailed API documentation, authentication flows, and code reproductions.

How It Works The application embeds a browser controlled via Chrome DevTools Protocol (CDP) to capture network requests, JS execution, and storage changes. A two-stage AI pipeline filters irrelevant traffic (Phase 1) then performs deep analysis (Phase 2). It features JS hooking for dynamic analysis of functions and encryption libraries, and supports external LLM providers.

Quick Start & Requirements

• Prerequisites: Node.js >= 18, pnpm (recommended) or npm, VS Build Tools (Windows).
• Install: Clone repo, cd, pnpm install.
• Usage: Create session, browse, capture, analyze.
• LLM Config: External API keys (OpenAI, Anthropic, compatible) required.
• Docs: GitHub Repository

Highlighted Details

• Embedded multi-tab browser with auto-handling for OAuth popups.
• Comprehensive CDP Fetch capture (HTTP/HTTPS, WebSocket, SSE), including headers, body, and stream data.
• Advanced JS Hooking targets fetch, XMLHttpRequest, crypto.subtle, document.cookie, and popular JS encryption libraries (CryptoJS, JSEncrypt, node-forge, SM2/3/4).
• Automatic extraction of encryption-related JavaScript code.
• Flexible AI analysis modes: auto-identify, API reverse, security audit, performance, JS encryption, custom prompts.
• Extensible AI via MCP Server integration (stdio/HTTP).
• Interactive analysis with streaming reports and conversational follow-ups.

Maintenance & Community Community engagement is encouraged via the LinuxDo platform for technical exchanges and AI information sharing.

Licensing & Compatibility Licensed under the MIT License, permitting broad use, including commercial applications and integration into closed-source projects.

Limitations & Caveats This tool is for analysis only; it does not modify or intercept requests (not a man-in-the-middle proxy) and is not an automated testing framework. Analysis is limited to HTTP/HTTPS, WebSocket, and SSE. Users are responsible for legal compliance, as the tool requires external LLMs and cannot perform illegal operations.