Tamper Data

Chuyên đề thảo luận về Security Testing.
Forum rules
Chuyên đề này chỉ thảo luận về Security Testing.
Để có kết quả nhanh, các bạn nên search trước khi tạo chủ đề mới.
Post Reply
tvn
Admin
Posts: 4741
Joined: Tue 10 Aug, 2010 10:11 am
Location: HCM
Contact:

Tamper Data

Post by tvn » Thu 11 Apr, 2013 12:51 pm

How to Use it.

Monitoring

After installation you should find a Tamper Data entry under the tools menu. Select this and the log window will open. All subsequent request will appear here.

To see details of a request, select it. To see details of a request header double click the item.

It's probably a good idea to press clear now and then.

Stuff to try

View Source - retrieves the response from the cache
Copy
Export to XML
Graph

Tampering
Make sure you have read the warnings.

Press the start/stop tamper to toggle tampering.

For each request (images etc. are currently filtered out) you should see a pop up prompting you to
  • tamper - trigger the tamper pop up
    submit - do nothing
    or
    abort - cancel the request entirely
When you select tamper you will see the tamper window. Modify the data here. Use the context menu to make common changes.

Select OK to submit the modified values, cancel to submit the original data.

Using the context menu
When using add entry, you may enter name and value at the same time.
  • e.g. myheader=myvalue
The value may contain commas or equal signs.

When using add etries, you can add multiple values in the form:
  • name1=value1,name2,name3=value3
Neither the names or values should contain commas.

When using add entries from file, import a file in the following format:
  • name=value
    name2
    name3=abc,!@#
    name4
Blank lines at the top of the file will probably cause problems.

Options
Context menu items can be configured using the options dialog.
  • Items are either static, or dynamic
    Static items appear when any item is selected.
    Dynamic items appear only when the item name matches the item selected. e.g. User-Agent. Note that the text matching is case sensative.
    Preferences can be exported and imported. Probably easiest to export the default options, then use that file as a template
    Imported preferences will be added to existing preferences.
    The delete button should probably be called reset. When pressed the selected preference will be reset to its default value. If you added it, it will be removed.
Nguồn: http://tamperdata.mozdev.org/help.html



Post Reply

Return to “Security Testing - Kiểm thử bảo mật”