Proxy Logic modification
Opened this issue · 0 comments
The proxy only make the requests using the hooked browser if the response is "text/html". that means that for JS, png, etc, it will try to obtain the information and will use the browser in cases in which it has no authorization.
The main reason of this is the use of external resources on websites, if a website is trying to fetch an external JS, we won't be able to obtain it using the hooked browser, and the attacker client won't work correctly.
I would like to modify this logic, The proxy will try to obtain this content using the hooked browser, and if the CORS does not allow us to obtain non "text/html" resources, we will obtain them using normal requests, this will fix possible problems hooking internal web applications.