darkfe/fiddlerscript.js

## fiddlerscript.js
static function InsertTextToResponseBody(oSession: Session, place:String, text:String){
    oSession['ui-backcolor'] = 'Orange';
    oSession.utilDecodeResponse();
    var rPattern = /'(?:[^\\']|\\.)*'|"(?:[^\\"]|\\.)*"|<(\/?(?:head|body))[^<>]*>/ig;
    var oBody = '';
    //简单判断一下编码..尼玛
    if( /\butf-8\b/.test(oSession.oResponse.headers['Content-Type'].ToLower())){
        oBody = System.Text.Encoding.UTF8.GetString(oSession.responseBodyBytes);
    }else{
        oBody = System.Text.Encoding.Default.GetString(oSession.responseBodyBytes);
        if(/<meta[^<>]*?charset="?utf-8"?/ig.test(oBody)){
            oBody = System.Text.Encoding.UTF8.GetString(oSession.responseBodyBytes);
        }
    }
    oBody = oBody.replace(rPattern,
    function($match,$pre){
        var ret = $match;
        switch(place){
            case 'afterHeadStart':
                    $pre == 'head' && (ret = $match + text);
                    break;
            case 'beforeHeadEnd':
                    $pre == '/head' && (ret = text + $match);
                    break;
            case 'afterBodyStart':
                    $pre == 'body' && (ret = $match + text);
                    break;
            case 'beforeBodyEnd':
                    $pre == '/body' && (ret = text + $match);
                break;  ;
        }
        return ret;
    });
    oSession.utilSetResponseBody(oBody);
}

static function InsertAfterHeadStart(oSession: Session, text){
    Handlers.InsertTextToResponseBody(oSession, 'afterHeadStart', text);
}
static function InsertAfterBodyStart(oSession: Session, text){
    Handlers.InsertTextToResponseBody(oSession, 'afterBodyStart', text);
}
static function InsertBoforeHeadEnd(oSession: Session, text){
    Handlers.InsertTextToResponseBody(oSession, 'beforeHeadEnd', text);
}
static function InsertBoforeBodyEnd(oSession: Session, text){
    Handlers.InsertTextToResponseBody(oSession, 'beforeBodyEnd', text);
}
/*
调用方式
*/
static function OnBeforeResponse(oSession: Session) {
  if( oSession.url == 'www.baidu.com/'){
      Handlers.InsertAfterHeadStart(oSession,'<script>alert(1)</script>');
  }
}
	static function InsertTextToResponseBody(oSession: Session, place:String, text:String){
	oSession['ui-backcolor'] = 'Orange';
	oSession.utilDecodeResponse();
	var rPattern = /'(?:[^\\']\|\\.)'\|"(?:[^\\"]\|\\.)"\|<(\/?(?:head\|body))[^<>]*>/ig;
	var oBody = '';
	//简单判断一下编码..尼玛
	if( /\butf-8\b/.test(oSession.oResponse.headers['Content-Type'].ToLower())){
	oBody = System.Text.Encoding.UTF8.GetString(oSession.responseBodyBytes);
	}else{
	oBody = System.Text.Encoding.Default.GetString(oSession.responseBodyBytes);
	if(/<meta[^<>]*?charset="?utf-8"?/ig.test(oBody)){
	oBody = System.Text.Encoding.UTF8.GetString(oSession.responseBodyBytes);
	}
	}
	oBody = oBody.replace(rPattern,
	function($match,$pre){
	var ret = $match;
	switch(place){
	case 'afterHeadStart':
	$pre == 'head' && (ret = $match + text);
	break;
	case 'beforeHeadEnd':
	$pre == '/head' && (ret = text + $match);
	break;
	case 'afterBodyStart':
	$pre == 'body' && (ret = $match + text);
	break;
	case 'beforeBodyEnd':
	$pre == '/body' && (ret = text + $match);
	break; ;
	}
	return ret;
	});
	oSession.utilSetResponseBody(oBody);
	}

	static function InsertAfterHeadStart(oSession: Session, text){
	Handlers.InsertTextToResponseBody(oSession, 'afterHeadStart', text);
	}
	static function InsertAfterBodyStart(oSession: Session, text){
	Handlers.InsertTextToResponseBody(oSession, 'afterBodyStart', text);
	}
	static function InsertBoforeHeadEnd(oSession: Session, text){
	Handlers.InsertTextToResponseBody(oSession, 'beforeHeadEnd', text);
	}
	static function InsertBoforeBodyEnd(oSession: Session, text){
	Handlers.InsertTextToResponseBody(oSession, 'beforeBodyEnd', text);
	}
	/*
	调用方式
	*/
	static function OnBeforeResponse(oSession: Session) {
	if( oSession.url == 'www.baidu.com/'){
	Handlers.InsertAfterHeadStart(oSession,'<script>alert(1)</script>');
	}
	}