Ready-to-run HTTP/HTTPS interceptor scripts for tweaking, debugging & ad-blocking apps on your own device
Block in-app ads · Mock API responses · Rewrite requests · Decrypt HTTPS · Tweak app UI
⭐ Star this repo to unlock more script packs for popular apps ⭐
A community collection of small JavaScript interceptor scripts you can run against your own device's traffic to debug, customize and clean up apps — no root, no jailbreak. Each script hooks the request/response of an HTTP(S) connection and lets you read or modify it on the fly.
These are the kind of scripts power users and developers use to:
- 🚫 Block ads & trackers baked into apps
- 🧪 Mock API responses while building / testing your own app
- ✂️ Rewrite requests — strip tracking params, change headers, redirect URLs
- 🔓 Decrypt & inspect HTTPS bodies (JSON, JWT, protobuf)
- 🎨 Tweak app UI by editing the response your own client receives
⚠️ Use responsibly. These scripts are for inspecting and modifying your own traffic on your own device — debugging, learning, ad-blocking, and testing apps you build. They are not for bypassing paid features, forging data, or attacking services you don't own. See DISCLAIMER.
These scripts use the standard onRequest / onResponse interceptor API.
To run them directly on your phone (no PC needed), you need an on-device proxy
engine that supports JS scripting. The easiest one we've found:
Moni Proxy is a Proxyman/Charles-style HTTP(S) debugging proxy that runs on the device itself and can execute these
onRequest/onResponsescripts live. It's just a suggestion — any tool implementing the same API works — but it's what these snippets are tested against.
👉 Get it for iOS, Android & macOS: moniproxy.com
Steps:
- Install the proxy engine and trust its CA certificate (in-app guide).
- Open Rules → Script → Add, or import a whole pack via Rules → ⋯ → Import config.
- Paste a script from the catalog below, set the URL pattern, and turn it on.
- Open the target app — the script runs automatically on matching requests.
| Pack | What it does | Folder |
|---|---|---|
| 🚫 Ad-block | Remove banner/interstitial ads & analytics beacons — incl. a 🇻🇳 Vietnam pack + auto-updating hostsVN feed | scripts/adblock |
| 🧪 Mock API | Return fake/canned JSON so you can build a UI before the backend exists | scripts/mock |
| ✂️ Rewrite | Strip tracking query params, swap headers, redirect hosts | scripts/rewrite |
| 🔓 Decrypt / inspect | Pretty-print JSON, decode JWT, dump bodies to the console | scripts/decrypt |
| 🎨 UI tweaks | Edit the response your own client renders (themes, flags, copy) | scripts/ui-tweaks |
| 🧰 Utility | Latency simulation, force JSON, custom User-Agent, A/B flags | scripts/utility |
| 🎓 Demo / learn | Fully-commented examples of the core techniques: strip cache headers, parse→edit→re-stringify a JSON body, return a full mock response | scripts/demo |
Every script is a single .js file with inline comments. Copy → paste → run.
New to interceptor scripts? Start with the fully-commented examples in
scripts/demo, then see the companion repo for debugging
apps you build yourself (inspect requests, mock your own API, force UI
states while developing):
// Runs before the request leaves your device.
async function onRequest(context, request) {
// request.url, request.method, request.headers, request.body
request.headers['X-Debug'] = 'moni';
return request; // return null to block the request
}
// Runs after the response arrives, before your app sees it.
async function onResponse(context, request, response) {
// response.statusCode, response.headers, response.body
return response;
}request/responseare plain objects — mutate andreturnthem.console.log(...)prints to the proxy's log console.- You can
await fetch(...)inside a script to call other APIs.
📖 Want to write your own? Read the full guide:
docs/WRITING-SCRIPTS.md — every field on
request / response / context, session state, blocking, URL matching,
recipes and gotchas.
This repo grows with community stars. Hit ⭐ Star and we'll keep publishing new packs:
- 100 ⭐ → "Streaming & video" pack (subtitle injection, quality flags)
- 250 ⭐ → "Social apps" pack (hide sponsored posts, clean feeds)
- 500 ⭐ → "Developer toolkit" pack (GraphQL inspector, gRPC decode)
Watch + Star to get notified when they drop. 👀
PRs welcome! Add a .js file to the right folder with:
- A top comment: what it does + a sample URL pattern.
- Only the legitimate use-cases described in the disclaimer.
See CONTRIBUTING.md.
- 🇻🇳 The Vietnam ad-block scripts (
block-vietnam-ads.js,hostsvn-remote-blocklist.js) use domains from the excellent community project hostsVN by bigdargon. Go ⭐ it.
Learning, demo and reference material only. Everything here is provided solely for education, technique demonstration and reference — to understand how
onRequest/onResponseinterceptor scripting works on traffic and devices you own.
These scripts are strictly prohibited from being used to:
- ❌ Hack, crack, trick, or tamper with apps/services you do not own.
- ❌ Bypass payments, unlock paid features, or forge subscriptions / entitlements / balances of third-party services.
- ❌ Forge data, defeat authentication, or attack, scrape or disrupt any service without authorization.
These scripts are provided for educational, debugging, ad-blocking and personal-customization purposes, to be used on traffic and devices you own or are authorized to test. Do not use them to:
- bypass paid features or licensing of apps you don't own,
- forge balances, credits, or other data of third-party services,
- attack, scrape, or disrupt services without permission.
You are responsible for complying with the Terms of Service of any app you use these with, and with the laws of your jurisdiction. The authors accept no liability for misuse. Licensed under MIT.
Found this useful? Drop a ⭐ — it helps other tinkerers find it.