Firefox Extension.
Allow user to block or redirect requests, modify headers and response body, inject JavaScript and CSS into pages.
Get Man in the Middle on Firefox Add-ons.
Get help writing rules.
Use cases:
- Block or redirect websites and requests;
- Add, modify or remove request headers;
- Modify request responses;
- Inject JavaScript into pages to make pages function as desired;
- Inject CSS into pages to style pages as desired.
Select rule properties for more details.
Rules to block or redirect requests.
Rules to modify request and response headers.
- Text headers (Required);
- Text type;
- Header type;
- URL filters (Required);
- Method;
- Origin URL filters.
Rules to modify network responses.
Rules to inject JavaScript and CSS into pages.
Filter request URLs or document URLs.
- Format: RegExp pattern or String filter.
- Separator:
line break, i.e,'\n','\r'or'\r\n'. - A
URLis satisfied if it matches at least one of the filters.- A
URLmatches a filter if it matches theRegExp patternor includes theString filter.
- A
- Rules: Blocking Rules, Header Rules, Response Rules and Content Scripts.
Filters request methods.
- Value can be one of the HTTP request methods, i.e,
'GET','POST','HEAD', etc. - A
request methodis satisfied if it equals to themethod. - Rules: Blocking Rules, Header Rules and Response Rules.
A URL to redirect requests to.
- If not set, matched requests are blocked.
- Parameters
'$n'(1 <= <int>n <= 100), in aredirect URLare replaced with capture groups fromRegExp patternURL filter. - Examples:
Force HTTPS for all network requests. URL filter: /^http:(.*)/ Redirect URL: https:$1 - Rules: Blocking Rules.
Filter document URLs.
- Format: RegExp pattern or String filter.
- Separator: comma
','. - A
document URLis satisfied if one of the following is satisfied:- No
filteris set (default); - The
document URLmatches one of the filters.- A
document URLmatches a filter if it matches theRegExp patternor includes theString filter.
- A
- No
- Rules: Blocking Rules, Header Rules, Response Rules and Content Scripts.
To modify request or response headers.
- Format:
Plaintextor Restricted JavaScript. - Type
Plaintext:
Pairs of headers.- Separator:
line break, i.e,'\n','\r'or'\r\n'. - A
Pairis of the format:name: value.- If
nameis empty, the header is omitted. - If
valueis empty, the header with the namenameis removed if it exists, or the header is omitted. - If a header with the name
nameexists, the header is modified. If there're more than one existing, the first is modified. - If no header with the name
nameexists, a new header is added.
- If
- Examples:
This overrides the default Accept header Accept: *This removes Referer header if it exists Referer:This adds new headers to the request Test-0: On Test-1: Off
- Separator:
- Type Restricted JavaScript:
Returns request or response headers.- The code must
returnan array of objects, each objects has two properties:'name'and'value'. - Depending on Header type,
the code will be passed an argument
requestHeadersorresponseHeaders, which is the list of the existing headers. - Examples:
// Header type: Request headers const acceptHeader = requestHeaders.find(({name}) => ( name.toLowerCase() === 'accept' )); // Accept: * acceptHeader && acceptHeader.value = '*'; return requestHeaders;
// Header type: Request headers const refererHeaderIndex = requestHeaders.findIndex(({name}) => ( name.toLowerCase() === 'referer' )); // Remove Referer header if (refererHeaderIndex !== -1) { requestHeaders.splice(refererHeaderIndex, 1); } return requestHeaders;
// Header type: Response headers responseHeaders.push({ name: 'Set-Cookie', value: 'Firefox-Extension=Man in the Middle; HttpOnly', }); return responseHeaders;
- The code must
- Rule: Header Rules.
'Plaintext' or'JavaScript'.
- Rule: Header Rules and Response Rules.
'Request headers' or 'Response headers'.
- Rule: Header Rules.
To modify network responses.
- Format:
Plaintextor Restricted JavaScript. - Type
Plaintext:
Any text as response body. - Type Restricted JavaScript:
Returns response body.- The code must
returna string which is the response body. - The code will be passed an argument
responseBody, which is the response from the server. - Examples:
// Site: http://internetbadguys.com/ return `<!DOCTYPE html> <html> <head> <meta charset="utf-8"> </head> <body> <h1>Bad guys are ${( responseBody.includes('phish.opendns.com/?url=') ? 'blocked' : 'coming' )}!</h1> </body> </html>`;
- The code must
- Rule: Response Rules.
JavaScript or CSS code to be injected.
- Rule: Content Scripts.
'JavaScript' or 'CSS'.
- Rule: Content Scripts.
A stage of the DOM loading on which the code is injected.
- Can be one of the following values:
Loading;Loaded;Completed.
- Rule: Content Scripts.
Begins with a slash '/' and ends with a slash '/'.
- The characters inside the two slashes must form a valid RegExp, otherwise, the pattern is treated as a String filter.
- Examples:
/./ /faceb(\w{2})k\.[\w]+/ - Properties: URL filters and Origin URL filters.
A string that is not a RegExp pattern.
- Examples:
http facebook.com /invalid { RegExp/ - Properties: URL filters and Origin URL filters.
A JavaScript function body that will be executed inside a sandbox.
- The code may access only built-in objects and some APIs, which are:
Object,Array,String,RegExp,JSON,Map,Set,Promise, ...built-in objects;isFinite,isNaN,parseInt,parseFloat;encodeURI,encodeURIComponent,decodeURI,decodeURIComponent;crypto,performance,atob,btoa,fetchandXMLHttpRequest.
- The function is
async, hence,awaitcan be used to perform asynchronous tasks. - The code should always
returna value. - Properties: Text headers and Text response.
- If you have questions or need help, feel free to message me at: Facebook/dangkyokhoang.
- If you have feature requests, suggestions, or you've found bugs, raise issues at: Man-in-the-Middle/issues.