{"id":50203442,"url":"https://github.com/Fausto-404/js-reverse-automation--skill","last_synced_at":"2026-06-11T16:00:29.662Z","repository":{"id":335953602,"uuid":"1146074760","full_name":"Fausto-404/js-reverse-automation--skill","owner":"Fausto-404","description":"结合chrome-devtools-mcp的能力并加上Skill的规范，实现JSRPC+Flask+autoDecoder方案的前端JS逆向自动化分析，提升JS逆向的效率","archived":false,"fork":false,"pushed_at":"2026-05-27T02:55:28.000Z","size":626,"stargazers_count":411,"open_issues_count":0,"forks_count":59,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-05-27T04:26:07.377Z","etag":null,"topics":["automation","js","reverse","skills"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Fausto-404.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-30T15:36:52.000Z","updated_at":"2026-05-27T02:55:32.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Fausto-404/js-reverse-automation--skill","commit_stats":null,"previous_names":["fausto-404/js-reverse-automation--skill"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/Fausto-404/js-reverse-automation--skill","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fausto-404%2Fjs-reverse-automation--skill","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fausto-404%2Fjs-reverse-automation--skill/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fausto-404%2Fjs-reverse-automation--skill/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fausto-404%2Fjs-reverse-automation--skill/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Fausto-404","download_url":"https://codeload.github.com/Fausto-404/js-reverse-automation--skill/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Fausto-404%2Fjs-reverse-automation--skill/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34206492,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-11T02:00:06.485Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","js","reverse","skills"],"created_at":"2026-05-26T00:00:42.983Z","updated_at":"2026-06-11T16:00:29.637Z","avatar_url":"https://github.com/Fausto-404.png","language":"Python","funding_links":[],"categories":["🌐 JS 逆向工程"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003ejs-reverse-automation--skill \u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003ccode\u003e前端JS逆向全流程自动化Skills\u003c/code\u003e \n\u003c/p\u003e\n\u003cdiv align=\"center\"\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/Fausto-404/js-reverse-automation--skill/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/Fausto-404/js-reverse-automation--skill?style=flat-square\u0026label=release\u0026color=blue\u0026cacheSeconds=3600\" alt=\"Release\"\u003e\n  \u003c/a\u003e\n\n  \u003ca href=\"https://github.com/Fausto-404/js-reverse-automation--skill/stargazers\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/Fausto-404/js-reverse-automation--skill?style=flat-square\u0026label=stars\u0026color=brightgreen\u0026cacheSeconds=3600\" alt=\"GitHub Stars\"\u003e\n  \u003c/a\u003e\n\n  \u003ca href=\"https://github.com/Fausto-404/js-reverse-automation--skill/network/members\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/forks/Fausto-404/js-reverse-automation--skill?style=flat-square\u0026label=forks\u0026color=orange\u0026cacheSeconds=3600\" alt=\"GitHub