3a7fc8fd40
This series of changes introduces a wide range of improvements to your spy-debugger codebase, focusing on modernization, readability, maintainability, accessibility, and robustness.
Key changes include:
1. **JavaScript Modernization (src/):**
* Replaced all `var` declarations with `let` or `const`.
* Updated deprecated `Buffer` constructor to `Buffer.from()`.
* Removed `require('babel-polyfill')` from source code as it's likely unnecessary for modern Node.js versions.
* Refactored asynchronous operations in `src/index.js` and `src/weinre/weinreDelegate.js` from callbacks/Promise chains to use `async/await`, improving code clarity and simplifying control flow.
2. **HTML Template Enhancements (template/):**
* Added `lang` attributes to `<html>` tags for better accessibility.
* Improved accessibility of interactive elements:
* Added `aria-hidden="true"` to purely presentational icons.
* Added `role="button"` and `tabindex="0"` to `div` elements acting as buttons.
* Added accessible names (`aria-label`) to icon-only links (e.g., GitHub link).
* Added `title` attributes to `<iframe>` elements.
* Removed obsolete `frameborder="0"` attributes from iframes.
* Commented out an outdated `clear:both` div.
* In `template/wrap.html`, moved inline CSS to an external file (`template/wrap.css`) and inline JavaScript to an external file (`template/wrap.js`), improving code organization.
3. **Server-Side Logic and Error Handling:**
* Enhanced robustness of AnyProxy child process management in `src/proxy/spyProxy.js` (including timeouts and better exit/error handling).
* Created a new logging utility (`src/util/logger.js`) using the `colors` library for standardized and styled console output.
* Replaced deprecated `domain` error handling with `async/await try/catch` blocks in `src/weinre/weinreDelegate.js`.
* Integrated the new logger in `src/index.js` and `src/weinre/weinreDelegate.js`, improving consistency and clarity of log messages.
4. **Code Duplication Refactoring:**
* Created `src/util/portUtil.js` with a `findFreePort()` utility, now used in `src/proxy/externalChildProcess.js` and `src/weinre/weinreDelegate.js`.
* Created `src/util/sysUtil.js` with an `openUrlInBrowser()` utility, now used in `src/weinre/weinreDelegate.js`.
5. **Dependency Review and Initial Cleanup:**
* Removed `babel-polyfill` from `package.json` dependencies.
* **Identified Critical Concerns:**
* The bundled `buildin_modules/weinre` appears to use Express 3.x, which is severely outdated and has known security vulnerabilities. Apache Weinre itself is retired. This is a major security risk.
* Many other dependencies (e.g., `commander`, `colors`, `anyproxy`) are significantly outdated.
* The project uses the Babel 6 build system, which is outdated.
* The project is missing a lockfile (`package-lock.json` or `yarn.lock`).
* These critical dependency issues require manual developer intervention.
Overall, these changes aim to make the `spy-debugger` codebase more modern, secure, maintainable, and user-friendly. The most pressing remaining issue is the outdated and vulnerable bundled Weinre module.
About spy-debugger
Spy-debugger is one-stop pages inspection and debugger proxy. Spy-debugger can inspect and debugger all the mobile end browers and webview HTML page within the request of HTTP and HTTPS, such as Wechat, Facebook, HybridApp and so on.
语言: 中文
Functions
1、HTML page inspection + debugger
2、Easy to use
3、Support HTTPS
4、spy-debugger integrated weinre、node-mitmproxy、AnyProxy
5、spy-debugger automately overlooks the HTTPS requests from native App, and it only intercepts the HTTPS requests from webview. It will not cause any impacts to the native App that used SSL pinning.
6、spy-debugger can be better to use other debugger proxies such as Charles. the default debugger proxy in spy-debugger is AnyProxy.(Set up the exterior proxy)
Demo
Page inspection
Debugger
Install
Windows
npm install spy-debugger -g
Mac
sudo npm install spy-debugger -g
Only 3 mins to set up
Step 1: The mobile and PC must be under the same network (both of devices connect same Wi-Fi)
Step 2: Input spy-debugger in the command line and input the address on the brower according the command line's tip.
Step 3: Set up proxy on the mobile device. The proxy IP address must be same to the PC device. the port must be spy-debugger's start port(default port: 9888).
Step 4: Install certification to your mobile phone. note: moblie device must be set up well the proxy first and browe http://spydebugger.com/cert by the default brower on the phone.(QR code)Install certification(Only the first time need to install it.)
Step 5: Use any installed browers on the mobile device to open the web page that you want to debugger or inspect.
Manual Options
Port
(Default Port: 9888)
spy-debugger -p 8888
Set up the exterior proxy (default proxy AnyProxy)
spy-debugger -e http://127.0.0.1:8888
spy-debugger supply AnyProxy as default proxy, but you can only set up the exterior proxy to instead of the default proxy such as Charles, Fiddler.
whether weinre watch iframe load page
(default: false)
spy-debugger -i true
whether intercept the HTTPS requests from the brower.【not working in iOS 15】
(default: false)
spy-debugger -b true
There are some browers that send the connect request with incorrected userAgent. Sometimes this would cause error. such as UC brower. In this case, spy-debugger -b false can fix this error. In most cases we suggest using the default value true. Now there are many native Apps send request with SSL pinning. Manual certification will not pass native app certification.
whether allow HTTP cache
(default: false)
spy-debugger -c true
More
spy-debugger integrated weinre,simplified that weinre needs to add javascript code to each page. spy-debugger intercepted the javascript code that need inject to weinre when the HTML page send the requests. it can make inspection and debugger easier to use.