Prologue
As a Front End developer, I was wondering: if there is a MITM tool targeted to WEB Developer for easily intercept request and manipulate (mock, cache, logs, modify by content-type) the request / response, having capability of HOT RELOADING rule(s) with additional functionality live in Devtools to edit/enhance/toggle the rule(s).
These have been my Front End Developer needs:
It's a rule based routing and scripted with JavaScript Object Literal.
Intercept Live JS / CSS and substitute with local development code contains an inline-source-map
Manipulate headers either request or response, ie: changing Content Security Policy (CSP) rule
Helper to add Javascript code into the HTML response easily ie: add to the header or at the end of body
Define a tag to some rules and during runtime it can be toggle to enable/disable rule
A flexible rule should start with simple then extend as needed:
Start with simple URL matching and response with an empty string:
response: {
{ 'GET:doubleclick.net': '' } // GET url contains 'doubleclick.net'
{ 'doubleclick.net': '' } // match url contains 'doubleclick.net'
}
Or morph to function based:
response: {
'doubleclick.net': {
response(resp) {
const body = '';
return { body };
}
}
}
Or specific to js
js: {
'doubleclick.net': {
response(resp) {
const body = '';
return { body };
}
}
}
Not replacing, just need to inject at the end of response payload with special syntax =>
const jscode = 'alert(0)';
...
js: {
'doubleclick.net': `=>${jscode}`
}
Introducing Mitm-Play
TLDR; the term "Man in the Middle" can be check to MITM related articles published by: cyris, Kyle Parisi, Kevin Cui.
Mitm-Play is a MITM leaning toward my need as FE Developer during Development or debugging PROD, detail documentation can be found on github, utilize Playwright route('**', EventHandler) + Chrome Plugins
Installation
Mitm-Play is a CLI App, the installation should be on global scope
npm i -g mitm-play
First run
It will prompt you to create demo routes
>>> mitm-play -s
Create ~/user-route (Y/n)? y [Enter]
Next, chromium will be launch and auto navigate to https://keybr.com. Open Chrome Devtools to access Mitm-Play plugin.
At first launch no rules getting applied, as we can see on the image above in Devtool section: mitm-play/Tags, there are no tags getting checked
Some keys having :no-ads and it is a tags attached to mock & css rules, and the tags will be available as a checkbox option to enable/disable rule(s). The state is determined by tags key in which having an empty array, so no rule getting applied.
route = { tags: [], 'mock:no-ads', 'css:no-ads' }
To enable at first, either delete the tags key, or add corresponding tags: ['no-ads']
route = { tags: ['no-ads'],...
Epilogue
This introduction may be too simple interception use case, but I think it serve at least minimum demo that can be showcase immediately after installation, later time can be expand to different scenario with different rules.
To get the idea, I end this post with the skeleton of route :
route = {
url: '',
urls: {},
title: '',
jsLib: [],
workspace: '',
screenshot: {}, //user interaction rules & observe DOM-Element
skip: [], //start routing rules
proxy: [], //request with proxy
noproxy: [],
nosocket:[],
request: {},
mock: {},
cache: {},
log: {},
html: {},
json: {},
css: {},
js: {},
response:{}, //end routing rules
}
Top comments (0)