Spoofing xmlhttprequest (greasemonkey)

664 Views Asked by At

I am blocking an XMLHttpRequest from greasemonkey but the page bugs when it gets no response. So i tried spoofing as if the response is recieved. Unforunetly it seems XMLHttpRequest has fields read-only. So i created a fake object :

fakeresponse = "for (;;);"+JSON.stringify(fakeresponse);


var xhr2 = {};
xhr2.readyState = 0;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 1;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 2;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.readyState = 3;
if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);
xhr2.response = fakeresponse;
xhr2.responseText = fakeresponse;
xhr2.responseXML = fakeresponse;
xhr2.status = 200;
xhr2.readyState = 4;

if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange.call(xhr2);

the object is :

Object {response: "for (;;);{"__ar":1,"payload":{"actions":[{"..."},"bootloadable":{},"ixData":{},"lid":"0"}", responseText: "for (;;);...", responseXML: "for (;;);....", status: 200, readyState: 4}

but nothing happens.. is there any other way i can simulate this or do i have to dive in deep with a debugger ? also the page uses a library rather than pure xhr object, can that be an issue ?

1

There are 1 best solutions below

0
On BEST ANSWER
(function(xhr, value){
Object.defineProperty(xhr, "response", {
  get: function() {
    return value;
  }
});

Object.defineProperty(xhr, "responseText", {
  get: function() {
    return value;
  }
});

Object.defineProperty(xhr, "responseXML", {
  get: function() {
    return value;
  }
});
Object.defineProperty(xhr, "status", {
  get: function() {
    return 200;
  }
});
})(xhr, fakeresponse);

Object.defineProperty(xhr, "readyState", {
  get: function() {
    return 4;
  }
});

if(xhr.onreadystatechange!==undefined) xhr.onreadystatechange();