Modify requests, inject JavaScript and CSS into pages
Firefox Extension.
Allow user to block or redirect requests, modify request headers and responses, inject JavaScript and CSS into pages.
Get Man in the Middle on Firefox Add-ons.
Get help writing rules.
See changes in the Project board.
Use cases:
Use Blocking Rules to block or redirect requests.
Use Header Rules to modify request and response headers.
Headers can be modified using JavaScript.
Use Response Rules to modify network responses.
Use Content Scripts to inject JavaScript and CSS codes into pages.
Content Scripts can even be injected to the extension's pages.
Select rule properties for more details.
Rules to block or redirect requests.
Rules to modify request and response headers.
Rules to modify network responses.
Rules to inject JavaScript and CSS into pages.
Filter request URL
s or document URL
s.
line break
, i.e, '\n'
, '\r'
or '\r\n'
.'!'
is a URL exception
.URL
is satisfied if it matches at least one of the filters and DOES NOT match any URL exception
.
URL
matches a filter if it matches the RegExp pattern
or includes the String filter
.Any site is matched
http
Any site is matched, but not www.google.com
http
!www.google.com
Filters request method
s.
'*'
or one of the HTTP request methods, i.e, 'GET'
, 'POST'
, 'HEAD'
, etc.request method
is satisfied if it equals to the method
.To redirect or block requests.
Plaintext
or Restricted JavaScript.Plaintext
:URL
to redirect request
s to.
'$n'
(1 <= <int>n <= 100
), in a redirect URL
are replaced with capture groups from RegExp pattern
URL filter.Force secure connections for all HTTP requests.
URL filter: /^http:(.*)/
Text redirect URL: https:$1
URL
to redirect request
s to.
return
a string URL
.
URL
is empty, matched requests are blocked;URL
equals to the request's URL, the request is neither blocked nor redirected;URL
.// Facebook hours restricted to the range from 07:00 PM to 11:59 PM
// URL filter: facebook.com, messenger.com
// Text redirect URL:
const date = new Date();
const hour = date.getHours();
return 19 <= hour && hour <= 23 ? url : '';
DEPRECATED since version 3.4.0. Use Text redirect URL instead.
Filter document URL
s.
','
.document URL
is satisfied if one of the following is satisfied:
filter
is set (default);document URL
matches one of the filters.
document URL
matches a filter if it matches the RegExp pattern
or includes the String filter
.To modify request or response headers.
Plaintext
or Restricted JavaScript.Plaintext
:Pair
s of headers.
line break
, i.e, '\n'
, '\r'
or '\r\n'
.Pair
is of the format: name: value
.
name
is empty, the header is omitted.value
is empty, the header with the name name
is removed if it exists, or the header is omitted.name
exists, the header is modified. If there're more than one existing, the first is modified.name
exists, a new header is added.This overrides the default Accept header
Accept: *
This removes Referer header if it exists
Referer:
This adds new headers to the request
Test-0: On
Test-1: Off
return
an array of objects, each objects has two properties: 'name'
and 'value'
.requestHeaders
or responseHeaders
, depending on the Header type.requestHeaders
or responseHeaders
has its methods to make it easier to modify headers:
get(name)
gets header by name;set(name, value)
replaces header value if it exists, or adds a new header;modify([ ...[name, value] ])
sets multiple pairs of headers.// Header type: Request headers
// This do nothing but log the request headers to the console.
throw requestHeaders;
// This line
const acceptHeader = requestHeaders.get('Accept');
// equals to the below
const acceptHeader = const acceptHeader = requestHeaders.find(({name}) => (
name.toLowerCase() === 'accept'
));
// Header type: Request headers
// This line
requestHeaders.modify([ ['Accept', '*'] ]);
// equals to this line
requestHeaders.set('Accept', '*');
// and equals to the below lines
const acceptHeader = requestHeaders.get('Accept');
if (acceptHeader) {
acceptHeader.value = '*';
} else {
requestHeaders.push({name: 'Accept', value: '*'});
}
return requestHeaders;
// Header type: Request headers
// This line
requestHeaders.modify([ ['Referer', ''] ]);
// equals to the below
const refererHeaderIndex = requestHeaders.findIndex(({name}) => (
name.toLowerCase() === 'referer'
));
// Remove Referer header
if (refererHeaderIndex !== -1) {
requestHeaders.splice(refererHeaderIndex, 1);
}
return requestHeaders;
// Header type: Response headers
responseHeaders.push({
name: 'Set-Cookie',
value: 'Firefox-Extension=Man in the Middle; HttpOnly',
});
return responseHeaders;
'Plaintext'
or'JavaScript'
.
'Request headers'
or 'Response headers'
.
To modify network responses.
Plaintext
or Restricted JavaScript.Plaintext
:return
a string which is the response body.responseBody
and responseHeaders
.// Site: http://internetbadguys.com/
return `<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<h1>Bad guys are ${(
responseBody.includes('phish.opendns.com/?url=') ? 'blocked' : 'coming'
)}!</h1>
</body>
</html>`;
JavaScript
or CSS
code to be injected.
'JavaScript'
or 'CSS'
.
devtools > Console
.A stage of the DOM
loading on which the code is injected.
Loading
;Loaded
;Completed
.Begins with a slash '/'
and ends with a slash '/'
.
/./
/faceb(\w{2})k\.[\w]+/
A string that is not a RegExp pattern.
http
facebook.com
/invalid { RegExp/
A JavaScript function body that will be executed inside a sandbox.
Object
, Array
, String
, RegExp
, JSON
, Map
, Set
, Promise
, ...built-in objects;isFinite
, isNaN
, parseInt
, parseFloat
;encodeURI
, encodeURIComponent
, decodeURI
, decodeURIComponent
;crypto
, performance
, atob
, btoa
, fetch
and XMLHttpRequest
.url
, originUrl
, documentUrl
, method
, proxyInfo
, type
(the type of the requested resource), timeStamp
;incognito
(true
if tab in private browsing), pinned
(true
if tab is pinned).async
, hence, await
can be used to perform asynchronous tasks.return
a value.throw
a cloneable value. To see error logs, open the devtools > Console
.