Can you please add a checkbox to run the code in the context of the page?

Here's how to do it:

// script tag to inject into the document
scr = document.createElement('script');

// set code as text (function automatically converted to text)
scr.textContent = '(' + function() {
    console.log(jQuery); // for example here we can use the page's jQuery object
} + ')();'

console.log('injecting script tag:', scr); // may be required (or it won't be loaded in the page for some reason)

// insert the code in the page
(document.head || document.documentElement).appendChild(scr);

// optionally hide the script tag from the page (you could make it a checkbox too)
// scr.parentNode.removeChild(scr);

Need to turn on/off on the extension using bash shell , but i dont know how , can you tell?

Hello:
Your repo looks good. I will spend more time to study it.
Now, I have one more tricky question.
If you have ever shopped in https://www.amazon.com/, you know that you can shop many items in different category, and finally, check out when you done, then pay the total bills in one place.
There is a similar web site, there are about 3 children pages, just like different categories in Amazon, I have to visit each of the 3 pages, and select one item from each page, each have about 100 items, then click a button to check out or submit the form (HTTP Post).
What I want to do is: I want to use your repo to create one total page, in which all the 3 children pages are inside this total page, also add some additional JavaScript, so I can select one item from each page, and submit the form.
In short, the only thing to do differently is: in stead of visiting one page 3 times, I want to merge all 3 pages to make one page. The advantage is: I don’t have to visit so many different pages, I can stay in the total page.
The old way of data flow is like this:
A. visit https://www.child_page1.com/, click to select item #1,
B. visit https://www.child_page2.com/, click to select item #2,
C. visit https://www.child_page3.com/, click to select item #3,
D. click a submit form button under the last item #3, then submit the form.
What I want to do now is:
A. Create a frame of a total page,
B. Load https://www.child_page1.com/ and append it as one HTML element. (I think maybe Jquery parseHTML can add an array of DOM objects inside one element, like DIV)
C. Load https://www.child_page2.com/ and append it as one HTML element. (I think maybe Jquery parseHTML can add an array of DOM objects inside one element, like DIV)
D. Load https://www.child_page3.com/ and append it as one HTML element. (I think maybe Jquery parseHTML can add an array of DOM objects inside one element, like DIV)
E. From each newly added elements, pick up one element, and finally submit the form. In other words, I want to make one big DOM includes all 3 children pages, then I can use JavaScript to select DOM nodes, like: getelementsbyclassname, and then click on the selected DOM nodes, and finally click on the submit form button.
There are a few other additional JavaScripts, work like adding items to shopping cart, and finally submit the form using HTTP Post.
Give me some ideas, if I can reach my goal with your repo.?
If yes, then provide some rules for making the total page, where I can add other 3 different pages into it.
If not directly, then give me some ideas on how I can do this with JavaScript/Jquery?
Thanks,

The following website updates it's content through a json file. Inside the json file is an attribute called "nsfw". I want to edit the response content of those json files to set nsfw to 0. Sadly I couldn't get it to work. The response rules are only applying on initial page load and not on javscript triggered responses.

Website:
https://9gag.com/darkhumor

Example json request url:
https://9gag.com/v1/group-posts/group/darkhumor/type/hot?after=adL2P7Z%2CaE2XqoG%2CabY2v2E&c=20

Example Code:

if(responseHeaders.get('Content-Type') == 'application/json'){
responseBody = responseBody.replace('"nsfw":1', '"nsfw":0');
}
return responseBody;

It works in Firefox 73, but not on 78esr.

Opening multiple background tabs that automatically load their page will result in random tabs failing to be injected with content scripts. With the following rules and link you can test this. Simply open multiple tabs through the mouseweel button and wait until all are finished loading. Then cycle through them and you'll notice that some have no image dispalyed until you reload the page.

Example page: https://9gag.com/darkhumor
Example scripts and rules:

script from the 9gag rule:

$("article[id^='jsid-post-']").each(function(index){
		var idParts = $(this).attr('id').split('-');
		var imageLink = "https://img-9gag-fun.9cache.com/photo/" + idParts[idParts.length - 1] + "_700b.jpg";
		$('.post-container .nsfw-post', this).empty();
		$('.post-container .nsfw-post', this).prepend("<img src='" + imageLink + "'/>");
});

