Use TAMPER DATA

Source: Internet
Author: User

I. IntroductionAs a Firefox plug-in, Tamper Data is easy to use and has powerful functions. It can be used to view and modify HTTP/HTTPS headers and POST parameters. It can be used to track HTTP requests and responses, and to record time; some security tests can be performed on the WEB site, which brings great convenience for debugging WEB configuration. It is a rare practical tool for website maintenance personnel. Ii. InstallationInstalling Tamper Data is as follows:Step 1: Open Firefox, go to google.cn, search for "tamper data", and click "found"Tamper Data: Firefox Add-ons -"Item. As shown in: DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 278px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U01B0F-0.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134138734.jpg ">Step 2: Go to the Tamper Data installation page, find the following location and click to start installation:DATAUse (convert) "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U0161024-1.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134139621.jpg ">Step 3: After installation, you can find Tamper Data in the "Tools" menu item on the Firefox menu bar, as shown in: DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 264px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U0161557-2.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134139371.jpg "> 3. UseThe use of Tamper Data is also relatively simple. The following describes the main usage:Click "Tamper Data" in the "Tools" menu item on the Firefox menu bar to bring up the main window of Tamper Data, as shown in: DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 398px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U0163b1-3.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134139112.jpg ">It can be seen that the main window is mainly divided into three parts, respectively, 1, 2, 3. When we open Tamper Data, every HTTP request and corresponding response we send when browsing the Web page will be recorded by Tamper Data. Part 1 shows the summary of each HTTP request and its corresponding HTTP response, including a large amount of useful information, such as the page element size, HTTP Request Method, and HTTP response status value, and so on. The values of the "Duration" and "Total Duration" fields show the time it takes to open each page element and the Total time it takes to open the page. Based on these time values, we can determine the speed at which the page is opened and which page elements affect the speed at which the page is opened, so as to provide valuable information for us to further optimize the page. When a summary is selected in part 1, Part 2 displays the header information of the corresponding HTTP request, and Part 2 displays the header information of the corresponding HTTP response.If you prefer to View Graph statistics, right-click section 1st of the main Tamper Data window and click "Graph All" in the pop-up menu, as shown in, then, each of these page elements and the time it took to open them will be displayed visually in a graphical manner. The specific image is not provided. DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 359px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U01C093-4.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134140833.jpg ">Next, let's look at several practical examples.Example 1: We configure APACHE to write a Cookie to the user's browser when the user browses our website for the first time to track their access behavior. Then, we need to verify that the configuration is correct. Therefore, we enable Tamper Data, visit a page on our website, and analyze the Data recorded by Tamper Data. We can see from the 3rd window that our APACHE server indeed writes a pre-configured Cookie to our browser, as shown in: DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 282px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U01611E-5.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134141140.jpg ">Next, let's get to know the true meaning of Tamper Data, that is, "Tamper with Data" (or customize HTTP requests): intercept every HTTP request sent by the browser, prompting us to choose to customize it, whether to directly submit the request without customization, terminate the current intercepted request, and choose whether to open the custom window or directly submit the request to the WEB server based on our selection, or terminate the current request.By default, Tamper Data does not intercept requests for images. Therefore, if you need to customize the request for obtaining images, You need to modify it a little bit, click "Option" on the main Tamper Data window. The following window is displayed. Check "Tamper with Images etc..By the way, we can see from the following window that Tamper Data also provides code for XSS (Cross-Site Scripting) attacks and SQL injection attacks, in addition, we are allowed to add our own attack code, which greatly facilitates the Security Test on the WEB site. DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 291px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U01621K-6.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134141876.jpg ">It is time for "Tamper.Click Start Tamper on the main Tamper Data window to enable HTTP request truncation. DATAUse (convert) "style =" WIDTH: 500px; HEIGHT: 170px "alt =" TAMPERDATAUse (convert) "src =" http://www.bkjia.com/uploads/allimg/131121/1U0161643-7.jpg "border = 0 real_src ="/previusfile/2010-07-09/HackNote.Com134142436.jpg ">Once the HTTP request is intercepted, Tamper Data intercepts every request sent by the browser, and then displays the following window, asking us to make a choice: DATAUse (to convert) "style =" WIDTH: 500px; HEIGHT: 333px "alt =" TAMPERDATAUse (convert) "src

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.