Forks\"\u003e\n  \u003c/a\u003e\n\n  \u003ca href=\"https://github.com/Fausto-404/js-reverse-automation--skill/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/downloads/Fausto-404/js-reverse-automation--skill/total?style=flat-square\u0026label=downloads\u0026color=success\u0026cacheSeconds=3600\" alt=\"Downloads\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003c/div\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cstrong\u003e结合chrome-devtools-mcp的能力并加上Skill的规范，实现JSRPC+Flask+autoDecoder方案的前端JS逆向自动化分析，提升JS逆向的效率\u003c/strong\u003e\n\u003c/p\u003e\n\n\n## 适用场景\n\n- 登录参数加密（RSA/AES/SM2/SM4/MD5/自定义编码）\n- 数据爬取时响应内容加密\n- 请求签名（sign/token/enc）\n- 需要将js逆向逻辑封装为可复用的代码\n- 需要与 Burp 配合进行抓包、改包\n\n## 解决传统 AI 逆向的四大痛点\n\n本项目专注于 **实战工程落地** ，通过更轻量的架构打通逆向到实战的最后一公里：\n\n* **从“死磕补环境”到“JSRPC 动态榨取”** ：\n  不强求 AI 去补全复杂的浏览器上下文，而是指导 AI 建立 JSRPC 远程调用。直接将真实浏览器作为算法解析器，绕过混淆逻辑，0 成本获取加密结果。\n\n* **从“孤岛式输出”到“全链路生产交付”** ：\n  拒绝只停留在“看懂代码”阶段。AI 交付的不仅是解析思路，更是直接可运行的 **Python Flask 中转服务** 与 **Burp Suite (autoDecoder) 联动配置**，无缝接入渗透工作流。\n\n* **从“单阶段盲跑”到“契约化阶段校验”** ：\n  引入明确的 Phase 0-9 阶段划分，以 `analysis_result.json` 作为中间产物契约。在生成代码后强制触发本地验证器校验，大幅降低 AI 在复杂长文本下的幻觉与语法错误。\n\n* **从“单次对话记忆”到“经验持续演进”** ：\n  打破“新对话即白纸”的限制。利用 `references/evolution_matrix.json` 记忆库，允许 AI 跨任务沉淀对抗经验，实现技能包针对新型混淆与反调试的持续自我演进。\n\n## 流程设计思路\n针对js逆向中常用的远程调用法进行js逆向（如JSRPC+Mitmproxy、JSRPC+Flask等）中，初始配置阶段中面对的定位加密函数、编写注册代码、编写python代码等繁琐操作，通过引入AI的MCP和Skill技术进行赋能，让AI自动完成函数发现与注册代码生成，最终实现从“半自动”到“高自动”的跨越，人员全程只需下方指令，并最终配置一下burp即可完成JS逆向的全流程。\n\u003cimg width=\"2064\" height=\"1108\" alt=\"image\" src=\"https://github.com/user-attachments/assets/fc13f276-f667-486a-8506-221c0c55507e\" /\u003e\n\n## 核心能力\n- 基于 MCP 连接真实浏览器，触发并跟踪js加密/签名链路\n- 运行时 Hook 探针：自动捕获 fetch/XHR/crypto 调用栈和参数流转\n- Webpack 模块解析：自动发现 `__webpack_require__`，搜索 module cache 中的加密函数\n- 候选评分系统：7 维度评分 + 真实样本验证，降低误判\n- 全自动服务管理：JSRPC 服务器自动发现/启动，Flask 代理自动启停\n- 一键注入：代码生成 + 浏览器注入 + 注册验证全自动\n- Burp 无缝对接：生成 autoDecoder 配置文档，支持端到端联调\n\n## 项目结构\n```latex\njs-reverse-automation/\n├── SKILL.md                          # 主控文件\n├── references/                       # 参考规范与知识库\n│   ├── output-contract.md            # 输入输出契约\n│   ├── workflow-recon.md             # 阶段流程说明\n│   ├── evidence-collection.md        # 取证方法（Hook/源码/网络）\n│   ├── advanced-entrypoints.md       # 复杂入口场景（Webpack/异步/WASM）\n│   ├── antidebug-patterns.md         # 反调试模式与 Patch\n│   ├── capability-boundaries.md      # 能力边界说明\n│   └── evolution_matrix.json         # 跨任务经验记忆库\n├── scripts/                          # 自动化工具脚本\n│   ├── check_inputs.py               # 输入校验\n│   ├── emit_runtime_hook_probe.py    # 运行时 Hook 探针生成\n│   ├── emit_module_probe.py          # Webpack 模块探针生成\n│   ├── detect_encryption.py          # 加密函数候选评分\n│   ├── emit_jsrpc_stub.py            # JSRPC 注入代码生成\n│   ├── emit_flask_proxy.py           # Flask 代理生成\n│   ├── emit_burp_doc.py              # Burp 文档生成\n│   ├── manage_services.py            # 服务管理（JSRPC/Flask 启停）\n│   ├── validate_artifacts.py         # 全链路校验\n│   └── JsEnv_Dev.js                  # Hlclient WebSocket 客户端库\n├── generated/                        # AI 运行生成的中间代码/配置产物\n│   ├── jsrpc_inject.js               # JSRPC 浏览器端注入代码\n│   ├── flask_proxy.py                # Flask 本地代理服务\n│   ├── burp-autodecoder.md           # Burp autoDecoder 配置文档\n│   └── runtime_hook_probe.js         # 运行时 Hook 探针脚本\n└── artifacts/                        # 运行时的动态状态与报告产物\n    ├── phase0_input.json             # 校验后的输入\n    ├── encryption_candidates.json    # 加密函数候选评分\n    ├── validation_report.json        # 全链路校验报告\n    ├── jsrpc_status.json             # JSRPC 服务状态\n    └── flask_status.json             # Flask 服务状态\n```\n\n## 使用示意\n1. 安装 MCP 服务\n\n```bash\n# Claude Code\nclaude mcp add chrome-devtools -- npx -y chrome-devtools-mcp@latest\n# Codex\ncodex mcp add chrome-devtools -- npx -y chrome-devtools-mcp@latest\n# Gemini\ngemini mcp add chrome-devtools npx -y chrome-devtools-mcp@latest\n```\n2. 将 `js-reverse-automation` 目录放入 Skill 目录，然后输入：\n\n```\n# 第一次建议带上jsrpc路径，后续流程会更稳\nTarget URL: https://xxx.com/login\nParameters To Analyze: password\nOptional Fetch Example: fetch(\"https://xxx.com/api/login\", {\"body\":\"...\",\"method\":\"POST\"})\n```\n等待运行完成【第一次使用会生成产物文件夹】，按输出结果，验证有效性以及配置 Burp 即可。\n\n## 效果检验\n1. 获取输入所需信息【参考如图1、2、3】\n\u003cimg width=\"2182\" height=\"1444\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a0edb08b-ef21-4059-bae5-d9a255a69d30\" /\u003e\n2. 按照模版编写提示词并输入给claude【本次使用的是去除安全限制的claude + mimo-v2.5验证，旨在验证降低模型要求，skills实现效果不变】\n\u003cimg width=\"1810\" height=\"1264\" alt=\"image\" src=\"https://github.com/user-attachments/assets/7703c06a-0f42-4c8d-b2c9-6d18172c1194\" /\u003e\n3. 等待输出结果\n\u003cimg width=\"1380\" height=\"1462\" alt=\"image\" src=\"https://github.com/user-attachments/assets/9419df5c-f876-41ac-bdba-60d13a603445\" /\u003e\n4. 依据结果输出测试即可\n\u003cimg width=\"2216\" height=\"1612\" alt=\"image\" src=\"https://github.com/user-attachments/assets/557946b1-1f68-4ba7-8b6a-f794d0858b18\" /\u003e\n5. 使用完后记得按照指示关闭jsrpc和flask！！！\n\n## 实战案例\n- xx大学：MD5（全局函数） ✅\n- xx大学：SM2 国密 + DOM 公钥 ✅\n- xx网：RSA-2048 + JSEncrypt 懒加载 ✅\n- xx游：RSA-1024 + Webpack 闭包 ✅\n- 某音乐：AES \u0026 RSA 组合 + params / encSecKey 类结构 ✅\n\n案例后续会更新到案例库，敬请期待....\n\n## 引用工具\n- JsRpc：https://github.com/jxhczhl/JsRpc \n- autoDecoder：https://github.com/f0ng/autoDecoder \n- chrome-devtools-mcp：https://github.com/ChromeDevTools/chrome-devtools-mcp/ \n\n## 更新日志\n### v1版本更新记录\n- 2026-05-21: 引入 Phase 9 经验沉淀与对抗库演进\n- 2026-04-10: 补强请求复现、参数入口定位、反检测验证能力\n- 2026-03-19: 添加对抗 AI 识别为高风险操作的能力\n- 2026-03-10: 重构为\"主控文件 + 参考规则 + 生成器 + 校验器\"架构\n- 2026-02-11: 新增 11 个反调试补充技能\n- 2026-02-03: 优化项目结构，支持 Claude/Codex/Trae 平台\n### v2.0 (2026-05-31)\n- **架构优化**：阶段流程从 Phase 0-9 精简为 Phase 0-8，消除冗余步骤，token 消耗减少约**40%**\n- **全自动化**：JSRPC 自动发现/启动、Flask 自动启停、浏览器自动注入，**全程只需配置 Burp**\n- **更强入口定位**：运行时 Hook 探针 + Webpack 模块解析 + 7 维度候选评分，提供更强大、更快速的入口定位能力，**对模型要求降低**\n- **更稳定输出**：capability_boundary 显式声明不支持场景、runtime_health 健康检测、候选验证机制\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFausto-404%2Fjs-reverse-automation--skill","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FFausto-404%2Fjs-reverse-automation--skill","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FFausto-404%2Fjs-reverse-automation--skill/lists"}