middlefiddle
Advanced tools
MiddleFiddle is an outbound local proxy which lets to modify your outbound request and responses via Connect middleware. It support HTTP and HTTPS, the latter through a hijacking of the request with locally generated SSL certs.
$ npm install -g middlefiddle
# Depends on Node 0.6.x
$ git clone git://github.com/mdp/middlefiddle.git
$ cd middlefiddle
$ npm install
$ npm link #If you want to use it globally
By default middlefiddle will start logging traffic and modifying requests based on site specific middleware found in '.middlefiddle/sites'
You can find an example in .middlefiddle/sites
# Start middlefiddle with default options
$ middlefiddle
# Proxy will be at port 8080
# and the web logger will be open at port 8411
$ middlefiddle logger
# Now open http://localhost:8411
# Only log for a certain URL
$ middlefiddle logger --url google.com
# Only log certain statuses
$ middlefiddle logger --status 404
# Only log responses containing text
$ middlefiddle logger --grep "setTimeout"
# Also work with regex
$ middlefiddle logger -r --grep "Mark(Percival)?"
# And case insensitive
$ middlefiddle logger -ri --grep "m@mdp\.im"
MiddleFiddle can alter requests based on the host name. You'll find some examples in .middlefiddle/sites
Simple add the middleware to your ~/.middlefiddle/sites directory, with the appropriate hostname. For example, ~/.middlefiddle/sites/github.com.coffee' would get injected on any request to github.com
MiddleFiddle middleware is connect compatible. Anything you can do with Connect, you can do with middlefiddle middleware.
For example, lets say you want to save all the streamed mp3's from Soundcloud.com
Found in soundcloud.com.coffee
fs = require 'fs'
module.exports = (Mf) ->
(req, res, next) ->
res.on 'body', ->
if res.headers["content-type"] == 'audio/mpeg'
fileName = req.path.replace(/^[a-zA-Z]/, '').split('.')[0]
path = "#{process.env["HOME"]}/Downloads/soundcloud#{fileName}.mp3"
fs.writeFile path, res.body, ->
console.log "Saved #{res.body.length} bytes to #{path}"
next()
In this case we used the MiddleFiddle helper 'replace'
Found in github.com.coffee
module.exports = (Mf) ->
replacement = (string, req, res) ->
contentType = res.headers['content-type'] || ''
if contentType.search(/html/) >= 0
string.replace(/repositories/ig, "suppositories")
else
false
return Mf.replace(replacement)
Here we are going to change the user agent to GoogleBot
Found in ft.com.coffee
module.exports = (Mf) ->
# I'm the Google, let me in!
(req, res, next) ->
req.headers['user-agent'] = "GoogleBot"
next()
By default MiddleFiddle logs all outbound traffic to a web based logger on localhost:8411
MiddleFiddle looks for a .middlefiddle directory in the current working directory, or at ~/.middlefiddle.
Inside you'll find a config.coffee file, https certs, and a sites directory.
You'll need to add the https certs to you keychain if you want to avoid the browser warning. The certs are generated on the first launch of middlefiddle and are therefor unique to each machine.
When an HTTPS request is first seen, MiddleFiddle generates a certificate for that domain, signs it with it's own generated root cert, and stores the cert for future use in ~/.middlefiddle/certs
In order to make this look legit to your browser, you'll need to add the generated root cert in ~/.middlefiddle/ca.crt to your keychain. This cert is auto generated just for your machine, so you won't be compromising your browser security.
Connect typically doesn't have a simple way to hijack downstream responses since it's streaming, so middlefiddle emits events on the response along with writing to the stream.
res.on 'data', (chunk) ->
console.log chunk.toString()
res.on 'end', (chunk) ->
console.log chunk.toString()
res.on 'close', (chunk) ->
console.log "Closed response"
You've also got a couple helper properties:
Response headers can be modified before they are sent to the browser. Just wait till they're available:
Example in add_csp.coffee
Modifying the a response body means buffering the stream, waiting for it to finish, then making the replacement and sending it back downstream. The 'replace' middleware provides this.
Tests can be run from within the repo
npm install
npm test
Criticism is gladly accepted as long as it's in the form of a pull request.
MiddleFiddle is written in CoffeeScript. It's set
up with a Cakefile for building files in src/ to lib/ and running
tests with nodeunit. There's also a docs task that generates Docco
documentation from the source in src/.
Released under the MIT license.
Mark Percival m@mdp.im
FAQs
Middleware as a proxy for HTTP/HTTPS traffic
The npm package middlefiddle receives a total of 3 weekly downloads. As such, middlefiddle popularity was classified as not popular.
We found that middlefiddle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.
Security News
Socket CEO Feross Aboukhadijeh joins 10 Minutes or Less, a podcast by Ali Rohde, to discuss the recent surge in open source supply chain attacks.
Research
/Security News
Campaign of 108 extensions harvests identities, steals sessions, and adds backdoors to browsers, all tied to the same C2 infrastructure.