DEV Community: Widi Harsojo The latest articles on DEV Community by Widi Harsojo (@wharsojo). https://dev.to/wharsojo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F418445%2F86531fb6-c56f-42d9-9c15-f85dd5703e48.jpeg DEV Community: Widi Harsojo https://dev.to/wharsojo en Gaslighting the GLM 5 in OpenClaw Widi Harsojo Wed, 24 Jun 2026 18:56:48 +0000 https://dev.to/wharsojo/gaslighting-the-glm-5-in-openclaw-35me https://dev.to/wharsojo/gaslighting-the-glm-5-in-openclaw-35me <p>Re-check after long debugging with agent in Openclaw is a must as sometime model make a plausable report claims (GLM 5 choose next level word) as its other party confused where its the other way around.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fw7bjnbayf25dfo2e7js0.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fw7bjnbayf25dfo2e7js0.png" alt=" " width="800" height="419"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fw7afgx2a4paz55nfh5ic.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fw7afgx2a4paz55nfh5ic.png" alt=" " width="800" height="770"></a></p> <p>some note:<br> To prevent GLM-5 from confidently fabricating claims or swapping the roles of who is confused during OpenClaw debugging sessions, you must strictly double-check agent reports. Since GLM-5 excels at long-horizon planning but may hallucinate plausible explanations, verifying its output logs is essential.</p> gaslighting glm5 openclaw Man in the middle using Playwright Widi Harsojo Mon, 09 Nov 2020 14:28:23 +0000 https://dev.to/wharsojo/man-in-the-middle-using-playwright-p41 https://dev.to/wharsojo/man-in-the-middle-using-playwright-p41 <h2> Prologue </h2> <p>As a Front End developer, <strong>I was wondering:</strong> <em>if there is a MITM tool targeted to WEB Developer for easily intercept request and manipulate (mock, cache, logs, modify by content-type) the request / response, having capability of HOT RELOADING rule(s) with additional functionality live in Devtools to edit/enhance/toggle the rule(s)</em>.</p> <h3> These have been my Front End Developer needs: </h3> <h4> It's a rule based routing and scripted with JavaScript Object Literal. </h4> <h4> Intercept Live JS / CSS and substitute with local development code contains an inline-source-map </h4> <h4> Manipulate headers either request or response, ie: changing Content Security Policy (CSP) rule </h4> <h4> Helper to add Javascript code into the HTML response easily ie: add to the header or at the end of body </h4> <h4> Define a tag to some rules and during runtime it can be toggle to enable/disable rule </h4> <h4> A flexible rule should start with simple then extend as needed: </h4> <p>Start with simple URL matching and response with an empty string:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">response</span><span class="p">:</span> <span class="p">{</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">GET:doubleclick.net</span><span class="dl">'</span><span class="p">:</span> <span class="dl">''</span> <span class="p">}</span> <span class="c1">// GET url contains 'doubleclick.net'</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">doubleclick.net</span><span class="dl">'</span><span class="p">:</span> <span class="dl">''</span> <span class="p">}</span> <span class="c1">// match url contains 'doubleclick.net' </span> <span class="p">}</span> </code></pre> </div> <p>Or morph to function based:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">response</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">doubleclick.net</span><span class="dl">'</span><span class="p">:</span><span class="err">&nbsp;</span><span class="p">{</span> <span class="nf">response</span><span class="p">(</span><span class="nx">resp</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">body</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Or specific to <code>js</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">js</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">doubleclick.net</span><span class="dl">'</span><span class="p">:</span> <span class="p">{</span> <span class="nf">response</span><span class="p">(</span><span class="nx">resp</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">body</span> <span class="p">};</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Not replacing, just need to <code>inject at the end of response payload</code> with special syntax <code>=&gt;</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">jscode</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">alert(0)</span><span class="dl">'</span><span class="p">;</span> <span class="p">...</span> <span class="nx">js</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">doubleclick.net</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`=&gt;</span><span class="p">${</span><span class="nx">jscode</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> </code></pre> </div> <h2> Introducing Mitm-Play </h2> <p>TLDR; the term "Man in the Middle" can be check to <code>MITM related articles</code> published by: <a href="https://dev.to/sudo_overflow/reverse-engineering-a-private-api-with-mitm-proxy-20ia">cyris</a>, <a href="https://dev.to/kyleparisi/charles-proxy-1pnb">Kyle Parisi</a>, <a href="https://dev.to/kevcui/3-mitmproxy-tips-you-might-not-know-about-5dbg">Kevin Cui</a>.