js-reverse-automation--skill

# js-reverse-automation--skill By combining the capabilities of chrome-devtools-mcp and the specifications of Skill, this project implements a frontend JS reverse automation analysis solution using JSRPC, Flask, and autoDecoder. This solution aims to improve the efficiency of JS reverse analysis. ## Applicable Scenarios - Rapid deployment of frontend signature/encryption parameter reverse analysis - Encapsulating JS reverse logic into reusable code - Integration with Burp for packet capture and modification ## Process Design To address the tedious operations involved in the initial configuration stage of JS reverse analysis, such as locating encryption functions, writing registration code, and creating Python code, this project leverages AI-powered MCP and Skill technologies. These technologies enable the automatic completion of function discovery and registration code generation, thereby transitioning from "semi-automation" to "high automation." Users only need to provide the following commands and configure Burp to complete the entire JS reverse analysis process. <img width="2064" height="1108" alt="image" src="https://github.com/user-attachments/assets/fc13f276-f667-486a-8506-221c0c55507e" /> ## Core Capabilities - Connecting to a real browser using MCP to trigger and track JS encryption/signature links - Automatic location of critical parameter generation entry points, such as `sign`, `enc`, and `token` - Automatic generation of JSRPC injection and registration code - Automatic generation of Python Flask proxy code - Output of Burp `autoDecoder` docking instructions, supporting end-to-end joint debugging - Support for 11 anti-debugging capabilities of AntiDebug_Breaker ## Project Structure ```latex js-reverse-automation--skill/ ├── README.md # Project description, usage, update notes, and structure explanation. ├── SKILL.md # Skill main control file. Defines how tasks are triggered, required inputs, process stages, and output and acceptance criteria. ├── agents/ │ └── openai.yaml # Skill agent entry configuration. Defines default prompts, input formats, and execution constraints. ├── artifacts/ # Runtime directory for storing intermediate products and final verification reports. Expected files include: │ ├── artifacts/phase0_input.json # Normalized input │ ├── artifacts/phase1_trace.json # Browser link reproduction results │ ├── artifacts/phase2_entrypoints.json # Parameter entry identification results │ ├── artifacts/phase3_dependencies.json # Dependency, context, and call method extraction results │ └── artifacts/validation_report.json # Final verification report ├── references/ │ ├── references/workflow-recon.md # Stage process instructions. │ ├── references/output-contract.md # Input and output contract instructions. │ ├── references/failure-recovery.md # Failure recovery and diagnosis format instructions. │ ├── references/validation-checklist.md # Acceptance criteria instructions. │ └── references/antidebug/ │ ├── references/antidebug/debugger-loop.md # Handling infinite debugger, eval, Function class issues. │ ├── references/antidebug/console-detect.md # Handling console detection, log tampering, screen clearing, etc. │ ├── references/antidebug/timer-check.md # Handling time difference, performance timing, Promise timing detection. │ ├── references/antidebug/env-detect.md # Handling environment recognition issues such as window size, webdriver, UA, DevTools detection. │ ├── references/antidebug/proxy-guard.md # Handling link interruptions such as jumping, closing pages, history, and proxy interception. │ └── references/antidebug/dynamic-alias.md # Handling dynamic aliases, wrappers, resolvers, and unstable paths. └── scripts/ ├── scripts/check_inputs.py # Input validator. ├── scripts/emit_analysis_result.py # Unified analysis product generator. ├── scripts/emit_jsrpc_stub.py # JSRPC code generator. ├── scripts/emit_flask_proxy.py # Flask proxy generator. ├── scripts/emit_burp_doc.py # Burp autoDecoder document generator. └── scripts/validate_artifacts.py # Full link validator. ``` ## Q&A Q1. Some users have reported encountering a scenario like the one shown in the figure. <img width="1580" height="868" alt="image" src="https://github.com/user-attachments/assets/4d07e966-9fda-429a-8d59-26dfe7525d4d" /> A1. The solution to this problem is straightforward. Users only need to follow the prompt word template in openai.yaml, replace the Target URL with 127.0.0.1, and ensure that the skill.md prompt words are optimized to execute 127.0.0.1. ## Usage Example This example demonstrates the usage of codex5.3 (other platforms are similar). 