$(window).scroll(function() {
	if($(this).scrollTop() % 900 <= 20){
		$("article[id^='jsid-post-']").each(function(index){
			var idParts = $(this).attr('id').split('-');
			var imageLink = "https://img-9gag-fun.9cache.com/photo/" + idParts[idParts.length - 1] + "_700b.jpg";
			$('.post-container .nsfw-post', this).empty();
			$('.post-container .nsfw-post', this).prepend("<img src='" + imageLink + "'/>");
		});
	}
});

optional css:

#gdpr iframe,
	.gdpr .btn-container a.red + .grey,
	.gdpr .btn-container a.blue,
	.post-container .nsfw-post h3,
	.post-container .nsfw-post p{
		display: none !important;
	}
	
	.post-container .nsfw-post {
		height: auto !important;
		border: 5px red solid !important;
	}

	.gdpr .btn-container a.blue + .grey {
		background-color: #09f !important;
		color: white !important;
	}

	.gdpr .btn-container a.red {
		background-color: #09f !important;
	}

The Redirect URL field is flagged as deprecated and instead there is a new field for javascript or plaintext redirects. Because the new plaintext version works the same as the now deprecated field, there is no reason to keep it. Man in the Middle should automatically edit all relevant rules and move the content from the old field to the new one and abolishing the old field completely.

I try this code to remove the httponly flag but it does not work

responseHeaders.forEach(header => {
    if (header.name.toLowerCase() === 'set-cookie') {
        header.value = header.value.split(';')
            .filter(pair => pair.trim().toLowerCase() !== 'httponly')
            .join('; ');
    }
});
return responseHeaders;

From chrome documentation (https://developer.chrome.com/extensions/webRequest)

Starting from Chrome 72, the following request headers are not provided and cannot be modified or removed without specifying 'extraHeaders' in opt_extraInfoSpec:

• Accept-Language
• Accept-Encoding
• Referer
• Cookie

Starting from Chrome 72, the Set-Cookie response header is not provided and cannot be modified or removed without specifying 'extraHeaders' in opt_extraInfoSpec.

I'm not able to clear all rules in mobile.
When the same rules are charged more twice, duplicate are inserted.
Remove button not work.
Often rules disappear, perhaps when update browser.

Do it is possible to use the button to enable/disable addon and mantain the setting in context menu?

How to remove the HTTPONLY attribute from a cookie ?

From readme, I see that JavaScript code can detect if tab is in private browsing. It would be good to also support filtering by container.

Thanks.

Nothing happens when I select one and click Remove.
Man in the Middle
VERSION 3.5.3
FYI. Just playing around.

Hi - thanks for making this extension available - it's great!

I'd also like to use it to inject some JS into an extension, with a URL like "chrome-extension://", but that doesn't seem to work. Is there a way to enable man-in-the-middle to work on an extension page as well?

Hi I just downloaded the addon, and clicked on "Add" under Content Scripts.
I clicked 3 times without typing anything, It added 3 entries.

When expanding each entry and clicking "Remove" nothing happens

How can I make a content script that matches multiple specific sites e.g. facebook.com, twitter.com? I tried seperating them with | and , but that didn't work.

Do it is possible to create a rule to apply firefox readability internal to pages?

I'd like to see the option to edit request/response header values. If possible even with js functions to set random values. One example would be a random "X-Forwarded-For" value to get a "different IP" every request and another to change the google.com request url to google.co.jp.

Your addon seems to be powerful, but is not intuitive to use for newcomers.
For example, I am confused about how to change user-agent for specified domain.
Could you be so kind to give me a hand here?

Hi,

I'd like to export a rule (maybe some people would prefer a list of rules), and import it.

I wanted to use your plugin to make some support, and ask a user to install it with a rule I'd write for him.
I haven't found a way to share rules with other people.

i want to allow css injection globally and am wondering if this is correct...

text headers: content-security-policy: style-src
text type: plain text
header type: response
url filters: *
method: delete
origin url filters: [empty]

Would it be possible?

Thanks.

I would to set the reponseHeader as a function of requestHeader.
Do it is then possible to have the requestHeaders object also in responseHeaders modify request type ?

Hello:
I need this add-on to forward some https requests.
However, it seems not easy to use this add-on.
For example, if I want simply to show the URL that I am interested in.
For example:
If I visit MDN Web site:
https://developer.mozilla.org/
I want to show all the URLs begin with this domain.
I just want to simply use console.log(url) to show which URLs are being downloaded (HTTP GET).
Please show me the code, rules how to simply show the URLs beging with https://developer.mozilla.org/
Thanks,

Response rules not working in Chrome.

