Τι είναι το Tamper Data;
Import: Οι προγραμματιστές Web εφαρμογών συχνά έχουν την εντύπωση ή την προσδοκία, ότι οι περισσότεροι χρήστες θα ακολουθούν τους κανόνες όταν χρησιμοποιούν μια εφαρμογή, χωρίς να λαμβάνουν και τόσο πολύ υπόψιν τους ότι υπάρχουν χρήστες που γενικότερα δεν ακολουθούν τους κανονισμούς, βλέπε hackers. Τι μπορεί να συμβεί αν κάποιος χρήστης εγκαταλείπει τη φανταχτερό interface of a web application and start doing them up and down, without the limitations imposed by a browser?
Ο Firefox It is browser which most hackers and developers choose, because it has a very friendly design to accept plug-ins. One of the most popular tools used by hackers in Firefox is an add-on called Tamper Data. Tamper Data is not a complex tool. It's just a proxy, or something that gets in between the hacker and the web application. But let's see what it does.
Tamper Data allows a hacker to uncover all the HTTP "magic" functions performed in the background. This way it can manage all GETs and POSTs without the restrictions imposed by the user interface (user interface) that shows the browser.
Hackers use Tamper Data because it allows them to interfere with the data received and sent between the client and the server. Using Tamper Data in a web application or websiteσελίδα which runs on Firefox, all fields that allow the user to enter, or in the case of a malicious user the gaps that allow a breach, will be displayed. The hacker can then give a field an "alternative value" and start sending data that the application or website's rules don't allow to the server to see how it will react.
But let's see why this may be dangerous for some application:
Suppose a hacker wanders in an online market and has filled his shopping cart. The development of the web application shows the value of 5 which indicates the quantity of items in the shopping cart.
A hacker using Tamper Data could bypass the drop-down box restrictions that allow users to choose from a set of values such as “1,2,3,4, and 5. Using Tamper Data, the hacker would could enter a different value like "-1" or maybe "0,0000005".
If the developer of the application has not correctly coded the payment validation routine, then this value "-5" or "0,0000005" value could possibly confuse the application and specifically the type it uses to calculate the cost (price x quantity). This could cause some unexpected results. If the shopping cart is poorly coded, then the hacker may end up with an unintentional huge discount, a return on a product he had not even bought, or who knows what else.
The possibilities of misusing a web application with Tamper Data are endless. On the other hand, Tamper Data is a great security tool if used by application developers to see how the applications at attacks from client-side and how they manage the data.
For more information about Tamper Data Add-on for Firefox visit the official page.