Skip to content

anhvq25/awesome-moni-scripts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

🛠️ Awesome Moni Scripts

Ready-to-run HTTP/HTTPS interceptor scripts for tweaking, debugging & ad-blocking apps on your own device

Block in-app ads · Mock API responses · Rewrite requests · Decrypt HTTPS · Tweak app UI

Scripts License: MIT PRs Welcome Platform

Star this repo to unlock more script packs for popular apps


🔍 What is this?

A community collection of small JavaScript interceptor scripts you can run against your own device's traffic to debug, customize and clean up apps — no root, no jailbreak. Each script hooks the request/response of an HTTP(S) connection and lets you read or modify it on the fly.

These are the kind of scripts power users and developers use to:

  • 🚫 Block ads & trackers baked into apps
  • 🧪 Mock API responses while building / testing your own app
  • ✂️ Rewrite requests — strip tracking params, change headers, redirect URLs
  • 🔓 Decrypt & inspect HTTPS bodies (JSON, JWT, protobuf)
  • 🎨 Tweak app UI by editing the response your own client receives

⚠️ Use responsibly. These scripts are for inspecting and modifying your own traffic on your own device — debugging, learning, ad-blocking, and testing apps you build. They are not for bypassing paid features, forging data, or attacking services you don't own. See DISCLAIMER.


▶️ How to run these scripts

These scripts use the standard onRequest / onResponse interceptor API. To run them directly on your phone (no PC needed), you need an on-device proxy engine that supports JS scripting. The easiest one we've found:

📲 Moni Proxy — HTTP debugger with JS scripting (iOS / Android / macOS)

Moni Proxy is a Proxyman/Charles-style HTTP(S) debugging proxy that runs on the device itself and can execute these onRequest/onResponse scripts live. It's just a suggestion — any tool implementing the same API works — but it's what these snippets are tested against.

👉 Get it for iOS, Android & macOS: moniproxy.com

Steps:

  1. Install the proxy engine and trust its CA certificate (in-app guide).
  2. Open Rules → Script → Add, or import a whole pack via Rules → ⋯ → Import config.
  3. Paste a script from the catalog below, set the URL pattern, and turn it on.
  4. Open the target app — the script runs automatically on matching requests.

📚 Script catalog

Pack What it does Folder
🚫 Ad-block Remove banner/interstitial ads & analytics beacons — incl. a 🇻🇳 Vietnam pack + auto-updating hostsVN feed scripts/adblock
🧪 Mock API Return fake/canned JSON so you can build a UI before the backend exists scripts/mock
✂️ Rewrite Strip tracking query params, swap headers, redirect hosts scripts/rewrite
🔓 Decrypt / inspect Pretty-print JSON, decode JWT, dump bodies to the console scripts/decrypt
🎨 UI tweaks Edit the response your own client renders (themes, flags, copy) scripts/ui-tweaks
🧰 Utility Latency simulation, force JSON, custom User-Agent, A/B flags scripts/utility
🎓 Demo / learn Fully-commented examples of the core techniques: strip cache headers, parse→edit→re-stringify a JSON body, return a full mock response scripts/demo

Every script is a single .js file with inline comments. Copy → paste → run.


🎓 Demo — debug your own app

New to interceptor scripts? Start with the fully-commented examples in scripts/demo, then see the companion repo for debugging apps you build yourself (inspect requests, mock your own API, force UI states while developing):

👉 ios-script-proxy


✨ The scripting API (cheat-sheet)

// Runs before the request leaves your device.
async function onRequest(context, request) {
  // request.url, request.method, request.headers, request.body
  request.headers['X-Debug'] = 'moni';
  return request;            // return null to block the request
}

// Runs after the response arrives, before your app sees it.
async function onResponse(context, request, response) {
  // response.statusCode, response.headers, response.body
  return response;
}
  • request / response are plain objects — mutate and return them.
  • console.log(...) prints to the proxy's log console.
  • You can await fetch(...) inside a script to call other APIs.

📖 Want to write your own? Read the full guide: docs/WRITING-SCRIPTS.md — every field on request / response / context, session state, blocking, URL matching, recipes and gotchas.


🌟 Unlock more packs

This repo grows with community stars. Hit ⭐ Star and we'll keep publishing new packs:

  • 100 ⭐ → "Streaming & video" pack (subtitle injection, quality flags)
  • 250 ⭐ → "Social apps" pack (hide sponsored posts, clean feeds)
  • 500 ⭐ → "Developer toolkit" pack (GraphQL inspector, gRPC decode)

Watch + Star to get notified when they drop. 👀


🤝 Contributing

PRs welcome! Add a .js file to the right folder with:

  1. A top comment: what it does + a sample URL pattern.
  2. Only the legitimate use-cases described in the disclaimer.

See CONTRIBUTING.md.


🙏 Credits


📖 Purpose

Learning, demo and reference material only. Everything here is provided solely for education, technique demonstration and reference — to understand how onRequest/onResponse interceptor scripting works on traffic and devices you own.

🚫 Prohibited use

These scripts are strictly prohibited from being used to:

  • ❌ Hack, crack, trick, or tamper with apps/services you do not own.
  • ❌ Bypass payments, unlock paid features, or forge subscriptions / entitlements / balances of third-party services.
  • ❌ Forge data, defeat authentication, or attack, scrape or disrupt any service without authorization.

⚖️ Disclaimer

These scripts are provided for educational, debugging, ad-blocking and personal-customization purposes, to be used on traffic and devices you own or are authorized to test. Do not use them to:

  • bypass paid features or licensing of apps you don't own,
  • forge balances, credits, or other data of third-party services,
  • attack, scrape, or disrupt services without permission.

You are responsible for complying with the Terms of Service of any app you use these with, and with the laws of your jurisdiction. The authors accept no liability for misuse. Licensed under MIT.


Found this useful? Drop a ⭐ — it helps other tinkerers find it.

About

Ready-to-run HTTP/HTTPS interceptor scripts to tweak, debug & ad-block apps on your own device. Block ads, mock APIs, rewrite requests, decrypt HTTPS — no root.

Topics

Resources

License

Contributing

Stars

3 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors