Version 1.0.1

Author: saltify7

caido.config.ts

@@ -12,7 +12,7 @@ export default defineConfig({
   id,
   name: "Authify",
   description: "Plugin for seamless Authorization testing of user roles",
-  version: "1.0.0",
+  version: "1.0.1",
   author: {
     name: "Saltify",
     email: "saltify7@gmail.com",

packages/backend/src/index.ts

@@ -868,7 +868,7 @@ export type API = DefineAPI<{
   getCurrentProjectId: typeof getCurrentProjectId;
   saveMatchReplaceRules: typeof saveMatchReplaceRules;
   getMatchReplaceRules: typeof getMatchReplaceRules;
-  applyMatchReplaceRules: (sdk: SDK, body: string) => string;
+  applyMatchReplaceRules: (sdk: SDK, body: string, requestLine?: string, headers?: Record<string, string>) => { body: string; requestLine?: string; headers?: Record<string, string> };
   hasEnabledMatchReplaceRules: (sdk: SDK) => boolean;
   storeHttpqlFilter: typeof storeHttpqlFilter;
   getStoredHttpqlFilter: typeof getStoredHttpqlFilter;
@@ -893,7 +893,7 @@ export async function init(sdk: SDK<API, BackendEvents>) {
   sdk.api.register("getCurrentProjectId", getCurrentProjectId);
   sdk.api.register("saveMatchReplaceRules", saveMatchReplaceRules);
   sdk.api.register("getMatchReplaceRules", getMatchReplaceRules);
-  sdk.api.register("applyMatchReplaceRules", (sdk: SDK, body: string) => applyMatchReplaceRules(body).body);
+  sdk.api.register("applyMatchReplaceRules", (sdk: SDK, body: string, requestLine?: string, headers?: Record<string, string>) => applyMatchReplaceRules(body, requestLine, headers));
   sdk.api.register("hasEnabledMatchReplaceRules", (sdk: SDK) => hasEnabledMatchReplaceRules());
   sdk.api.register("storeHttpqlFilter", storeHttpqlFilter);
   sdk.api.register("getStoredHttpqlFilter", getStoredHttpqlFilter);

packages/frontend/src/configs/scopes.ts

@@ -93,7 +93,7 @@ export class ScopesManager {
             // Stored scope no longer exists, default to "Unset Scope"
             this.selectedScope.value = '';
             console.log("Previously selected scope no longer exists, defaulting to 'Unset Scope'");
-            this.sdk.window.showToast("Previously selected scope no longer available", { variant: "warning" });
+            this.sdk.window.showToast("Authify: Previously selected scope no longer available", { variant: "warning" });
           }
         } else {
           // No stored scope, default to "Unset Scope"

packages/frontend/src/index.ts

@@ -79,26 +79,32 @@ async function applyHeadersToReplay(sdk: any, requestText: string, authHeaders:
   }
 
   // Add new auth headers
-  const modifiedHeaders = { ...filteredHeaders, ...newAuthHeaders };
+  let modifiedHeaders = { ...filteredHeaders, ...newAuthHeaders };
 
   // Reconstruct the request
-  const requestLine = lines[0]; // GET /path HTTP/1.1
+  let requestLine = lines[0]; // GET /path HTTP/1.1
   const body = headerEndIndex < lines.length ? lines.slice(headerEndIndex + 1).join('\r\n') : '';
 
-  // Apply match & replace rules to the request body (if any rules are configured)
+  // Apply match & replace rules across the entire request (headers, request line, and body)
   let modifiedBody = body;
   try {
     const hasRules = await sdk.backend.hasEnabledMatchReplaceRules();
     if (hasRules) {
-      const modifiedBodyResult = await sdk.backend.applyMatchReplaceRules(body);
-      modifiedBody = modifiedBodyResult;
-      if (modifiedBody !== body) {
-        console.log(`Applied match & replace rules to request body`);
+      const result = await sdk.backend.applyMatchReplaceRules(body, requestLine, modifiedHeaders);
+      modifiedBody = result.body;
+      if (result.requestLine !== undefined) {
+        requestLine = result.requestLine;
+      }
+      if (result.headers !== undefined) {
+        modifiedHeaders = result.headers;
+      }
+      if (modifiedBody !== body || requestLine !== lines[0]) {
+        console.log(`Applied match & replace rules across entire request (headers, path, and body)`);
       }
     }
   } catch (error) {
     console.warn("Error applying match & replace rules:", error);
-    // Continue with original body if match & replace fails
+    // Continue with original values if match & replace fails
   }
 
   let modifiedRequest = requestLine + '\r\n';

packages/frontend/src/views/App.vue

@@ -1056,27 +1056,29 @@ const ignorePathInHttpql = async (row: Row) => {
               </div>
               <span v-if="isEnabled" class="text-xs text-amber-400">(Read-only while monitoring)</span>
             </div>
-            <div class="w-full">
-              <Textarea
-                v-model="auth"
-                class="w-full"
-                rows="8"
-                :readonly="isEnabled"
-                placeholder="Paste authentication headers (Cookie, Authorization, etc. - one per line)...
+            <div class="bg-surface-800 border border-surface-700 rounded-lg p-4">
+              <div class="w-full">
+                <Textarea
+                  v-model="auth"
+                  class="w-full"
+                  rows="8"
+                  :readonly="isEnabled"
+                  placeholder="Paste authentication headers (Cookie, Authorization, etc. - one per line)...
                 
 e.g. 
 Cookie: session_id=abc123;
 X-CSRF-Token: def456"
-                @input="autoSaveAuthHeaders"
-                :pt="{
-                  root: { 
-                    class: `w-full bg-surface-800 border-surface-700 text-surface-0 rounded-lg ${isEnabled ? 'opacity-75' : ''}` 
-                  },
-                  input: {
-                    class: 'w-full bg-surface-800 text-surface-0 placeholder:text-surface-400 resize-none overflow-auto rounded-lg'
-                  }
-                }"
-              />
+                  @input="autoSaveAuthHeaders"
+                  :pt="{
+                    root: { 
+                      class: `w-full bg-surface-700 border border-surface-600 text-surface-0 rounded-lg ${isEnabled ? 'opacity-75' : ''}` 
+                    },
+                    input: {
+                      class: 'w-full bg-surface-700 text-surface-0 placeholder:text-surface-400 resize-none overflow-auto rounded-lg'
+                    }
+                  }"
+                />
+              </div>
             </div>
           </div>
 
@@ -1281,7 +1283,7 @@ X-CSRF-Token: def456"
               <div class="relative group">
                 <i class="fas fa-info-circle text-surface-400 text-sm cursor-help"></i>
                 <div class="absolute top-full left-0 mt-2 px-3 py-2 bg-surface-900 text-surface-0 text-sm rounded-lg shadow-lg opacity-0 group-hover:opacity-100 transition-opacity duration-200 pointer-events-none whitespace-nowrap z-50">
-                  For advanced filtering, create a filter using the button below configure it from the "Custom Authify filter" in the Overview > Filters sidebar.
+                  For advanced filtering, create a filter using the button below and configure it from the "Custom Authify filter" in the Overview > Filters sidebar.
                   <div class="absolute bottom-full left-4 w-0 h-0 border-l-4 border-r-4 border-b-4 border-transparent border-b-surface-900"></div>
                 </div>
               </div>