欺骗 xmlhttprequest (greasemonkey)

问题描述 投票:0回答:2

我阻止了来自greatmonkey的XMLHttpRequest,但是当它没有得到响应时页面会出现错误。所以我尝试欺骗,就好像收到了回复一样。不幸的是,XMLHttpRequest 似乎有只读字段。所以我创建了一个假对象:

fakeresponse = "for (;;);"+JSON.stringify(fakeresponse);


var xhr2 = {};
xhr2.readyState = 0;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 1;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 2;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 3;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.response = fakeresponse;
xhr2.responseText = fakeresponse;
xhr2.responseXML = fakeresponse;
xhr2.status = 200;
xhr2.readyState = 4;

if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);

物体是:

Object {response: "for (;;);{"__ar":1,"payload":{"actions":[{"..."},"bootloadable":{},"ixData":{},"lid":"0"}", responseText: "for (;;);...", responseXML: "for (;;);....", status: 200, readyState: 4}

但什么也没发生..有没有其他方法可以模拟这个,或者我必须深入使用调试器?该页面还使用库而不是纯 xhr 对象,这会是一个问题吗?

javascript ajax xmlhttprequest greasemonkey
2个回答
0
投票
(function(xhr, value){
Object.defineProperty(xhr, "response", {
  get: function() {
    return value;
  }
});

Object.defineProperty(xhr, "responseText", {
  get: function() {
    return value;
  }
});

Object.defineProperty(xhr, "responseXML", {
  get: function() {
    return value;
  }
});
Object.defineProperty(xhr, "status", {
  get: function() {
    return 200;
  }
});
})(xhr, fakeresponse);

Object.defineProperty(xhr, "readyState", {
  get: function() {
    return 4;
  }
});

if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange();
0
投票

这是一个旧线程,但我想在这里分享我的解决方案,以防有人正在寻找。

XMLHttpRequest = class extends XMLHttpRequest {
    constructor() {
        super();
        this._status;
        this._readyState;
        this._responseUrl;
        this._responseText;
        this._response;
    }

    get status() {
        return this._status || super.status;
    }

    set status(value) {
        this._status = value;
    }

    get readyState() {
        return this._readyState || super.readyState;
    }

    set readyState(value) {
        this._readyState = value;
    }

    get responseUrl() {
        return this._responseUrl || super.responseUrl;
    }

    set responseUrl(value) {
        this._responseUrl = value;
    }

    get responseText() {
        return this._responseText || super.responseText;
    }

    set responseText(value) {
        this._responseText = value;
    }

    get response() {
        return this._response || super.response;
    }

    set response(value) {
        this._response = value;
    }

    open() {
        this._url = arguments[1];
        super.open(...arguments);
    }

    send() {
        if (this._url.match(spoofUrl)) {
            console.log("Spoofing response");
            this.status = 200;
            this.readyState = 4;
            this.responseUrl = this._url;
            this.responseText = spoofResponse;
            this.response = spoofResponse;
            this.onload(); // you can call any other XHR callback here
        } else {
            super.send(...arguments);
        }
    }
}
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.