javascript捕获和篡改http请求
[英]javascript capture and tamper http requests
问题描述
Is there a way with javascript on a page to tamper http requests done by other scripts (on same page)? 
页面上的javascript是否有办法篡改其他脚本(在同一页面上)完成的http请求? The other scripts can be from external domains. 其他脚本可以来自外部域。
Let's say on a page X a script loaded from an external domain performs an http get like GET http://www.example.com?foo=bar is it possible that a previously loaded script in the same page X can capture this request, and tamper with it so it becomes GET http://www.example.com?foo=qux ? 假设在第X页上,从外部域加载的脚本执行的GET http://www.example.com?foo=bar类似于GET http://www.example.com?foo=bar ,那么同一页X中先前加载的脚本是否可以捕获此请求,并对其进行篡改,使其成为GET http://www.example.com?foo=qux ?
In jquery i can achieve this by wrapping the ajax get post methods. 在jquery中,我可以通过包装ajax get post方法来实现。 But is this possible for plain javascript, no frameworks, working across all page and client's http requests? 但这是否适用于纯JavaScript,无框架,跨所有页面和客户端的HTTP请求工作?
It seems to me that for this to be done, the script must be able to override something very deep in the core. 在我看来,要做到这一点,脚本必须能够覆盖内核中非常深的内容。 If i have to guess i would say it's not possible by design and because of security . 如果我不得不猜测,我会说这是设计和安全性所无法实现的 。 What do you think? 你怎么看?
ps no proxies, no external tools. ps没有代理,没有外部工具。
1 个解决方案
解决方案1
0 已采纳 2015-12-15 08:37:27
No you can't capture the HTTP request going out of your app, once it has gone out of your app . 不 , 一旦请求退出应用程序,您将无法捕获HTTP请求。
However, there is one work around possible 但是,有一种可能的解决方法
- if you want to alter some parameters before it goes of your app , 如果您想在应用发布之前更改一些参数,
- All the other request from your website are AJAX requests 您网站上的所有其他请求都是AJAX请求
- They are invoking your custom method, say
customAjax()which can alter the parameters of the actual request that will go out.他们正在调用您的自定义方法,例如customAjax(),它可以更改将要发出的实际请求的参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.