Man in the Middle — Modify requests, inject JavaScript and CSS into pages.
source link: https://www.tuicool.com/articles/hit/YFzeeeZ
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Man in the Middle
Firefox Extension.
Allow user to block or redirect requests, modify headers and response body, inject JavaScript and CSS into pages.
Get Man in the Middle on Firefox Add-ons.
writing rules.
Screenshots
Use Blocking Rules to block or redirect requests.
Use Header Rules to modify request and response headers.
Headers can be modified using JavaScript.
Use Response Rules to modify network responses.
Use Content Scripts to inject JavaScript and CSS codes into pages.
Content Scripts can even be injected to the extension's pages.
Rules
Blocking Rules
Rules to block or redirect requests.
Header Rules
Rules to modify request and response headers.
Response Rules
Rules to modify network responses.
Content Scripts
Rules to inject JavaScript and CSS into pages.
Properties
URL filters
Filter request URL
s or document URL
s.
- Separator:
line break
, i.e,'\n'
,'\r'
or'\r\n'
. - A
URL
is satisfied if it matches at least one of the filters.- A
URL
matches a filter if it matches theRegExp pattern
or includes theString filter
.
- A
Method
Filters request method
s.
- Value can be one of the HTTP request methods, i.e,
'GET'
,'POST'
,'HEAD'
, etc. - A
request method
is satisfied if it equals to themethod
.
Redirect URL
A URL
to redirect request
s to.
- If not set, matched requests are blocked.
- Parameters
'$n'
(1 <= <int>n <= 100
), in aredirect URL
are replaced with capture groups fromRegExp pattern
. - Examples:
Force HTTPS for all network requests. URL filter: /^http:(.*)/ Redirect URL: https:$1
Origin URL filters
Filter document URL
s.
- Separator: comma
','
. - A
document URL
is satisfied if one of the following is satisfied:- No
filter
is set (default); - The
document URL
matches one of the filters.- A
document URL
matches a filter if it matches theRegExp pattern
or includes theString filter
.
- A
- No
Text headers
To modify request or response headers.
- Format:
Plaintext
orRestricted JavaScript. - Type
Plaintext
:
Pair
s of headers.- Separator:
line break
, i.e,'\n'
,'\r'
or'\r\n'
. - A
Pair
is of the format:name: value
.- If
name
is empty, the header is omitted. - If
value
is empty, the header with the namename
is removed if it exists, or the header is omitted. - If a header with the name
name
exists, the header is modified. If there're more than one existing, the first is modified. - If no header with the name
name
exists, a new header is added.
- If
- Examples:
This overrides the default Accept header Accept: *
This removes Referer header if it exists Referer:
This adds new headers to the request Test-0: On Test-1: Off
- Separator:
- TypeRestricted JavaScript:
Returns request or response headers.- The code must
return
an array of objects, each objects has two properties:'name'
and'value'
. - Depending on, the code will be passed an argument
requestHeaders
orresponseHeaders
, which is the list of the existing headers. - Examples:
// Header type: Request headers const acceptHeader = requestHeaders.find(({name}) => ( name.toLowerCase() === 'accept' )); // Accept: * acceptHeader && acceptHeader.value = '*'; return requestHeaders;
// Header type: Request headers const refererHeaderIndex = requestHeaders.findIndex(({name}) => ( name.toLowerCase() === 'referer' )); // Remove Referer header if (refererHeaderIndex !== -1) { requestHeaders.splice(refererHeaderIndex, 1); } return requestHeaders;
// Header type: Response headers responseHeaders.push({ name: 'Set-Cookie', value: 'Firefox-Extension=Man in the Middle; HttpOnly', }); return responseHeaders;
- The code must
Text type
'Plaintext'
or 'JavaScript'
.
Header type
'Request headers'
or 'Response headers'
.
Text response
To modify network responses.
- Format:
Plaintext
orRestricted JavaScript. - Type
Plaintext
:
Any text as response body. - TypeRestricted JavaScript:
Returns response body.- The code must
return
a string which is the response body. - The code will be passed an argument
responseBody
, which is the response from the server. - Examples:
// Site: http://internetbadguys.com/ return `<!DOCTYPE html> <html> <head> <meta charset="utf-8"> </head> <body> <h1>Bad guys are ${( responseBody.includes('phish.opendns.com/?url=') ? 'blocked' : 'coming' )}!</h1> </body> </html>`;
- The code must
Code
JavaScript
or CSS
code to be injected.
Script type
'JavaScript'
or 'CSS'
.
DOM event
A stage of the DOM
loading on which the code is injected.
- Can be one of the following values:
Loading Loaded Completed
Formats
RegExp pattern
Begins with a slash '/'
and ends with a slash '/'
.
- The characters inside the two slashes must form a valid RegExp, otherwise, the pattern is treated as a.
- Examples:
/./ /faceb(\w{2})k\.[\w]+/
String filter
A string that is not a.
- Examples:
http facebook.com /invalid { RegExp/
Restricted JavaScript
A JavaScript function body that will be executed inside a sandbox.
- The code may access only built-in objects and some APIs, which are:
-
Object
,Array
,String
,RegExp
,JSON
,Map
,Set
,Promise
, ...built-in objects; -
isFinite
,isNaN
,parseInt
,parseFloat
; -
encodeURI
,encodeURIComponent
,decodeURI
,decodeURIComponent
; -
crypto
,performance
,atob
,btoa
,fetch
andXMLHttpRequest
.
-
- The function is
async
, hence,await
can be used to perform asynchronous tasks. - The code should always
return
a value.
Others
- If you have questions or need help, feel free to message me at: Facebook/dangkyokhoang .
- If you have feature requests, suggestions, or you've found bugs, raise issues at: Man-in-the-Middle/issues .
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK