While debugging a client app that uses a Google backend, I have added some debugging versions of the functions and inserted them using the Chrome Developer Tools script editor.

However there are a number of limitations with this approach, first is that the editor doesn't seem to always work with de-minified files, and when the JS file is 35K lines long, this is a problem.

Another issue is that all the initialization that is done during load time, uses the original "unpatched" functions, hence this is not ideal.

I would like to replace the remote javascript.js file with my own local copy, presumably using some regex on the file name, or whatever strategy was suitable, I am happy to use either Firefox or Chrome, if one was easier than the other.

While debugging a client app that uses a Google backend, I have added some debugging versions of the functions and inserted them using the Chrome Developer Tools script editor.

However there are a number of limitations with this approach, first is that the editor doesn't seem to always work with de-minified files, and when the JS file is 35K lines long, this is a problem.

Another issue is that all the initialization that is done during load time, uses the original "unpatched" functions, hence this is not ideal.

I would like to replace the remote javascript.js file with my own local copy, presumably using some regex on the file name, or whatever strategy was suitable, I am happy to use either Firefox or Chrome, if one was easier than the other.

• javascript
• google-chrome
• firebug
• greasemonkey

• Duplicate of Replace jQuery version of a page with Greasemonkey -- which shows how to replace remote JS with a local version. – Brock Adams Commented Oct 16, 2011 at 3:10
• 1 @Brock Adams that solution is windows specific and will not work on a unix-y OS. Don't know if that matters for OP, but it'd be nice if someone had a universal solution. – Daniel Mendel Commented Oct 16, 2011 at 3:57
• @Daniel Mendel, there are 2 solutions there. One will probably work for the OP as odds-are he's on windows. The other solution is not limited to Windows, but also explains the limitations that trying to do this with a userscript, or Greasemonkey face (although the answer may work better when ported to Chrome -- something I didn't test since I only use Chrome sparingly). – Brock Adams Commented Oct 16, 2011 at 4:39
• @BrockAdams fair enough, I guess the fact is that the only seamless way to achieve this is to get in between the browser and network where you can spoof the request, and such a solution will always end up being OS specific since it's basically a self inflicted man-in-the-middle attack. Any universal solution would be after the request cycle is finished, thus the hassles. – Daniel Mendel Commented Oct 16, 2011 at 4:48
• 1 If this doesn't get a satisfactory, cross-OS answer, I'll put up a bounty once SO lets me. – Yahel Commented Oct 16, 2011 at 21:25

1 Answer 1

So basically, as @BrockAdams identified, there are a couple of solutions to these types of problem depending on the requirements, and they follow either 1 of 2 methods.

1. the browser API switcharoo.
2. The proxy based interception befiddlement.

the browser API switcharoo. Both firefox and chrome support browser extensions that can take advantage of platform specific APIs to register event handlers for "onbeforeload" or "onBeforeRequest" in the case of firefox and chrome respectively. The chrome APIs are currently experimental, hence these tools are likely to be better developed under firefox. 2 tools that definitely do something like what is required are AdBlock plus and Jsdeminifier both of which have the source code available.

The key point for these 2 firefox apps is that they intercept the web request before the browser gets its hands on it and operate on the other side of the http/https encrpytion stage, hence can see the decrypted response, however as identified in the other post that they don't do the whole thing, although the jsdeminifier was very useful, I didn't find a firefox plugin to do exactly what I wanted, but I can see from those previous plugins, that it is possible with both firefox and chrome. Though they don't actually do the trick as required.

The proxy based interception befiddlement This is definitely the better option in a plain HTTP environment, there are whole bunch of proxies such as pivoxy, fiddler2, Charles Web HTTP proxy, and presumably some that I didn't look at specifically such as snort that support filtering of some sort.

The simplest solution for myself was foxyproxy and privoxy on firefox, and configure a user.action and user.filter to detect the url of the page, and then to apply a filter which swapped out the original src tag, for my own one.

The https case. proxy vs plugin When the request is https the proxy can't see the request url or the response body, so it can't do the cool swapping stuff. However there is one option available for those who like to mess with their browser. And that is the man-in-the-middle SSL proxy. The Charles Web HTTP proxy appears to be the main solution to this problem. Basically the way it works is that when your browser makes a request to the remote HTTPS server, the ssl proxy intercepts the request and from the ip address of the server generates a server certificate on the fly, which it signs with its own root CA, and sends back to the browser. The browser obviously complains about the self-signed cert, but here you can choose to install the ssl proxy root CA cert into the browser, befuddling the browser and allowing the ssl proxy to man in the middle and make replacements and filters on the raw response body.

Alternative roll your own chrome extension I decided to go with rolling my own chrome extension, which I am planning to make available. Currently its in a very hardcoded to my own requirements state, but it works pretty good, even for https requests and another benefit is that a browser plugin solution can be more tightly integrated with the browser developer tools.