Skip to content

4. How to manipulate requests

Tamás Kőhegyi edited this page Dec 20, 2023 · 9 revisions

Main access and manipulation methods of the requests

By implementing the Request Interceptor, via its process method we will have access to the actual request. The request is available via the website.magyar.mitm.proxy.http.MitmJavaProxyHttpRequest class. Let's assume that the request will be available via the request variable:

public void process(final MitmJavaProxyHttpRequest request) {
        //here you may work with the "request"
    }

Main manipulation methods are the followings:

Header access

Header[] allHeaders = request.getMethod().getAllHeaders();  //to get all headers
Header header = request.getMethod().getFirstHeader(String headerKey); //get first header with the specified key
Header header = request.getMethod().getLastHeader(String headerKey); //get last header with the specified key

Header manipulation

To add a new header:

request.getMethod.addHeader(String headerKey, String headerValue); //adds a new header

In order to alter an existing header, first search for it, remove it then add with a new value:

Header header = request.getMethod().getFirstHeader(String headerKey); //search for it
request.getMethod().removeHeader(header); //remove it first
request.getMethod().addHeader(String headerKey, String headerValue); //update it by re-adding with another value

Finally, to remove a specific header, call:

request.getMethod().removeHeader(header); //remove the specific header (you might need to search for it first)

Body access

The message body will be accessible as an InputStream, this way:

InputStream clonedInputStream = request.getPlayGround();

Since this InputStream is used by the Proxy, if you read it, you must restore its initial state in order to let the Proxy read it again. See an example for the right approach, when a request is plain text:

InputStream clonedInputStream = request.getPlayGround();
clonedInputStream.mark(8192);                           //this number may depend on the size of the request body
String body = IOUtils.toString(clonedInputStream);      //now String "body" will contain the request body
clonedInputStream.reset();

Of course, if the request is encoded (like gzip), you need to decode it too.

Body manipulation

The request body can be manipulated too. You must (well) prepare your request body as byte[], then use the following approach to update the request:

byte[] newBody = //here prepare your new body
request.setBody(newBody);

In case it is necessary to change the content-type too, then the related Header need to be replaced:

Header header = request.getMethod().getFirstHeader("Content-Type");
request.getMethod().removeHeader(header);
request.getMethod().addHeader("Content-Type", "application/json"); //or whatever content-type you would like to set

Overwrite the target URI

The actual URI can be accessed this way:

URI uri = request.getMethod().getURI();

Here you may manipulate the URI as you want, you may even generate and use a brand new URI:

request.getMethod().setURI(URI newURI);

BUT! Beware that if you change the port or the target server name/IP, that will really ask the Proxy to use the new/updated URI, so the request will be targeted to another server, not to the original one.

Specifying the response volatility

Response volatility (if the responses can be altered or not) shall be declared in advance. The general approach is determined via Proxy settings, but can be overwritten latest during the process of the request. So to set whether the response will be volatile or not, can be set by this command:

request.setResponseVolatile(boolean isVolatile);

Get Message ID

Every request-response pair has a unique ID generated by the Proxy. With this information the requests can be connected to right responses easily. To get the Request ID, call this method: String messageId = request.getMessageId()

Next Step

After accessing and manipulating the request, you are ready to access and manipulate the responses too.