dimanche 28 juin 2015

Spoofing xmlhttprequest (greasemonkey)

I am blocking an XMLHttpRequest from greasemonkey but the page bugs when it gets no response. So i tried spoofing as if the response is recieved. Unforunetly it seems XMLHttpRequest has fields read-only. So i created a fake object :

fakeresponse = "for (;;);"+JSON.stringify(fakeresponse);


var xhr2 = {};
xhr2.readyState = 0;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 1;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 2;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 3;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.response = fakeresponse;
xhr2.responseText = fakeresponse;
xhr2.responseXML = fakeresponse;
xhr2.status = 200;
xhr2.readyState = 4;

if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);

the object is :

Object {response: "for (;;);{"__ar":1,"payload":{"actions":[{"..."},"bootloadable":{},"ixData":{},"lid":"0"}", responseText: "for (;;);...", responseXML: "for (;;);....", status: 200, readyState: 4}

but nothing happens.. is there any other way i can simulate this or do i have to dive in deep with a debugger ? also the page uses a library rather than pure xhr object, can that be an issue ?

Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)