Man in the Middle — Modify requests, inject JavaScript and CSS into pages.

Man in the Middle

Firefox Extension.

Allow user to block or redirect requests, modify headers and response body, inject JavaScript and CSS into pages.

Get Man in the Middle on Firefox Add-ons.

writing rules.

Screenshots

Use Blocking Rules to block or redirect requests.

Use Header Rules to modify request and response headers.

Headers can be modified using JavaScript.

Use Response Rules to modify network responses.

Use Content Scripts to inject JavaScript and CSS codes into pages.

Content Scripts can even be injected to the extension's pages.

Rules

Blocking Rules

Rules to block or redirect requests.

Header Rules

Rules to modify request and response headers.

Response Rules

Rules to modify network responses.

Content Scripts

Rules to inject JavaScript and CSS into pages.

Properties

URL filters

Filter request URL s or document URL s.

• Separator: line break , i.e, '\n' , '\r' or '\r\n' .
• A URL is satisfied if it matches at least one of the filters.
  • A URL matches a filter if it matches the RegExp pattern or includes the String filter .

Method

Filters request method s.

• Value can be one of the HTTP request methods, i.e, 'GET' , 'POST' , 'HEAD' , etc.
• A request method is satisfied if it equals to the method .

Redirect URL

A URL to redirect request s to.

• If not set, matched requests are blocked.
• Parameters '$n' ( 1 <= <int>n <= 100 ), in a redirect URL are replaced with capture groups from RegExp pattern .
• Examples:

  Force HTTPS for all network requests.
  URL filter:   /^http:(.*)/
  Redirect URL: https:$1

Origin URL filters

Filter document URL s.

• Separator: comma ',' .
• A document URL is satisfied if one of the following is satisfied:
  • No filter is set (default);
  • The document URL matches one of the filters.
    • A document URL matches a filter if it matches the RegExp pattern or includes the String filter .

Text headers

To modify request or response headers.

• Format: Plaintext orRestricted JavaScript.
• Type Plaintext :
  Pair s of headers.
  • Separator: line break , i.e, '\n' , '\r' or '\r\n' .
  • A Pair is of the format: name: value .
    • If name is empty, the header is omitted.
    • If value is empty, the header with the name name is removed if it exists, or the header is omitted.
    • If a header with the name name exists, the header is modified. If there're more than one existing, the first is modified.
    • If no header with the name name exists, a new header is added.
  • Examples:

    This overrides the default Accept header
    Accept: *

    This removes Referer header if it exists
    Referer:

    This adds new headers to the request
    Test-0: On
    Test-1: Off

• TypeRestricted JavaScript:
  Returns request or response headers.
  • The code must return an array of objects, each objects has two properties: 'name' and 'value' .
  • Depending on, the code will be passed an argument requestHeaders or responseHeaders , which is the list of the existing headers.
  • Examples:

    // Header type: Request headers
    const acceptHeader = requestHeaders.find(({name}) => (
        name.toLowerCase() === 'accept'
    ));
    // Accept: *
    acceptHeader && acceptHeader.value = '*';
    return requestHeaders;

    // Header type: Request headers
    const refererHeaderIndex = requestHeaders.findIndex(({name}) => (
        name.toLowerCase() === 'referer'
    ));
    // Remove Referer header
    if (refererHeaderIndex !== -1) {
        requestHeaders.splice(refererHeaderIndex, 1);
    }
    return requestHeaders;

    // Header type: Response headers
    responseHeaders.push({
        name: 'Set-Cookie',
        value: 'Firefox-Extension=Man in the Middle; HttpOnly',
    });
    return responseHeaders;

Text type

'Plaintext' or 'JavaScript' .

Header type

'Request headers' or 'Response headers' .

Text response

To modify network responses.

• Format: Plaintext orRestricted JavaScript.
• Type Plaintext :
  Any text as response body.
• TypeRestricted JavaScript:
  Returns response body.
  • The code must return a string which is the response body.
  • The code will be passed an argument responseBody , which is the response from the server.
  • Examples:

    // Site: http://internetbadguys.com/
    return `<!DOCTYPE html>
    <html>
    <head>
        <meta charset="utf-8">
    </head>
    <body>
    <h1>Bad guys are ${(
        responseBody.includes('phish.opendns.com/?url=') ? 'blocked' : 'coming'
    )}!</h1>
    </body>
    </html>`;

Code

JavaScript or CSS code to be injected.

Script type

'JavaScript' or 'CSS' .

DOM event

A stage of the DOM loading on which the code is injected.

• Can be one of the following values:

  Loading
  Loaded
  Completed
  

Formats

RegExp pattern

Begins with a slash '/' and ends with a slash '/' .

• The characters inside the two slashes must form a valid RegExp, otherwise, the pattern is treated as a.
• Examples:

  /./
  /faceb(\w{2})k\.[\w]+/

String filter

A string that is not a.

• Examples:

  http
  facebook.com
  /invalid { RegExp/

Restricted JavaScript

A JavaScript function body that will be executed inside a sandbox.

• The code may access only built-in objects and some APIs, which are:
  • Object , Array , String , RegExp , JSON , Map , Set , Promise , ...built-in objects;
  • isFinite , isNaN , parseInt , parseFloat ;
  • encodeURI , encodeURIComponent , decodeURI , decodeURIComponent ;
  • crypto , performance , atob , btoa , fetch and XMLHttpRequest .
• The function is async , hence, await can be used to perform asynchronous tasks.
• The code should always return a value.

Others

• If you have questions or need help, feel free to message me at: Facebook/dangkyokhoang .
• If you have feature requests, suggestions, or you've found bugs, raise issues at: Man-in-the-Middle/issues .