Firefox Extension.
Allow user to block or redirect requests, modify headers and response body, inject JavaScript and CSS into pages.
Get Man in the Middle on Firefox Add-ons.
Get help writing rules.
Use cases:
- Block or redirect websites and requests;
- Add, modify or remove request headers;
- Modify request responses;
- Inject JavaScript into pages to make pages function as desired;
- Inject CSS into pages to style pages as desired.
Use Blocking Rules to block or redirect requests.
Use Header Rules to modify request and response headers.
Headers can be modified using JavaScript.
Use Response Rules to modify network responses.
Use Content Scripts to inject JavaScript and CSS codes into pages.
Content Scripts can even be injected to the extension's pages.
Select rule properties for more details.
Rules to block or redirect requests.
Rules to modify request and response headers.
- Text headers (Required);
- Text type;
- Header type;
- URL filters (Required);
- Method;
- Origin URL filters.
Rules to modify network responses.
Rules to inject JavaScript and CSS into pages.
Filter request URL
s or document URL
s.
- Format: RegExp pattern or String filter.
- Separator:
line break
, i.e,'\n'
,'\r'
or'\r\n'
. - A
URL
is satisfied if it matches at least one of the filters.- A
URL
matches a filter if it matches theRegExp pattern
or includes theString filter
.
- A
- Rules: Blocking Rules, Header Rules, Response Rules and Content Scripts.
Filters request method
s.
- Value can be one of the HTTP request methods, i.e,
'GET'
,'POST'
,'HEAD'
, etc. - A
request method
is satisfied if it equals to themethod
. - Rules: Blocking Rules, Header Rules and Response Rules.
A URL
to redirect request
s to.
- If not set, matched requests are blocked.
- Parameters
'$n'
(1 <= <int>n <= 100
), in aredirect URL
are replaced with capture groups fromRegExp pattern
URL filter. - Examples:
Force HTTPS for all network requests. URL filter: /^http:(.*)/ Redirect URL: https:$1
- Rules: Blocking Rules.
Filter document URL
s.
- Format: RegExp pattern or String filter.
- Separator: comma
','
. - A
document URL
is satisfied if one of the following is satisfied:- No
filter
is set (default); - The
document URL
matches one of the filters.- A
document URL
matches a filter if it matches theRegExp pattern
or includes theString filter
.
- A
- No
- Rules: Blocking Rules, Header Rules, Response Rules and Content Scripts.
To modify request or response headers.
- Format:
Plaintext
or Restricted JavaScript. - Type
Plaintext
:
Pair
s of headers.- Separator:
line break
, i.e,'\n'
,'\r'
or'\r\n'
. - A
Pair
is of the format:name: value
.- If
name
is empty, the header is omitted. - If
value
is empty, the header with the namename
is removed if it exists, or the header is omitted. - If a header with the name
name
exists, the header is modified. If there're more than one existing, the first is modified. - If no header with the name
name
exists, a new header is added.
- If
- Examples:
This overrides the default Accept header Accept: *
This removes Referer header if it exists Referer:
This adds new headers to the request Test-0: On Test-1: Off
- Separator:
- Type Restricted JavaScript:
Returns request or response headers.- The code must
return
an array of objects, each objects has two properties:'name'
and'value'
. - Depending on Header type,
the code will be passed an argument
requestHeaders
orresponseHeaders
, which is the list of the existing headers. - Examples:
// Header type: Request headers const acceptHeader = requestHeaders.find(({name}) => ( name.toLowerCase() === 'accept' )); // Accept: * acceptHeader && acceptHeader.value = '*'; return requestHeaders;
// Header type: Request headers const refererHeaderIndex = requestHeaders.findIndex(({name}) => ( name.toLowerCase() === 'referer' )); // Remove Referer header if (refererHeaderIndex !== -1) { requestHeaders.splice(refererHeaderIndex, 1); } return requestHeaders;
// Header type: Response headers responseHeaders.push({ name: 'Set-Cookie', value: 'Firefox-Extension=Man in the Middle; HttpOnly', }); return responseHeaders;
- The code must
- Rule: Header Rules.
'Plaintext'
or'JavaScript'
.
- Rule: Header Rules and Response Rules.
'Request headers'
or 'Response headers'
.
- Rule: Header Rules.
To modify network responses.
- Format:
Plaintext
or Restricted JavaScript. - Type
Plaintext
:
Any text as response body. - Type Restricted JavaScript:
Returns response body.- The code must
return
a string which is the response body. - The code will be passed an argument
responseBody
, which is the response from the server. - Examples:
// Site: http://internetbadguys.com/ return `<!DOCTYPE html> <html> <head> <meta charset="utf-8"> </head> <body> <h1>Bad guys are ${( responseBody.includes('phish.opendns.com/?url=') ? 'blocked' : 'coming' )}!</h1> </body> </html>`;
- The code must
- Rule: Response Rules.
JavaScript
or CSS
code to be injected.
- Rule: Content Scripts.
'JavaScript'
or 'CSS'
.
- Rule: Content Scripts.
A stage of the DOM
loading on which the code is injected.
- Can be one of the following values:
Loading
;Loaded
;Completed
.
- Rule: Content Scripts.
Begins with a slash '/'
and ends with a slash '/'
.
- The characters inside the two slashes must form a valid RegExp, otherwise, the pattern is treated as a String filter.
- Examples:
/./ /faceb(\w{2})k\.[\w]+/
- Properties: URL filters and Origin URL filters.
A string that is not a RegExp pattern.
- Examples:
http facebook.com /invalid { RegExp/
- Properties: URL filters and Origin URL filters.
A JavaScript function body that will be executed inside a sandbox.
- The code may access only built-in objects and some APIs, which are:
Object
,Array
,String
,RegExp
,JSON
,Map
,Set
,Promise
, ...built-in objects;isFinite
,isNaN
,parseInt
,parseFloat
;encodeURI
,encodeURIComponent
,decodeURI
,decodeURIComponent
;crypto
,performance
,atob
,btoa
,fetch
andXMLHttpRequest
.
- The function is
async
, hence,await
can be used to perform asynchronous tasks. - The code should always
return
a value. - Properties: Text headers and Text response.
- If you have questions or need help, feel free to message me at: Facebook/dangkyokhoang.
- If you have feature requests, suggestions, or you've found bugs, raise issues at: Man-in-the-Middle/issues.