1. Download the skills and place them in the codex skills directory, e.g., `/Users/username/.codex/skills/`. <img width="880" height="296" alt="image" src="https://github.com/user-attachments/assets/0740b150-1508-46f1-bd76-2c6c9afa3bca" /> 2. Add the chrome-devtools-mcp service to the Codex configuration. ``` codex mcp add chrome-devtools -- npx -y chrome-devtools-mcp@latest ``` <img width="2464" height="216" alt="image" src="https://github.com/user-attachments/assets/0a3bd8c8-9029-4d8c-9f50-f91fb5ac4e4e" /> 3. Modify the Codex configuration file (MAC: `~/.codex/config.toml`) and add the following fields. ``` [mcp_servers.chrome-devtools] command = "npx" args = ["-y", "chrome-devtools-mcp@latest"] ``` <img width="1848" height="892" alt="image" src="https://github.com/user-attachments/assets/b2f8a0a9-2ab1-44a1-baf6-5b57d20076b5" /> 4. Verify if it takes effect. <img width="2524" height="722" alt="image" src="https://github.com/user-attachments/assets/0dfd71ad-7b03-4eb3-a99a-8c11990dcf72" /> 5. Start the mcp service. When the browser opens, the MCP service is configured. ``` /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \ --remote-debugging-port=9222 \ --remote-debugging-address=0.0.0.0 ``` <img width="2374" height="996" alt="image" src="https://github.com/user-attachments/assets/7a2336ee-1d7a-4ead-99c3-9faa00bc18bc" /> 6. Use the skill on the codex client. <img width="2126" height="1548" alt="image" src="https://github.com/user-attachments/assets/5b63f167-e2c2-4686-b28f-3558f18f6012" /> 7. Enter the required information. ``` Target URL: Parameters To Analyze: Environment Constraints: Optional Fetch Example: ``` <img width="1546" height="876" alt="image" src="https://github.com/user-attachments/assets/a7359fdb-949c-40da-9c63-ea1e47b4be32" /> 8. Wait for the program to complete execution. <img width="1736" height="1016" alt="image" src="https://github.com/user-attachments/assets/76874d70-06c7-4a42-8cdf-de64e75e9c49" /> ## Effect Verification 1. Start JSRPC. <img width="1354" height="354" alt="image" src="https://github.com/user-attachments/assets/2be18d21-18b8-4594-b1ff-25e9126e5348" /> 2. In the browser developer tools console, execute the content of `js-reverse-automation/scripts/JsEnv_Dev.js`. <img width="1980" height="1332" alt="image" src="https://github.com/user-attachments/assets/d2d7a299-f354-459c-b624-9d7d95abe130" /> 3. Inject the AI-generated `jsrpc_inject_hr_ncu_password.js` into the console. <img width="1746" height="1320" alt="image" src="https://github.com/user-attachments/assets/b00c2261-ee26-4b88-a408-e0faaba84079" /> 4. Test if the jsrpc call function is normal. The result shows that it is working properly. ``` http://127.0.0.1:12080/go?group=fausto&action=generate_password_md5&param=111111 ``` <img width="2402" height="1056" alt="image" src="https://github.com/user-attachments/assets/5da1563a-84d7-4d6f-b83e-81106bed90a5" /> 5. Run `flask_proxy_hr_ncu.py`. <img width="1744" height="1322" alt="image" src="https://github.com/user-attachments/assets/9b70a477-2b12-464d-8450-822320556c95" /> 6. Test if Flask can encrypt normally. The result shows that it is working properly. ``` curl -X POST http://127.0.0.1:8888/encode \ -H "Content-Type: application/x-www-form-urlencoded" \ --data-urlencode "dataBody=username=111111&password=111111&code=1234&role=000002" ``` <img width="2508" height="1092" alt="image" src="https://github.com/user-attachments/assets/a9001881-b303-4c6c-a4bf-03f32576e44b" /> 7. Finally, configure the Burp autoDecoder plugin according to the Burp autoDecoder configuration instructions, and successfully encrypt the parameters. The entire process is completed successfully. <img width="2382" height="1314" alt="image" src="https://github.com/user-attachments/assets/f3af2dd7-fe79-424a-be12-cea763c33e16" /> ## References - JsRpc：https://github.com/jxhczhl/JsRpc - autoDecoder：https://github.com/f0ng/autoDecoder - chrome-devtools-mcp：https://github.com/ChromeDevTools/chrome-devtools-mcp/ - AntiDebug：https://github.com/0xsdeo/AntiDebug_Breaker ## Update Log ### 2026-02-03 - Optimized project structure to support direct import of Claude, Codex, Trae, and other platforms that support Skills (the `agents/` directory can be adjusted as needed). ### 2026-02-11 - Added 11 supplementary anti-debugging skills to improve anti-debugging capabilities against complex targets. ### 2026-03-10 + Reconstructed Skill into an architecture of "main control file + reference rules + generator + validator + intermediate products," **resulting in more stable and highly available output quality** + Added unified intermediate product `analysis_result.json` + Added input validator, analysis product generator, JSRPC generator, Flask generator, Burp document generator, and unified validator + Added process documents, output contracts, failure recovery, and acceptance lists + Reconstructed `references/antidebug` from nested sub-Skills into a collection of reference rules + Designated `artifacts/` as the directory for stage products and verification reports ### 2026-03-19 + Added the ability to resist AI recognition as high-risk execution operations and refuse to execute + Added corresponding prompt word input guidance