SuperSurf
Open-source browser automation for AI agents. Any model. Real browser.
Get Started
Install and configure
How It Works
Architecture overview
Browser Tools
30+ automation tools
Security
Privacy-first design
Comparison
vs. Puppeteer, Selenium, Playwright
How It Works
Extension-based architecture. No headless browser. No synthetic profile.
Content Script First
All DOM reads and writes go through content scripts in Chrome's isolated world. CDP is only used for screenshots, network, and PDF. Page JS never sees the automation.
Real Profile
Your cookies, history, localStorage, and installed extensions are all present. No synthetic launch flags. The browser looks and behaves like a human's browser.
CI Ready
Sideload without user interaction via Chrome's --load-extension flag. Automation-ready from the command line.
30+ Browser Tools
Everything your AI agent needs to operate a real browser.
Navigation & Tabs
Create, close, and switch tabs. Navigate to URLs, go back/forward, reload. Stealth mode support for bot-sensitive sites.
3 toolsPage Interaction
Click, type, scroll, hover, drag, press keys, upload files, select dropdowns, and handle dialogs. Full input simulation.
5 toolsDOM Inspection
Accessibility tree snapshots, element lookup by text, content extraction as clean markdown, computed CSS inspection.
5 toolsCapture & Export
Screenshots (viewport, full page, element crop), PDF export, file downloads, clickable element highlighting.
3 toolsNetwork & Console
Monitor network traffic with JSONPath filtering, replay requests, read console output. Full Web Vitals and performance metrics.
3 toolsForms & Credentials
Batch form filling, drag-and-drop, and secure credential injection from environment variables. Agent never sees raw passwords.
3 toolsJavaScript Evaluation
Execute JS in page context with optional AST-based security analysis. Blocks dangerous patterns before they run.
1 toolAssertions
Verify text or elements are visible on the page. Built-in validation primitives for your agent's test workflows.
2 toolsExtensions & Storage
List installed extensions, hot-reload unpacked extensions, inspect and modify localStorage and sessionStorage.
3 toolsSecurity & Privacy First
Built for developers who don't compromise on trust.
🔒 Zero Data Collection
No telemetry, no analytics, no tracking. SuperSurf doesn't collect, transmit, or store any personal data. Period.
🏠 Localhost Only
All communication happens over a WebSocket bound to 127.0.0.1. Nothing leaves your machine through the extension.
🔑 Secure Credentials
Passwords and secrets are resolved from local environment variables. The AI agent only sees variable names, never raw values. Typed char-by-char with random delays.
👀 Isolated Scripts
Content scripts run in Chrome's isolated world. Page JavaScript cannot detect, observe, or interfere with automation activity.
📦 Zero Dependencies
The extension has zero runtime dependencies. Browser APIs only. No supply chain risk from third-party packages.
📑 Fully Open Source
Every line of code — server and extension — is public on GitHub. Apache 2.0 licensed. Read it, audit it, fork it. No obfuscation, no hidden binaries.
Experimental Features
Toggle cutting-edge capabilities per session.
Page Diffing page_diffing
After interactions, returns only the DOM changes instead of requiring a full re-read. Includes a confidence score so your agent knows when to request a full snapshot.
Smart Waiting smart_waiting
Replaces fixed navigation delays with adaptive DOM stability detection and network idle monitoring. Your agent stops guessing when a page is ready.
Mouse Humanization mouse_humanization
Replaces instant cursor teleportation with human-like Bezier trajectories, overshoot correction, and idle micro-movements. Based on real mouse dynamics research.
Secure Eval secure_eval
Two-layer defense for browser_evaluate: server-side AST parsing blocks dangerous patterns, extension-side Proxy membrane traps blocked API access before execution.
Storage Inspection storage_inspection
Enables the browser_storage tool for reading, writing, and clearing localStorage and sessionStorage on any page.
How SuperSurf Compares
Extension-based automation vs. the alternatives.
| SuperSurf | Puppeteer | Selenium | Playwright | |
|---|---|---|---|---|
| Real browser profile | Yes | No | No | No |
| Cookies & history intact | Yes | Fresh profile | Fresh profile | Fresh profile |
| Undetectable by page JS | Isolated world | CDP leaks | WebDriver flag | CDP leaks |
| navigator.webdriver | Clean | Exposed | Exposed | Exposed |
| Secure credential fill | Env var isolation | Plaintext | Plaintext | Plaintext |
| MCP native | Yes | No | No | No |
| Extension as human signal | Yes | No extensions | No extensions | No extensions |
| Multi-agent sessions | Daemon | Single | Single | Single |
| Framework detection | 40+ frameworks | No | No | No |
Quick Start
Two ways to get up and running.
Chrome Web Store
Recommended for most users
Install the MCP server
npm install -g supersurf-mcpAdd SuperSurf to your MCP client config and start automating
Manual / Unpacked
For development or offline use
Download the latest release .zip from GitHub
Extract the zip and open chrome://extensions
Enable Developer mode, click Load unpacked, and select the extracted folder
Install the MCP server
npm install -g supersurf-mcp
Open Source. Free to Use.
Install the extension, run the MCP server, and give your AI agent a real browser. Every line of code is on GitHub. If SuperSurf helps you, give us a star!