What is automated form filling?

It is software that fills out and saves forms on a web app for you. The hard version, and the useful one, is doing it on a logged-in site that has no API, where the tool has to be authenticated as you, find the right fields, save the data, and confirm the save actually stuck.

Does this work on sites that require a login?

Yes, that is the whole point. It reuses your real, already-logged-in browser session instead of automating a username and password, so it works on authenticated apps like Moz Local and Google Business Profile without ever hitting a login screen or a two-factor prompt.

Will it interfere with my own browser or my open tabs?

No. It reads a copy of your browser's session and runs a completely separate, sandboxed profile. Your real browser is never touched, locked, restarted, or opened a second time.

Is it safe to let software handle my logged-in session?

The session is treated as a sensitive token: stored in a secure vault, never written to a log, and destroyed after each run. It only runs on your own machine, which is also what makes the session trusted by the site.

How is this different from a generic browser automation tool?

Generic tools read a screenshot and click by pixel, which misfires on dense forms, and many require closing your browser first. Ours reads the page structure to find fields exactly, never touches your running browser, verifies every save by reloading, and runs from your own machine so the site trusts the session.

Autonomous Browser Fill: AI That Fills Logged-In Profiles No API Exposes

TL;DR. JustinHarris.AI, the Las Vegas AI Consultant, built automated form filling for logged-in web apps that have no API: Moz Local, Google Business Profile, citation directories, dashboards. It reuses your real session, fills the form, and proves the save by reloading. Proven 68 of 68 cookies on Moz Local, zero logins, zero browser disruption.

What automated form filling means when there is no API

Most of the systems that grow a local business sit behind a login on a web app with no public connection point. Moz Local, Google Business Profile, citation directories, ad platforms, client dashboards. There is no clean way to send data in programmatically, so the work falls to a person typing into a form, profile by profile, account by account. Automated form filling is the answer, but the logged-in part is what makes it hard. A tool has to be authenticated as you, find the right field on a page that was never designed for machines, type the value, save it, and confirm the save actually stuck. Do that reliably across many accounts and you have removed one of the largest, dullest time sinks in marketing operations.

Why off-the-shelf browser automation breaks on real apps

The obvious approaches fail in predictable ways, and it is worth naming them so the design choices make sense:

Automating the login itself breaks the moment two-factor authentication appears, and a fresh login from a new place trips the site's anti-bot defenses.
Generic screenshot-and-click agents misread which field is which on dense forms, so they put the right value in the wrong box.
Cloud browser services run from a datacenter, so the login cookie does not match the address it was issued to and the site rejects it.
Most consumer tools that connect to your browser demand you close it first, which is a non-starter when your browser is locked open with dozens of tabs.

How our automated form filling actually works

We took the opposite approach on every one of those failure points. Instead of automating a login, we reuse the login you already did: we read a copy of your browser's session while it keeps running, decrypt it, and hand that session to a separate, sandboxed browser. That separate browser is now logged in as you, and your real browser was never touched, locked, or restarted. Instead of reading a screenshot and clicking by pixel, the system reads the page's accessibility structure and finds the exact field every time. Instead of trusting that a save worked, it reloads the page and reads the values back, so a form is never reported as done unless the data is actually there. And it runs on your own machine, which is the quiet advantage: the session belongs to your address, so the site trusts it the same way it trusts you.

The proof: 68 of 68 on Moz Local

This is not a concept. We ran it end to end on Moz Local, one of the harder authenticated apps to automate, filling out a complete business profile for our own company. All 68 session cookies decrypted and injected cleanly, the agent landed fully authenticated without a single login prompt, the profile was filled and saved, and the save was confirmed by reloading the page and reading every field back. The result is reproducible: it works again after restarts, not just once. We keep the screenshots as proof, and the same capability points at any other logged-in app with no API.

The hard parts: the widgets real forms are made of

Real apps almost never use plain text boxes, and that is where naive automation quietly fails. We wrote down a fix for each pattern as we hit it, so each one is solved once and reused everywhere after. Rich-text fields that append instead of replace get cleared properly so the page's own validator fires. Styled checkboxes that ignore a fake click get a real click on their label. Fields hidden on an inactive tab, which render at zero size and cannot be filled, get their tab activated first. Typeahead dropdowns that only react to live typing get the keystroke they expect, then a click on the matching option. And because platforms reformat what you enter, a phone number for instance, we verify by meaning rather than by exact characters. None of this is glamorous, and all of it is the difference between a form that fills and a form that breaks.

Why this is built the way it is, and what it unlocks

Every design choice traces back to one rule: never disturb your browser, never log in, never lie about a save. That is why it reads a copy of your cookies instead of attaching to your live browser, why it runs a separate profile, why it stays on your own machine, and why it reloads to verify. The payoff is leverage. One operator can now maintain listings, profiles, and dashboards across far more client accounts than a person could by hand, because the dull, repeatable data entry runs itself and reports back with evidence. It is a reusable capability, not a one-off script, which means every new logged-in app it learns becomes another place the work stops being manual.

Related work

Get your free AI Audit and we will show you which of your repeatable, logged-in workflows can run themselves, with proof. Get your free AI Audit.