{"id":27440190,"url":"https://github.com/do-say-go/devtoolium","last_synced_at":"2025-10-07T03:14:50.200Z","repository":{"id":57368562,"uuid":"408398151","full_name":"DO-SAY-GO/devtoolium","owner":"DO-SAY-GO","description":"📡 expose browser devtools port publicly with TLS and authentication.","archived":false,"fork":false,"pushed_at":"2024-09-10T04:44:01.000Z","size":116,"stargazers_count":17,"open_issues_count":1,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-26T18:49:09.019Z","etag":null,"topics":["authentication","chrome-devtools","chrome-devtools-protocol","chrome-remote-debugging-protocol","devtools","https","https-proxy","remote-debug-protocol","remote-debugging","websocket-proxy","websockets"],"latest_commit_sha":null,"homepage":"https://npmjs.com/package/devtoolium","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DO-SAY-GO.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-20T10:24:09.000Z","updated_at":"2025-02-06T00:44:09.000Z","dependencies_parsed_at":"2024-11-16T07:30:24.592Z","dependency_job_id":"83b42be5-b22d-493e-b04f-b16539f06205","html_url":"https://github.com/DO-SAY-GO/devtoolium","commit_stats":{"total_commits":62,"total_committers":2,"mean_commits":31.0,"dds":"0.30645161290322576","last_synced_commit":"ebfdda2faa9a361f44ea88a254d4d3bc11a2f674"},"previous_names":["crisdosyago/devtoolium","i5ik/serenade","i5ik/devtoolium","i5ik/secure-remote-devtools","do-say-go/devtoolium","dosyago/devtoolium"],"tags_count":16,"template":false,"template_full_name":null,"purl":"pkg:github/DO-SAY-GO/devtoolium","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DO-SAY-GO%2Fdevtoolium","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DO-SAY-GO%2Fdevtoolium/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DO-SAY-GO%2Fdevtoolium/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DO-SAY-GO%2Fdevtoolium/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DO-SAY-GO","download_url":"https://codeload.github.com/DO-SAY-GO/devtoolium/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DO-SAY-GO%2Fdevtoolium/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278713259,"owners_count":26032852,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","chrome-devtools","chrome-devtools-protocol","chrome-remote-debugging-protocol","devtools","https","https-proxy","remote-debug-protocol","remote-debugging","websocket-proxy","websockets"],"created_at":"2025-04-14T22:08:02.088Z","updated_at":"2025-10-07T03:14:50.172Z","avatar_url":"https://github.com/DO-SAY-GO.png","language":"JavaScript","readme":"# [:gem: Devtoolium](https://github.com/i5ik/devtoolium) ![npm](https://img.shields.io/npm/dt/srad?label=v1%20downloads) ![npm](https://img.shields.io/npm/dt/devtoolium) ![npm](https://img.shields.io/npm/v/devtoolium?color=00eeff) [![visitors+++](https://hits.seeyoufarm.com/api/count/incr/badge.svg?url=https%3A%2F%2Fgithub.com%2Fi5ik%2Fdevtoolium\u0026count_bg=%2379C83D\u0026title_bg=%23555555\u0026icon=\u0026icon_color=%23E7E7E7\u0026title=%28today%2Ftotal%29%20visitors%2B%2B%2B%20since%20Sep%2127%202021\u0026edge_flat=false)](https://hits.seeyoufarm.com) \n\n# expose the browser devtools port on the public internet by using https and authentication\n\nThis lets you share devtools pages over the internet using a secure proxy running on a domain you own.\n\nIt also works mostly cross browser.\n\nRemote debugging or the DevTools protocol for JavaScript is normally served insecured via `--remote-debugging-port` option on browsers and Node runtimes. This project adds a secure HTTPS and secure WebSockets server proxy to that endpoint, plus authentication, to let you share and expose these endpoints over the internet only to intended actors.\n\nThis is a self-hosted free open-source product, that you can get on npm, and use it to run a secure proxy server to make browser DevTools securely accessible remotely.