How to bypass subresources integrity check by autoresponder and rules

2 Answers 459 Views
Fiddler Classic
Clyde
Top achievements
Rank 1
Clyde asked on 16 Jul 2023, 01:25 AM

I want to use fiddler to switch the javascript files

I've solve the cors policy, but I don't know to to set the rules to allow my script bypass the integrity tags

looking for help

2 Answers, 1 is accepted

Sort by
0
Nick Iliev
Telerik team
answered on 18 Jul 2023, 05:35 AM

Hey Clyde,

 

The integrity check failure usually means that the application is instructed to check the SHA of the expected resource and to fail if the SHA is not as expected. You probably need to make the change within the application (that forces the integrity check), as the in-app logic is preventing the usage of modified resources. Of course, this will work only if you can access the server application that is requesting the integrity check.

As a side note, you could try to clear the browser cache by explicitly modifying the HTTP headers related to caching.

 

Regards,
Nick Iliev
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Clyde
Top achievements
Rank 1
commented on 22 Jul 2023, 03:48 AM

good ideal, just want to know what I should write in fiddler script to help my javascript be recognized as a formal script, I don't know to much about how to write fiddler script codes. I'll be glad if you provide me some code snippets.
0
Neha
Top achievements
Rank 2
Iron
Iron
answered on 21 Jul 2023, 12:17 PM

Try this

if (oSession.oResponse.MIMEType == "text/html" && oSession.utilFindInResponse("integrity=", false) > 0) {
    // Modify the response here to remove or modify the integrity attributes.
    oSession.utilReplaceInResponse("<script", "<script integrity=\"bypassed\"");
}
i hope it will work.
Clyde
Top achievements
Rank 1
commented on 22 Jul 2023, 03:59 AM

this really remove half of the problem, here's the website which I want to alter the client side's javascript. Just don't know that much abotu javascript so tend to use fiddler to replaces scripts. I seems integrity overwites almsot all the integrity check. but I still can't solve the issue when the web app's booter apending all the modules and hashing them, and delete them, just want to know whether there's a method to detect all the script integrity attribute and modified them
Tags
Fiddler Classic
Asked by
Clyde
Top achievements
Rank 1
Answers by
Nick Iliev
Telerik team
Neha
Top achievements
Rank 2
Iron
Iron
Share this question
or