FoxHound

Agent Browser Bridge for Firefox.

FoxHound lets an AI agent drive your Firefox profile end to end. Open tabs, click and fill forms, capture HTTP traffic, read and write cookies and storage, observe page WebSockets, postMessage traffic, service workers, and more, all from a local authenticated link to your machine.

It is two pieces that talk to each other:

• A Firefox add on installed from the Mozilla Add ons store.
• A small MCP server installed from npm. Your AI client (Claude Code, Claude Desktop, Cursor, Antigravity, or anything that speaks MCP) talks to that server, the server talks to the add on. Everything stays on your machine. No telemetry, no third party calls.

Install

1. Install the Firefox add on

Open the Mozilla listing and click Add to Firefox:

https://addons.mozilla.org/firefox/addon/foxhound-mcp

2. Install the MCP server

npm install -g foxhound-mcp

That is it. foxhound-mcp is now a command on your PATH.

2.1 (optional) verify the install

foxhound-mcp --help          # show usage and the MCP config snippet
foxhound-mcp --version       # print the installed version
foxhound-mcp --tools         # list every MCP tool the server exposes
foxhound-mcp --doctor        # check Node version, secret, and port availability

3. Configure your MCP client

Open the FoxHound add on (toolbar icon plus settings cog), go to MCP Client Configuration, copy the JSON, and paste it into your client.

The JSON looks like this. The secret is filled in for you in the options page so you do not have to copy it manually.

{
  "mcpServers": {
    "foxhound": {
      "command": "foxhound-mcp",
      "env": {
        "FOXHOUND_SECRET": "<your secret from the add on>",
        "FOXHOUND_PORT": "9339"
      }
    }
  }
}

Where to paste it depends on the client:

• Claude Code: your ~/.claude.json under mcpServers.
• Claude Desktop: claude_desktop_config.json.
• Cursor: Settings, MCP, edit JSON.
• Antigravity: Settings, MCP servers.

Restart the client. The add on popup should switch to Connected.

What you can do

Once connected, ask your agent to:

• Open URLs, switch tabs, fill forms, click elements, run JavaScript in a tab, wait for elements or navigations, upload files into <input type=file>, and screenshot the page or any single element.
• Capture every HTTP request and response, including bodies. Each captured request is tagged with the PwnFox container it came from, so the agent always knows which Firefox profile session a request belongs to. Replay any request through that same container, optionally with modified headers, body, method, or URL.
• Read and write cookies per domain and per container, list cookies across every container in one call, export and import cookie jars in JSON or Netscape format.
• Read and write localStorage, sessionStorage, IndexedDB, and Cache Storage. Snapshot every storage layer for a tab origin in one call as a before and after primitive.
• Inspect what the page already runs without injecting anything new: registered postMessage listeners, live postMessage traffic, WebSocket frames, Web Workers, service workers (scope, scriptURL, state), route changes (pushState, replaceState, popstate, hashchange), uncaught errors, unhandled rejections, CSP violations, dangerous DOM sinks (innerHTML, document.write, eval, Function), crypto.subtle calls, clipboard reads and writes, form submits, and console output.
• Pause requests matching a URL pattern and forward them on demand for active testing.
• Run a one call snapshot that returns the active tab, container, frame tree, cookie summary, storage summary, and live hook event counts in a single response.

Privacy

• Talks only to a WebSocket server bound to 127.0.0.1.
• Messages are signed with HMAC-SHA256.
• The shared secret is generated locally on first run and stored in browser.storage.local. It never leaves your machine.
• No analytics, no telemetry, no remote code, no third party SDK.

Requirements

• Firefox 115 or newer.
• Node.js 20 or newer.

Author

Built by Amr Elsagaei for security research.