XHR

It’s possible to intercept, adjust and otherwise tamper with a XHR request with javascript in the browser. The most common way of doing this is simply making a pointer reference to the original XMLHttpRequest.prototype.send function, overwriting that function with a new one that does the tampering and then calls the original send function once finished. Here’s an example: const XHR = XMLHttpRequest, XHRopen = XHR.prototype.open; XHR.prototype.open = function() { onFinish(); XHRopen.apply(this, arguments); }; Identifying Tampering It’s very straight forward to identify tampering of the function. Simply ensure that the XMLHttpRequest.prototype.open.toString() === 'function send() { [native code] }'; evaluates to true. The function should always be native code if it wasn’t corrupted or tampered with. ...