I. Introduction as a Firefox plug-in, tamper data
It is easy to use and powerful. It can be used to view and modify HTTP/HTTPS headers and post parameters. It can be used to track HTTP requests and responses, and to record time for Web
The website performs some security tests, which greatly facilitates web configuration debugging. It is a rare practical tool for website maintenance personnel. 2. Installing tamper data is simple, as shown below: Step 1: Open Firefox, go to google.cn, search for "tamper data", and click "found"
Tamper data: Firefox add-ons
-"Item. As shown in: Step 2: Go to the tamper data installation page, find the following location and click to start installation: Step 3: After installation, you can find tamper data in the "Tools" menu item on the Firefox menu bar, as shown in: 3. the use of tamper data is also relatively simple. The following describes the main usage: click "tamper data" in the "Tools" menu item on the Firefox menu bar ", the main window of tamper data will pop up, as shown in: it can be seen that the main window is mainly divided into three parts, respectively, 1, 2, 3. When we open
After tamper data, every HTTP request and corresponding response sent when we browse the Web page will be recorded by tamper data. 1st
This section displays the summary of each HTTP request and its corresponding HTTP response, including a large amount of useful information, such as the page element size, HTTP Request Method, HTTP
The status value of the response, and so on. The most noteworthy are duration and total.
The values of the two fields "duration" show the time it takes to open each page element and the total time it takes to open the page. Based on these time values, you can determine
The speed, the page elements that affect the speed of opening the whole page, so as to provide valuable information for us to further optimize the page.
When a summary is selected in part 1, Part 2 displays the header information of the corresponding HTTP request, and Part 2 displays the header information of the corresponding HTTP response. If you prefer to View Graph statistics
1. Right-click and click "Graph" in the pop-up menu.
"All", as shown in, then each of these page elements and the time it takes to open them will be displayed visually in a graphical manner. The specific image is not provided. Next, let's look at several practical examples. Example 1:
Configure to write
Cookie to facilitate tracking of their access behavior. Then, we need to verify that the configuration is correct. So we enable tamper
Data, then visit a page on our website, and then analyze the data recorded by tamper data. We can see from the 3rd window that our Apache
The server indeed writes pre-configured cookies to our browser, as shown in: Next, let's see the true meaning of tamper data, that is,"
"Data tampering" (or custom HTTP requests): captures each HTTP request sent by the browser.
Request, prompting us to choose whether to customize or not to submit the request directly, or to terminate the current intercepted request, and then choose to open the custom window according to our selection, or directly to the Web
The server submits the request or terminates the current request.
By default, tamper data
Requests for images are not intercepted. Therefore, if you need to customize the request for obtaining images, You need to modify the request a little bit and click tamper data.
In the "option" on the main window, the following window appears. Check "tamper with images etc. By the way, we can see from the following window that tamper data also provides code for XSS (Cross-Site Scripting) attacks and SQL injection attacks, in addition, we are allowed to add our own attack code, which greatly facilitates the Security Test on the web site.
It is time for "tamper. Click Start tamper on the main tamper data window to enable HTTP request truncation. Once the HTTP request is intercepted, every request sent by the browser is intercepted by tamper data, and the following window is displayed, asking us to make a choice: here we select "tamper ", we are ready to customize HTTP requests and test and debug our web server configurations. The following window is displayed after the click rate is "tamper. You can see that the top of the window shows the intercepted HTTP requests. The left window shows the HTTP request header fields sent by the browser, the window on the right shows the post parameter of the HTTP request sent by the browser. In these two windows, we can modify the HTTP request header field/post parameter submitted by the browser and delete the HTTP request header field/post parameter submitted by some browsers, or add other valid HTTP request header fields/post parameters. Very powerful, right?
Now, we want to test whether the configured image anti-leech function works normally. So we add a referer header field and enter www.cisco.com
As shown in, after clicking "OK" to submit, we found that our request was redirected to the go_way.html page. We can see that our configuration is correct. The following is a test of anti-malicious browser access. In the following window, modify the User-Agent field submitted by the browser and set it to one of the prohibited malicious access browsers, such as sogou spider. After clicking "OK" to submit, if we find that our request is forbidden, we can see that our configuration is correct. You can write a lot of such examples, so I will not talk about them here. Interested readers can go deep into tamper data. 4. summary: tamper data is one of the best web debugging tools I have ever seen. It can count the open speed of each page and its elements, customize HTTP requests, and perform security tests on our website. As a website maintenance personnel, it is really necessary to master it and add a powerful weapon for their own weapons library.
