-
Notifications
You must be signed in to change notification settings - Fork 6
5. How to manipulate responses
Note: Response manipulation feature become available in V2.0.19.x version of mitmJavaProxy.
By implementing the Response Interceptor, via its process method we will have access to the actual response. The response is available via the website.magyar.mitm.proxy.http.MitmJavaProxyHttpResponse class. Let's assume that the response will be available via the response variable:
public void process(final MitmJavaProxyHttpResponse response) {
//here you may work with the "response"
}The main response manipulation methods are the following:
Detect if Response is volatile or not
Response volatility (if the responses can be altered or not) shall be declared in advance. The general approach is determined via Proxy settings, but can be overwritten latest during the process of the request. This means, when the response arrives, it is already defined if it can be altered (volatile) or not (not volatile). This method call will let you know the truth:
boolean isResponseVolatile = response.isResponseVolatile();If it is true, you may alter the response, but if it is false, you just can access/investigate the message but cannot alter it (even if you try, it won't work).
Header access
See examples below about how to access and manipulate the headers:
Header[] allHeaders;
if (response.getRawResponse() != null) {
allheaders = response.getRawResponse().getAllHeaders(); //to get all response headers
}
Header header = response.getHeader(String headerKey); //get response header with the specified key
Header[] headers = response.getRequestHeaders(); //to get all **request** headers - of course this cannot be altered in response
response.addHeader(new BasicHeader(String headerKey, String headerValue)); //adds a new response header
response.updateHeader(Header headerToBeUpdated, String newValue); //updates an existing header with a new value
response.removeHeader(Header header); //removes the specified response headerContent-Type
String contentType = response.getContentType(); //get the content type of the response
response.setContentType(String contentType); //sets the content type (technically adds/replaces the 'Content-Type' header)Status Code
int status = response.getStatus(); //gets the actual status code of the response
response.getRawResponse().setStatusCode(int statusCode); //sets the response status codeBody access
The message body will be accessible as a String, this way:
String body = response.getBodyString();Also there are two Proxy settings those influence the return value of the method above.
- ProxyServer.setCaptureContent(boolean) - set it to true in order to have the response body available via getBodyString() method.
- ProxyServer.setCaptureBinaryContent(boolean) - set it to true in order to have the response body available via getBodyString() in case of non-text contents.
In both cases a 'Content-Type' response header is a must, otherwise the getBodyString() method will return with null value.
The raw body can be accessed this way:
byte[] body = response.getBodyBytes();This way the body content is available as byte[]. This is the true raw body, so for example in case the request is encoded (like gzipped), you need to decode it too.
Body manipulation
The response body can be manipulated too. You must (well) prepare the response as byte[], then use the following approach to update the response:
byte[] newBody = //prepare your new body
try {
response.setBody(newBody);
} catch (IOException e) {
//handle this properly
}Get Message ID
Every request-response pair has a unique ID generated by the Proxy. With this information the requests can be connected to right responses easily.
To get the Response ID, call this method: String messageId = response.getEntry().getMessageId()
Next Step
After accessing and manipulating the request & response, you are ready for a much complex solution.