{"name":"memos/377", "uid":"mzSguqvHXye7BeVQ6YnZXy", "rowStatus":"ACTIVE", "creator":"users/1", "createTime":"2024-11-17T21:32:23Z", "updateTime":"2024-11-17T23:21:08Z", "displayTime":"2024-11-17T21:32:23Z", "content":"Injecting arbitrary JavaScript on any HTML page anywhere in Windows with Fiddler Classic:\n* Enable HTTPS decryption if needed\n* Apply following in FiddlerScript to modify HTTP requests:\n```js\n    // ...\n    static function OnBeforeResponse(oSession: Session) {\n        // ...\n        if (oSession.oResponse.headers.ExistsAndContains(\"Content-Type\", \"text/html\")) {\n            // Strip CSP (!!) to ensure script is loaded no matter what\n            oSession.oResponse.headers.Remove(\"Content-Security-Policy\");\n            // Append custom script somewhere in the page, by hijacking text replace on some element that likely exists, eg. `</head>` or `</body>`\n            oSession.utilDecodeResponse();\n            oSession.utilReplaceInResponse('</head>', '<script src=\"/whatever-unique-url-you-like.js\"></script></head>');\n        }\n        // Respond with custom file on every request for our unique fake script URL\n        if (oSession.PathAndQuery===\"/whatever-unique-url-you-like.js\") {\n            // File must be stored in %HOMEPATH%\\Documents\\Fiddler2\\Captures\\Responses\\\n            oSession[\"x-replywithfile\"] = \"name-of-stored-script-file.js\";\n        }\n        // ...\n    }\n    // ...\n```", "nodes":[{"type":"PARAGRAPH", "paragraphNode":{"children":[{"type":"TEXT", "textNode":{"content":"Injecting arbitrary JavaScript on any HTML page anywhere in Windows with Fiddler Classic:"}}]}}, {"type":"LINE_BREAK", "lineBreakNode":{}}, {"type":"UNORDERED_LIST", "unorderedListNode":{"symbol":"*", "indent":0, "children":[{"type":"TEXT", "textNode":{"content":"Enable HTTPS decryption if needed"}}]}}, {"type":"LINE_BREAK", "lineBreakNode":{}}, {"type":"UNORDERED_LIST", "unorderedListNode":{"symbol":"*", "indent":0, "children":[{"type":"TEXT", "textNode":{"content":"Apply following in FiddlerScript to modify HTTP requests:"}}]}}, {"type":"LINE_BREAK", "lineBreakNode":{}}, {"type":"CODE_BLOCK", "codeBlockNode":{"language":"js", "content":"    // ...\n    static function OnBeforeResponse(oSession: Session) {\n        // ...\n        if (oSession.oResponse.headers.ExistsAndContains(\"Content-Type\", \"text/html\")) {\n            // Strip CSP (!!) to ensure script is loaded no matter what\n            oSession.oResponse.headers.Remove(\"Content-Security-Policy\");\n            // Append custom script somewhere in the page, by hijacking text replace on some element that likely exists, eg. `</head>` or `</body>`\n            oSession.utilDecodeResponse();\n            oSession.utilReplaceInResponse('</head>', '<script src=\"/whatever-unique-url-you-like.js\"></script></head>');\n        }\n        // Respond with custom file on every request for our unique fake script URL\n        if (oSession.PathAndQuery===\"/whatever-unique-url-you-like.js\") {\n            // File must be stored in %HOMEPATH%\\Documents\\Fiddler2\\Captures\\Responses\\\n            oSession[\"x-replywithfile\"] = \"name-of-stored-script-file.js\";\n        }\n        // ...\n    }\n    // ..."}}], "visibility":"PUBLIC", "tags":[], "pinned":false, "resources":[], "relations":[], "reactions":[], "property":{"tags":[], "hasLink":false, "hasTaskList":false, "hasCode":true, "hasIncompleteTasks":false}, "snippet":"Injecting arbitrary JavaScript on any HTML page anywhere in Windows with Fiddler Classic:\n*Enable HT..."}