Since a couple of days, when I change anything on the rules (edit/create/delete), after closing Firefox and reopening it, nothing has been saved. The rules I already added before are still there but I can no longer change them. I really don't know if this is a Firefox problem or an extension problem, but the last time I edited something back in mid July, it was saved. Since August it will no longer save. The other plugins (uMatrix, uBlock) still save their settings correct. I already took a look inside the profiles folder but the only thing I found for Man In The Middle were entries in storage-sync.sqlite file, but changes I made there directly, weren't Applied to the extension. Even deleting the entries resulted in no changes at all. The profile/storage folder also had nothing saved regarding Man In The Middle. Deactivating or reinstalling also had no effect. After reinstalling the extension, it even had all my old rules and not an empty rule set. How does this plugin save it's setting so I could at least change them manually?

Since the last update some rules will randomly ceases to work. Dis- and reenabling the affected rules(s) makes them work again. But because a random amount of rules randomly ceases to work it's safer to dis- and reenable the whole plugin. Btw. all my rules are set to local.

Plugin Version: 3.5.3
FF-Version: 81.0.1
All plugins in activation order: uBlock, uMatrix, Man in the Middle

It would be greate if Content Scripts and Javascript rules could use JQuery even if the side I'm injecting the Content Script into doesn't implement it.

If I declare an optional regex group it will return "undefined" instead of an empty string in case it doesn't match. The desired behaviour should be an empty string, otherwise optional groups would be useless.

-A better function to edit headers:

requestHeaders.AddOrOverride(Name, Value){
var existingHeader = requestHeaders.find(({name}) => (
name.toLowerCase() === Name.toLowerCase()
));

if (existingHeader === undefined){
requestHeaders.push({name: Name,value: Value});
}
else{
existingHeader.value = Value;
}
}

Originally posted by @t2YU2m8l83 in #3 (comment)

to filter in blocking rules url that not end with "/end/" I use in Origin URL filters:
/(?<!/end/)$/
but not work, why?

I've done some testing with different firefox versions and Operation Systems. The result was that only my extremely customized browser ignores the top most rule in the Blocking Rules section. I don't know which about:config option this behaviour triggers and as long as I can't find a good way to see only the changed values I'm not gonna even try to find it out. Therefore creating an empthy rule for the top most entry is sufficind to get everything working again.

Originally posted by @t2YU2m8l83 in #3 (comment)

text type "plaintext" or "javascript" is more immediate and fast to apply?

trying to do a text redirect with RegEx and capture group

this works fine...

http://a.com/
http://b.com/

but these don't for some reason...

http://a.com/(.*)
http://b.com/$1

http://a.com/(.*)
http://b.com/\1

http:\/\/a\.com\/(.*)
http://b.com/$1

firefox 87.*
mitm: 5.4.3

-Regex Negative Lookbehinds (?<!) don't work
-An "Exclude Pattern" field would be great and make the Negative Lookbehind problem obsolet. It's pretty usefull for conditional rules if url == google.com && !url.contains("q=") do redirect("google.com?q=test")

Originally posted by @t2YU2m8l83 in #3 (comment)

{"headerRules":[{"name":"X-Frame-Options","urlFilters":["https://www.radioradicale.it"],"originUrlFilters":[],"method":"GET","textType":"plaintext","textHeaders":"x-frame-options:\ncontent-security-policy:","headerType":"responseHeaders"}]}

Why not work?
With other sites it work.

I use this code.
It work at first loaded page, but not when navigate to other link.
It apply only at current page and not to css.

(rules => {
	const entries = Object.entries(rules)

	entries.forEach(([ type, rules ]) => rules.forEach(async rule => {
		const { id, enabled, sync } = await Runtime.sendMessage({
			sender: 'optionsPage',
			request: 'add',
			details: { type },
		})

		await Runtime.sendMessage({
			sender: 'optionsPage',
			request: 'modify',
			details: { type, id, change: rule },
		})

		Collection.create(type, { id, enabled, sync, ...rule })
	}))
})({"contentScripts":[{"name":"Youtube","urlFilters":["https://www.youtube.com/watch"],"originUrlFilters":[],"code":".branding-img-container{\ndisplay:none !important;\n}","scriptType":"CSS","domEvent":"completed"}]});

Dear @dangkyokhoang, no doubt Man in the middle is a very powerful addon, but its documentation leaves much to be desired because it lacks real life examples.

For example, I want to do one of the simplest imaginable things: redirect requests from one domain to another. The following setup (see screenshot) does not work, why?

