Bounty: Help grug brained dev with JS - Amount negotiable.

sample.js

function foo() {
  let fetchCopy = window.fetch;
  return function() {
    return fetchCopy('http://example.com');
  };
}

let boo = foo();

function bar() {
  // Somehow intercept fetch call from fetchCopy.
  // Conditions:
  // - You cannot change foo
  // - You cannot override foo (It's a function hidden deep within obfuscated JS)
  // - It works in an electron app
  // - You can only write in this bar function. Nothing else can change
  // Why?
  // This is for github.com/acheong08/rev-obsidian-sync-plugin. You can check it out if interested.
  // A recent update from ObsidianMD broke the current implementation and I can't figure it out.
  // I'm not a JavaScript dev.
}

bar();

boo();

haha figures.

You say you can't change or override foo, but what about boo?

In practice, it's encased in a few dozen layers of obfuscation, recursion, and anonymous functions

gotcha. Might be overkill, but try this. It works with the toy example, but see if it will work in your real-world use case. There's a chance that it needs to be modified to use the same context (this object) of foo.

function bar() {
    const fooCode = foo.toString()

    const myFetch = (...args) => {
        console.log('intercepted', args)
        return window.fetch(...args)
    }

    const fooCodeModified = fooCode.replace('let fetchCopy = window.fetch;', 'let fetchCopy = myFetch;');

    const evalCode = `boo = (${fooCodeModified})(/* args here */)`

    eval(evalCode)
}

Good effort but I think the specifics of this case (extreme obfuscation & no reliable access to foo itself) makes this pretty much impossible. I've thought up another solution without having to intercept the initial login request