\n\nIt adds HTTPS, WSS and authentication to `--remote-debugging-port` to **automate**, **open the inspector**, and **debug** from anywhere and collaborate securely on bugs by sharing the unique login URL. \n\nThis means you can serve the DevTools inspector frontend from a secure HTTPS server with authentication, as well as connect to all the normal devtools API endpoints and target websockets, but they're now encrypted and authenticated.\n\n**Get started:**\n\nMake sre you have certificates for your website (in the example below, *mysite.com*) in your $HOME/sslcerts folder. \n\n```sh\n$ browser --remote-debugging-port=9222\n$ devtoolium 9222:mysite.com:8080\n\n{\n  devtooliumUp: {\n    at: 2021-09-20T12:39:24.942Z,\n    CHROME_PORT: 9222,\n    SERVER_PORT: 8080,\n    loginUrl: 'https://mysite.com:8080/login?token=a24a30ea17c71f6500b963b732cb2b69fb8d853f'\n  }\n}\n```\n\nPort 8080 is now running a HTTPS and WSS (secure websocket) server. It's safe to share with the internet. Pass out `loginUrl` to people you want to be able to connect, inspect and debug that browser.\n\n***DO NOT expose port 9222 (or whatever your browser debugging port is) to the public internet. This is the hole that devtoolium helps secure.***\n\nNow, all the DevTools endpoints will be available to anyone with `loginUrl`, enabling them to connect (via puppeteer, or whatever) to the browser you started, and even debug it via the Devtools inspector frontend.\n\n## How is this done?\n\nNothing fancy folks, just a simple \nHTTPS Proxy and WebSocket Proxy Server with authentication to \nhelp you securely expose DevTools (inlcuding all the endpoints like `/json` and all the `ws://` endpoints for all the targets, and even the **devtools-frontend**: the inspector you see when you open hit Ctrl+Shift+I in your browser). \n\nThis lets you connect to browsers remotely to run automation workloads, or collaborate on bugs, securely, without needing to worry about how `--remote-debugging-port` creates an insecure HTTP server, and unencrypted websockets. Now, everything is encrypted.\n\nPerfect for debugging remotely in collaboration with other humes.\nConnect to and debug remote tabs from any where, and *even run DevTools inspector from any device*\\*.\n\n\\* *It also modifies DevTools inspector files in-flight to try to make them work cross-browser. Right now Firefox and Chrome work completely, while iOS browsers (and Safari) have some issues, but they still load the DevTools inspector front-end just a couple things don't work properly.*\n\n## Background \n\nA version of this tool was originally part of the closed-source paid version of my [secure remote browser](https://github.com/i5ik/ViewFinder), but the secure remote debugging capability proved so useful I decided to package it up, copy it out, and make it its own bona-fide open-source product for everyone to use, for free.\n\nI searched around a bit before doing so, and while I couldn't find any current prior art that was up to date in 2021, here was some prior art that I found:\n\n- [auchenberg/devtools-remote](https://github.com/auchenberg/devtools-remote) - An experimental HTTP and WebSocket proxy for DevTools from 2016\n\n## Get it\n\n```sh\n$ npm i -g devtoolium\n## or\n$ npx devtoolium\n## or\n$ npm i --save devtoolium\n## or\n$ git clone https://github.com/i5ik/devtoolium.git\n$ cd devtoolium/ \n$ npm i\n```\n\n## Use it\n\nFrom the command line:\n\n```sh\ndevtoolium 9222:mysite.com:8888\n```\n\nUsing npx:\n\n```sh\nnpx devtoolium 9222:me.example.com:8080\n```\n\nFrom a NodeJS script:\n\n```javascript\nimport devtoolium from 'devtoolium';\n\ndevtoolium({\n  browserPort: 9222,\n  serverPort: 8888\n}).then(serverStatus =\u003e console.log(`Login URL: ${serverStatus.loginUrl}`));\n```\n\nFrom the repository:\n\n```sh\n$ cd devtoolium/\n$ npm start 9222:mydevtoolium.int:8555\n```\n\n\n## BTW - *Where does the name devtoolium come from?*\n\nIt comes from **se**cure **re**mote '**n**' **a**uthenticated **de**vtools.\n\n## Security\n\nFor security, ***don't expose your browser port (by default 9222) to the public internet***.\n\nThis server uses [helmet](https://github.com/helmetjs/helmet), HTTPS, and WSS (*secure WebSockets*).