Excuse me. I wrong.

When you have some rules disabled, they are still checked if they should be used or not. First, the "Origin URL filters" are checked, and later if the rule is enabled or not.
When you do a lot of requests to a site which applies to a rule which which is disabled, the browser will be slow down because the string compare is still done.
My suggestion is to do the enabled check first, and do the check for the "Origin URL filters" later.

Ex: I set rule to modify response for google.com to say Hello. This works when hit directly from the address bar. If I hit this url from an Angular or any other application as a GET request, I see the request in Network tab with the real response and not mocked response.

Thank you for implementing the local storage system. It's interesting that you yourself even mentioned, that he majority of users for this addon would prefer not syncing with a third party server and now sync is the default value for all rules. I don't know how the syncing process works, but it wouldn't be a good move if you instantly sync everything after the update and give the user no choice to keep his rules for himself. Going through all the rules after the update and toggling the sync everywhere was also pretty annoying. Therefor I suggest, that you implement an option to choose if sync or local is default and somehow tell the user that sync happens trough 3rd party and only allow sync after he confirms that.

-The Enable/Disable button could be placed at the end of every collapsed row for easy access.
-Make rules groupable
-Make the rule order changeable
-Tab-button support for aligning codeblocks/styleblocks in text fields
-Markup for css/js keywords and autocomplete for css-rules/js-functions

Originally posted by @t2YU2m8l83 in #3 (comment)

It's a pretty strange way to address everything with *://*/* insted of * or .* therefore it would be nice to streamline the matching methods for rules into a "Match rule(s)" field (full regex support and multiple match rules /regex/,/regex/), an "Exclude rule(s)" field (same functionality as Match rule(s)). And "Redirect field" (full regex support and script support) for "Match Success"-events and "Exclude triggered"-Events. Examples:

OriginalURL: https://www.google.com
MatchPattern: empthy -> applies to every request/response
ExcludePattern: empthy -> nothing will be excluded
RediredtPattern: empthy -> request will be blocked
ResultURL: -> nothing happens because every request will be blocked.

OriginalURL: https://www.amazon.com/SanDisk-Ultra-Flair-Flash-Drive/dp/B015CH1GTO/ref=sr_1_1?ie=UTF8&qid=1538731454&sr=8-1&keywords=usb+16gb
MatchPattern: (https:\/\/www\.amazon\.com\/).*(dp\/[A-Za-Z0-9]+)\/.*
ExcludePattern: (https:\/\/www\.amazon\.com\/).*(dp\/[A-Za-Z0-9]{8})\/.*
RediredtPattern: $1$2 -> capture groups from "MatchPattern"
ResultURL: https://www.amazon.com/dp/B015CH1GTO

You also might take some inspiration from this plugin. It doesn't allow css/js injections but it has a clearly better designed user interface: enable/disable rules, name rules, streamlined rule creation, rule tester, rule grouping.

Hello,

Environment

I'm Using Windows 10 and Chrome 103.x. I installed this extension from https://chrome.google.com/webstore/detail/man-in-the-middle/mfgcopdhimkemcnlhkohjbdjgahmagil

Problem

My Setup is like this here: https://imgur.com/a/XRauRIy

However only the outgoing request gets the addidional header, not the response.
Screenshot: https://imgur.com/a/DsUW1ng

Am I doing terribly wrong? is this due to a Change in Google Chrome that broke the extension? It looks like a bug to me :(

Help is appreciated

Since Firefox 64 removed the rss reader I've tried to implement my own with men in the middle. Sadly it seems responseHeaders.set('Content-Type', 'text/html; charset=UTF-8'); doesn't change the content type which is necessary to get things working.

Rules should recive a description/name filed that is displayed in the overview list.

I'm testing this addon out and I see that even throwing error wont' break fetch

throw `can't connect`;
return `{"error":"can't connect"}` ;

1- how to change response body?
2- how to change response code and cause an error?
3- how to correctly log, since I can't see the throw message in the console

for simpler redirects that don't require full RegEx, it would be great to be able to use wildcards

so this...

/http:\/\/example\.com\/(.+)/(.*)/

becomes this...

http://example.com/*/*

replacements are the same...

http://somesite.com/$1/$2/somedirectory

Some pages get corrupted if you apply JavaScript replace rules to them.

Example:
return responseBody.replace(/div/g, 'div');
for the page http://www.getchu.com/?gc=gc
will destroy it's encoding.