</p> <p><a href="https://www.npmjs.com/package/mitm-play" rel="noopener noreferrer">Mitm-Play</a> is a MITM leaning toward my need as FE Developer during Development or debugging PROD, detail documentation can be found on <a href="https://github.com/mitm-proxy/mitm-play" rel="noopener noreferrer">github</a>, utilize Playwright <code>route('**', EventHandler) + Chrome Plugins</code> </p> <h3> Installation </h3> <p>Mitm-Play is a CLI App, the installation should be on global scope<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">npm</span> <span class="nx">i</span> <span class="o">-</span><span class="nx">g</span> <span class="nx">mitm</span><span class="o">-</span><span class="nx">play</span> </code></pre> </div> <h3> First run </h3> <p>It will prompt you to create demo routes<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="o">&gt;&gt;&gt;</span> mitm-play <span class="nt">-s</span> Create ~/user-route <span class="o">(</span>Y/n<span class="o">)</span>? y <span class="o">[</span>Enter] </code></pre> </div> <p>Next, chromium will be launch and auto navigate to <a href="https://keybr.com" rel="noopener noreferrer">https://keybr.com</a>. Open Chrome Devtools to access Mitm-Play plugin.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxowul0g9mp5lc9hkjxu1.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fxowul0g9mp5lc9hkjxu1.png" alt="Alt Text"></a></p> <p>At first launch <strong>no rules getting applied</strong>, as we can see on the image above in <code>Devtool</code> section: <code>mitm-play/Tags</code>, there are <strong>no tags getting checked</strong></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fpdzgzzobm0ru9xmy385d.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fi%2Fpdzgzzobm0ru9xmy385d.png" alt="Alt Text"></a></p> <p>Some <code>keys</code> having <code>:no-ads</code> and it is a <code>tags</code> attached to <strong>mock</strong> &amp; <strong>css</strong> rules, and the <code>tags</code> will be available as a <code>checkbox option</code> to enable/disable rule(s). The <strong>state</strong> is determined by <strong>tags</strong> <code>key</code> in which having an <code>empty array</code>, so <code>no rule getting applied</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">route</span> <span class="o">=</span> <span class="p">{</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[],</span> <span class="dl">'</span><span class="s1">mock:no-ads</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">css:no-ads</span><span class="dl">'</span> <span class="p">}</span> </code></pre> </div> <p>To enable at first, either delete the <code>tags</code> key, or add corresponding tags: [<code>'no-ads'</code>]<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">route</span> <span class="o">=</span> <span class="p">{</span> <span class="na">tags</span><span class="p">:</span> <span class="p">[</span><span class="dl">'</span><span class="s1">no-ads</span><span class="dl">'</span><span class="p">],...</span> </code></pre> </div> <h2> Epilogue </h2> <p>This introduction may be too <code>simple interception use case</code>, but I think it serve at least minimum demo that can be showcase immediately after installation, later time can be expand to different scenario with different rules.</p> <p>To get the idea, I end this post with <code>the skeleton of route</code> :<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">route</span> <span class="o">=</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">urls</span><span class="p">:</span> <span class="p">{},</span> <span class="na">title</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">jsLib</span><span class="p">:</span> <span class="p">[],</span> <span class="na">workspace</span><span class="p">:</span> <span class="dl">''</span><span class="p">,</span> <span class="na">screenshot</span><span class="p">:</span> <span class="p">{},</span> <span class="c1">//user interaction rules &amp; observe DOM-Element</span> <span class="na">skip</span><span class="p">:</span> <span class="p">[],</span> <span class="c1">//start routing rules</span> <span class="na">proxy</span><span class="p">:</span> <span class="p">[],</span> <span class="c1">//request with proxy</span> <span class="na">noproxy</span><span class="p">:</span> <span class="p">[],</span> <span class="na">nosocket</span><span class="p">:[],</span> <span class="na">request</span><span class="p">:</span> <span class="p">{},</span> <span class="na">mock</span><span class="p">:</span> <span class="p">{},</span> <span class="na">cache</span><span class="p">:</span> <span class="p">{},</span> <span class="na">log</span><span class="p">:</span> <span class="p">{},</span> <span class="na">html</span><span class="p">:</span> <span class="p">{},</span> <span class="na">json</span><span class="p">:</span> <span class="p">{},</span> <span class="na">css</span><span class="p">:</span> <span class="p">{},</span> <span class="na">js</span><span class="p">:</span> <span class="p">{},</span> <span class="na">response</span><span class="p">:{},</span> <span class="c1">//end routing rules</span> <span class="p">}</span> </code></pre> </div> javascript playwright mitm devtools