Easy-Inspector

Easy Inspector is a Chrome plugin that allows you to modify the request and response headers and collect the requests being processed for Easy analysis.

Easy-inspector Warehouse: github.com/coconilu/ea…

With the Easy Inspector, you can easily implement the following scenarios:

  1. Bypass the security chain
  2. Modify the cookie
  3. Bypass the same Origin policy

installation

  1. Install it from the Chrome Web store, search for the Easy-Interceptor, and click “Install”

  1. Use Release to download the latest plug-in package and decompress it, open Chrome’s developer mode, load the decompressed extension, and select the decompressed directory

Quick start

1. Go to the Settings page. The tool has only one setup screen, which is accessed by clicking on the plug-in option.

2. The plugin interface is as follows, with two tabs, rules and records:

3. Interface functions

The configuration page is divided into rule TAB and Record TAB

3.1 Rule TAB:

At the top is the Rule master switch, and two buttons: Save configuration and Add Rule:

  1. The main switch can be turned off when the Easy Inspector is not needed and will have no impact on the Internet.
  2. Every time you change the configuration, you need to save the configuration for it to take effect.
  3. You can add more than one Rule at a time and make them all work.

For each rule:

  1. URL matching rule 1.1. The first drop-down box is to select the resource type. If you are not sure which one to select, you are advised to use All 1.2. The second drop-down box is to select the string matching mode, including (include) and (reg). Include means that as long as the string is included in the URL, it is used at the bottomurl.include(str)Match, re is the need to match the regular expression, the underlying useReg(/str/, "i").test(url)Match 1.3. The third input box is a string (corresponding to STR above), depending on the string matching pattern of the second drop-down box
  2. Process request and response headers for matched urls. For each request header, there are add and DELETE operations

Resource types are as follows: “main_frame”, “sub_frame”, “stylesheet”, “script”, “image”, “font”, “object”, “xmlhttprequest”, “ping”, “csp_report”, “media”, “websocket”, or “other”

3.2 Record TAB:

The record TAB collects all matched requests for your analysis:

Supported Service Scenarios

1. Bypass the anti-theft chain

There are some sites that have anti-theft measures for images, most of which verify the referer header, which can be easily circumvented using the Easy Inspector.

For the convenience of demonstration, I put a picture on Cloud COS and set anti-theft chain:

Link to pictures: interceptor-1253621140.cos.ap-nanjing.myqcloud.com/IMG_1380.JP… When you access the image directly, the server returns an error message:

This picture has the following anti-theft Settings:

Now add a rule in the Easy Inspector like this:

If we visit the image again, we can see the content of the image. We can see the request header and response header by recording the TAB:

2. Modify the cookie

Cookies are usually used to verify login status, such as Baidu. If you have logged in to Baidu, your profile picture and name will be displayed at the top of baidu’s home page:

By adding a rule in the Easy Inspector like this:

Visit Baidu again, you will find no login state:

By logging the TAB, you can see that no cookie is attached to the request header of any matched URL.

3. Bypass the same-origin policy

The same origin policy is the security policy of the browser. With the help of Easy Inspector, it is convenient to bypass the same origin policy during the development stage and improve the development happiness index.

For the sake of demonstration, let’s continue using Baidu as an example. Let’s go to another web page (as long as it’s not Baidu, such as Douban) and type the following code on the console:

fetch("https://www.baidu.com/").then(function(res) {
    return res.text()
}).then(function(text) {
    console.log(text)
})
Copy the code

You will see the following error message:

By adding a rule in the Easy Inspector like this:

The effect is as follows:

4. More

HTTP protocol occupies a large part of the Internet world, and many business scenarios can be completed by processing request headers and response headers.

For example, you can disguise your own User Agent by modifying the User-Agent in the request header.

There are many more usage scenarios to explore.

Thank you

This plug-in relies heavily on the Ant Design UI component.

Logo is borrowed from the official website of Aliyun icon (iconfont):