Does Tor Browser Support WebDriver BiDi or CDP for Automation in Remote Browser Isolation?

Support Tor Browser Desktop
1

Hello Tor Project community,

I’m working on a remote browser isolation project called BrowserBox (GitHub: GitHub - BrowserBox/BrowserBox: 💚 Secure remote browsing anywhere.), which runs browsers on a server to isolate web content from the client’s machine, enhancing security and privacy. Currently, BrowserBox supports routing a Chromium-based backend through Tor via SOCKS5 or operating as a Tor hidden service for added anonymity. However, I’m aware that SOCKS5 routing may introduce potential leaks compared to Tor Browser’s self managed version.

Inspired by recent Tor Project tools using network namespaces (oniux), I’m exploring a more robust integration by using Tor Browser as a backend for remote browsing. This would allow clients to connect to a Tor Browser instance running on a server, either over the clearnet or as a hidden service, potentially offering stronger privacy guarantees. Such a setup could also be deployed in privacy-focused environments like Tails.

My question is whether Tor Browser, based on Firefox ESR, supports the WebDriver BiDi protocol or the deprecated Chrome DevTools Protocol (CDP) for browser automation:

  • Does Tor Browser include WebDriver BiDi support, as seen in recent Firefox releases (e.g., Firefox 129, where it’s production-ready for tools like Puppeteer)? Are there Tor-specific patches that might disable or limit this functionality?
  • For CDP, I understand Firefox is phasing it out by late 2024 in favor of WebDriver BiDi. Is CDP functional in Tor Browser’s current release, or is it disabled due to security restrictions?

Support for either protocol would enable programmatic control of Tor Browser in a remote setup, eliminating reliance on SOCKS5 and aligning with Tor’s best practices. For context, BrowserBox is a source-available, commercial tool (requiring a license key), and my goal is to assess the feasibility of this integration for privacy-focused use cases, not to promote it. More details are available at GitHub - BrowserBox/BrowserBox: 💚 Secure remote browsing anywhere.

Any insights, documentation pointers (e.g., Tor Browser’s automation capabilities or differences from upstream Firefox), or guidance would be greatly appreciated. Happy to clarify any technical details!

1 Like
2

The short answer to your question appears to be “yes”. Puppeteer announced support for Firefox last year (via BiDi) and AFAICT Tor Browser does not block this functionality. As I have been experimenting with Firefox’s BiDi support recently I thought I’d try it out.

If I start Tor Browser like so:
$ ~/tor-browser/Browser/start-tor-browser -l --remote-debugging-port
The default log file created at tor-browser/tor-browser.log contains the following entries:

WebDriver BiDi listening on ws://localhost:9222
DevTools listening on ws://localhost:9222/devtools/browser/3be2bf65-a0be-4d04-b8b7-dcaff5aab0b4

So far so good. I tried a proof of concept (with Ruby’s Puppeteer library) and the browser did try and navigate to the page I requested. I say “try” as I’ve not yet managed to figure out how to get the library to either use TB’s default profile or add prefs to a new one. extensions.torlauncher.prompt_at_startup needs to be set to false so the browser connects to the network at startup). As tor had not bootstrapped the above experiment resulted in a network proxy error - but this itself is proof that the browser did try and navigate to the requested page.

remote.active-protocols is set to 3 by default in the latest version of TB (as it is in Firefox 128 ESR) which means both CDP and BiDi are enabled. As you noted, CDP is being dropped and BiDi is definitely the way to go, especially with the new ESR release (140) due out in just 3 weeks now.

Programmatic control of Tor Browser this is definitely possible. There exists a Selenium library for Tor Browser for Python and I maintain a Ruby one myself on GitLab.

Best of luck with your project.

Update:

Connecting to the websocket address (derived as described above) of an existing Tor Browser instance worked fine. Puppeteer navigated to https://check.torproject.org and took the screenshot below :slight_smile:

tor
tor800×600 34 KB

1 Like
3

Hey @Noino thank you! That is really cool that you did that, really cool.

4

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.