Trigger
A Trigger is the filter that decides whether a rule applies to a given HTTP request or response. Triggers appear inside every rule object across the Rewrite, Capture, Intercept, Inject, and Options sections.
Two flavours exist:
- Request triggers evaluate against an outgoing HTTP request (its hostname, path, headers, method).
- Response triggers evaluate against an incoming HTTP response (using the corresponding request's hostname/path, plus the response's headers and
Content-Type).
A rule decides which flavour applies based on where the trigger is used — you don't pick the flavour explicitly. Using a field on the wrong side fails with a parse error.
Fields
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
hostname | [matcher] | yes | — | Match against the Host header of the request (for both request and response triggers). |
path | [matcher] | no | "*" (see defaults) | Match against the request URL path. |
header | [matcher] | no | "" | Match if a header with this name is present on the packet. Empty disables this filter. |
method | [matcher] | no | "" | Request-only. Match the HTTP method (e.g. "GET", "(POST|PUT)"). Empty matches all methods. |
mime_types | [[]matcher] | no | [] | Response-only. Array of matchers against the response's Content-Type. Empty matches all types. |
All fields use the String Matcher syntax — glob by default, regex when prefixed with ~, with full support for ${param} substitution.
Request example
{
trigger: {
hostname: "akira.lab.evilginx.com",
path: "*",
header: "User-Agent",
method: "GET"
}
}
Response example
{
trigger: {
hostname: "akira.lab.evilginx.com",
path: "*",
header: "Server",
mime_types: ["text/html", "application/json"]
}
}
Use-site restrictions
Not every section accepts every field. The parser rejects fields that don't make sense for the section the trigger lives in.
| Trigger lives in | hostname | path | path default | header | method | mime_types |
|---|---|---|---|---|---|---|
rewrite.requests[] | ✓ | ✓ | * | ✓ | ✓ | — |
rewrite.responses[] | ✓ | ✓ | * | ✓ | — | ✓ |
rewrite.urls[] | ✓ | ✓ | * | — | — | — |
capture.cookies[] | ✓ | ✓ | / | — | — | — |
capture.tokens.requests[] | ✓ | ✓ | * | ✓ | ✓ | — |
capture.tokens.responses[] | ✓ | ✓ | * | ✓ | — | ✓ |
intercept.requests[] | ✓ | ✓ | * | ✓ | ✓ | — |
inject.javascript[] | ✓ | ✓ | * | — | — | — |
options.rewrite.requests[] | ✓ | ✓ | * | ✓ | ✓ | — |
options.rewrite.responses[] | ✓ | ✓ | * | ✓ | — | ✓ |
A check mark means the field is accepted; a dash means using it produces a parse error such as "`mime_types` cannot be used in request triggers".
Cookie capture triggers default to path: "/", not "*". If you want to capture a cookie across every path the server sets it on, write path: "*" explicitly.
Parameter substitution
Every matcher field supports ${...} placeholders, which makes triggers easy to parameterize:
{
params: [
{ name: "lab-domain", value: "lab.evilginx.com", required: true }
],
rewrite: {
requests: [
{
trigger: { hostname: "akira.${lab-domain}", path: "/api/v1/*" },
// ... locator / rewrite
}
]
}
}
See the String Matcher reference for parameter naming rules and resolution order.
See also
- String Matcher — pattern syntax used in every trigger field.
- Locator — companion object that pinpoints data inside the request/response a trigger selects.