\n\nOnce you start `devtoolium` (either via the command line or from the library) you will receive a login URL. That URL can be used to log you on to the secure DevTools server. Without it you will not be able to access any DevTools endpoints. Pass it out to those frens you wish to collaborate with on the solvage, ever venerable, of the buggs.\n\n**devtoolium** uses cookie authentication to prevent unauthorized connections. The need for a secure remote connection utility for DevTools is [well known](https://bugs.chromium.org/p/chromium/issues/detail?id=813540)\n\n## Certificates\n\nBy default, devtoolium looks for TLS certificates *(`cert.pem, chain.pem, fullchain.pem  and privkey.pem`)* in `path.resolve(os.homedir(), 'sslcerts')` *(`$HOME/sslcerts` on Windows)*. You can override that with the `certBasePath` option. \n\n`devtoolium` will ***always*** throw an error and fail is certificates are not found.\n\n## API \n\nAll the options you see below can be accessed via script using their camel-cased variants. Globally installed command line usage (`npm i -g devtoolium.devtools@latest`) is shown for demonstrative purposes. The command line API is equivalent whether you use `npx` or `npm start` from the repository to run it.\n\n### Basic Use\n\nThe command line has a very simple format:\n\n\u003e devtoolium \u003cBROWSER_PORT\u003e:\u003cDOMAIN_NAME|IP_ADDRESS\u003e:\u003cSERVER_PORT\u003e [certificatesPath]\n\nWhere `DOMAIN_NAME|IP_ADDRESS` is that of the server you run `devtoolium` on.\n\nAnd `certificatesPath` is an optional file system path to override the default location to look for [certificates](#Certificates).\n\n### Browser Port\n\nThe port that you have exposed the remote debugging protocol on, via the `--remote-debugging-port` Chrome command line argument. Simple the first positional argument after the command. I.e, say your browser is on port 51386, you'd start a server that is running remote DevTools with. For exmaple, to get up and running with chrome headless, make sure you have chrome installed, then try the following:\n\n```sh\n\n$ google-chrome-stable --headless --remote-debugging-port=51386\n$ devtoolium 51386:mysite.example.com:8080\n\n{\n  devtooliumUp: {\n    at: 2021-09-20T12:39:24.942Z,\n    CHROME_PORT: 51386,\n    SERVER_PORT: 8080,\n    loginUrl: 'https://mysite.example.com:8080/login?token=a24a30ea17c71f6500b963b732cb2b69fb8d853f'\n  }\n}\n\n```\n\nThere's no default, you must always specify a browser port. If the browser is not running on that port, `devtoolium` will thrown an error. \n\n### Background\n\nRun it in the background, like so:\n\n```sh\n$ devtoolium 51386:doppelgange.pointbyne.org:8888 \u0026\n```\n\nOr using pm2:\n\n```sh\n$ pm2 start devtoolium 9222:example.spacedemons.com:8433\n```\n\n## Server Port\n\nThere's no default port, so you must always specify a server port.\n\n### Technical Details and Limitations\n\nBy default the Chrome DevTools Frontend does not work cross-browser. It only works in Chrome. This is not a policy of the DevTools team, simply because they don't have the bandwidth to support this right now. \nI [opened a PR to bring cross-browser support to DevTools](https://github.com/ChromeDevTools/devtools-frontend/pull/165), but until and unless we make it happen, I am having `devtoolium` patch the DevTools frontend resources *in-flight* via the proxy, so it can work in any browser.\n\nBecause of this ad-hoc, \"off-branch\" solution, and given the fact that each version of Chrome may ship with a slightly different version of the DevTools front-end, you may find it breaks at any time.\n\n### Other disclaimers\n\nThis project has zero association, endorsement or any relationship with with Google, Chrome, the Chrome Dev team, Chrome DevTools front-end or any of the authors.\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdo-say-go%2Fdevtoolium","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdo-say-go%2Fdevtoolium","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdo-say-go%2Fdevtoolium/lists"}