Docs

Everything you need to get started.

Quick start

1. Install everything

npx iframer-toolkit install

Downloads Chromium and registers the MCP server + /iframer skill in Claude Code. Restart Claude Code after. To remove: npx iframer-toolkit remove

2. (Optional) Install separately

npx iframer-toolkit install chromium
npx iframer-toolkit install mcp

3. Talk to your agent

"Log into my account and get my latest messages"

Browser modes

headless

Default. Fast, no display needed. Best for data extraction and most automations.

binary-headful

Opens a real Chromium window on your desktop. iframer auto-escalates to this when a site detects headless.

docker-headful

Self-hosted Docker. Headful browser runs invisibly in a container — watch it live via noVNC at localhost:6080. Your home IP, no window on your desktop.

iframer auto-selects and auto-escalates: headless → binary-headful → docker-headful. CAPTCHA solving works in all modes and requires an Anthropic API key.

Environment variables

ANTHROPIC_API_KEY

Optional

Required for auto CAPTCHA solving (reCAPTCHA + hCaptcha)

IFRAMER_SECRET

Optional

Auth + encryption key — auto-generated on first run

IFRAMER_DATA_DIR

Optional

Storage directory (default: ~/.iframer)

IFRAMER_MODE

Optional

Force “local” or “docker” mode

MCP Tools

status

Full state in one call — API health, active session, stored credentials.

browse

Headless fetch with session persistence. Fast, no interaction.

execute

Run a pipeline of browser steps. Auto-starts session, handles captchas.

session

Stop (save state) or clear (wipe) the browser session.

credentials

Store, list, or use encrypted login credentials.

knowledge

Query cached domain knowledge — login flows, selectors, known obstacles.

reverse-engineer

Capture a site's API — records all XHR/fetch calls, auth, cookies, and saves .js/.ts client files.

Pipeline steps

Use with the execute tool. Steps run sequentially with a 20s stale-state timeout.

navigate

url

Go to URL

click

selector

Click element

human-click

selector | x,y

Human-like click

human-type

selector, value

Human-like typing

fill

selector, value

Fast fill

extract

expression

Evaluate JS, return result

evaluate

expression

Run JS (no return)

screenshot

—

Capture current state

scroll

deltaY?

Scroll page

wait

Wait

wait-for

selector

Wait for element

keyboard

key

Press key

domain

Fill login with stored creds

solve-captcha

—

Auto-detect and solve (requires ANTHROPIC_API_KEY)

API reverse engineering

Use the reverse-engineer tool to capture a site's API while your agent browses it. It records every XHR/fetch request — including auth tokens, cookies, headers, and response bodies.

How to use it

"Reverse engineer the messaging API on this site"

The agent runs the same pipeline steps as execute, but records all network calls the page makes.

What it saves

auth.js

Shared cookies, tokens, Authorization header

getMessages.js

One file per endpoint — async function using fetch with auth

index.js

Re-exports all endpoint functions

README.md

Endpoint summary and dependency chain

Ask for TypeScript output to get .ts files with inferred types from the captured response bodies.

Security

—Credentials encrypted with AES-256-GCM using IFRAMER_SECRET via HKDF
—Sessions (cookies + localStorage) encrypted before writing to SQLite
—AI model never receives credential values — only success/failure
—Write-only credential API — no endpoint returns stored passwords
—IFRAMER_SECRET auto-generated and persisted to ~/.iframer/secret on first run

CLI

iframer install

Install Chromium + MCP (skip if already installed)

iframer install chromium

Download Chrome for Testing

iframer install mcp

iframer remove

Remove Chromium + MCP

iframer remove mcp

Unregister MCP from Claude Code and Codex

iframer status

Check system state and available modes

iframer credentials add <domain>

Store encrypted login credentials

iframer credentials list

List domains with stored credentials

iframer credentials remove <domain>

Delete credentials for a domain

iframer screenshot <url>

Take a screenshot

iframer browse <url>

Headless fetch with JS rendering

iframer session stop

Stop session and save cookies

iframer session clear

Wipe all session data

Home GitHub

Open source · MIT license · 2026