MCP Directory

auth-fetch-mcp

Let AI assistants fetch content from authenticated web pages via a real browser login.

Unverified
stdio (local)
No auth
TypeScript
View repo 30 Website npm

Add to your client

Copy the config for your MCP client and paste it into its config file.

Install / run
claude mcp add --scope user auth-fetch -- npx auth-fetch-mcp@latest

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "auth-fetch-mcp": {
      "command": "npx",
      "args": [
        "auth-fetch-mcp@latest"
      ]
    }
  }
}

Step-by-step guides: Add to Claude Desktop · Add to Cursor · Add to Windsurf

Before you start

  • A local environment (does not work in web-based chat interfaces)
  • Node.js with npx (server is run via `npx auth-fetch-mcp@latest`)
  • Chromium is auto-installed on first run if not already present
  • An MCP-compatible client using stdio transport (Claude Code, Cursor, Windsurf, etc.)

About auth-fetch-mcp

An MCP server (stdio) that fetches content from authenticated web pages using a real Chromium browser. When a page requires login, a browser window opens so you can sign in (SSO/2FA/CAPTCHA supported); you then click a Capture button and the cleaned HTML is returned to the AI. Login sessions persist locally so each service only needs a one-time login, and a download_media tool reuses saved cookies to download files. Chromium is auto-installed on first run.

Tools & capabilities (4)

auth_fetch

Primary tool. Fetches page content using a real browser, opening a window for login if needed. Returns cleaned HTML with noise elements (nav, footer, scripts, etc.) stripped and media tags (<img>, <video>, <iframe>) preserved. Params: url (string, required, http/https only); wait_for (string, optional CSS selector to wait for before capturing, useful for SPAs).

download_media

Downloads files from URLs using saved browser sessions — use it to lazily download images, videos, or other files found in auth_fetch results; saved cookies handle authentication automatically. Params: urls (string[], required, http/https only); output_dir (string, optional subdirectory under ~/.auth-fetch-mcp/downloads/, absolute paths or escaping `..` rejected; defaults to a timestamped folder).

list_pages

Lists all open tabs in the browser with their URLs and titles.

close_browser

Closes the browser window. Login sessions are saved and will be reused next time.

What this server can do

auth-fetch-mcp provides tools for these capabilities — tap one to see every MCP server that does the same:

Automate a browser

When to use it

  • Let an AI read pages behind a login (e.g. a Notion page) by signing in once in a real browser
  • Capture article or document content from sites requiring SSO, 2FA, or CAPTCHA
  • Download images, videos, or files referenced in a captured page using saved session cookies
  • Scrape single-page apps by waiting on a CSS selector before capture

Security notes

All data is stored locally under ~/.auth-fetch-mcp/ and nothing is sent to external servers; captured HTML is never written to disk (passed only over the stdio pipe). To prevent SSRF from prompt injection, both auth_fetch and download_media validate every URL: only http/https schemes are allowed, and the resolved IP is rejected if it falls in private, loopback, link-local, CGNAT, or multicast ranges. download_media also constrains output_dir to stay inside ~/.auth-fetch-mcp/downloads/. Private/LAN hosts can be opted in via AUTH_FETCH_ALLOW_PRIVATE or AUTH_FETCH_ALLOW_HOSTS, but doing so re-opens those hosts to any prompt the LLM processes.

auth-fetch-mcp FAQ

Do I have to log in every time?

No. Browser sessions (cookies, local storage) are saved locally under ~/.auth-fetch-mcp/browser-data/ and reused across restarts, so each service only needs a one-time manual login.

Is my page content or login data sent anywhere?

No. All data stays on your machine. Captured HTML is never written to disk — it passes directly to the AI over the stdio pipe — and sessions are stored locally as a standard Chromium profile.

Can it access a dev server or host on my LAN?

Private, loopback, and link-local hosts are blocked by default to prevent SSRF. You can opt in with AUTH_FETCH_ALLOW_PRIVATE=1 (most permissive) or a narrow AUTH_FETCH_ALLOW_HOSTS allowlist, but only in trusted environments since this re-opens those hosts to any prompt the LLM processes.

Are there limits on page size?

Very long pages are truncated to fit LLM context windows (100K chars). Some sites with aggressive bot detection may not work — try the wait_for option.

#web-scraping#browser#authentication#playwright#fetch#chromium#html

Alternatives to auth-fetch-mcp

Compare all alternatives →
Browser MCP
Browser Automation
6.7k

Automate your existing browser with AI using your real profile, logged-in sessions, and stealth fingerprint.

Unverified
stdio (local)
No auth
Stale
TypeScript
13 tools
Updated 1 year agoRepo
Bright Data MCP
Browser Automation
5.0k

All-in-one web access MCP — Web Unlocker, SERP, Scraper API, and a cloud Scraping Browser.

Verified
stdio (local)
API key
JavaScript
12 tools
Updated 26 days agoRepo
Peekaboo
Browser Automation
4.8k

macOS screen capture, AI visual analysis, and full GUI automation for AI agents.

Unverified
stdio (local)
API key
Swift
28 tools
Updated 3 days agoRepo

Compare auth-fetch-mcp with:

vs Browser MCPvs Bright Data MCPvs Peekaboovs Playwright MCP (ExecuteAutomation)