Tamper Data that you do not want hackers to know about

 Τι είναι το Data;

Import: Οι προγραμματιστές Web εφαρμογών συχνά έχουν την εντύπωση ή την προσδοκία, ότι οι περισσότεροι χρήστες θα ακολουθούν τους κανόνες όταν χρησιμοποιούν μια εφαρμογή, χωρίς να λαμβάνουν και τόσο πολύ υπόψιν τους ότι υπάρχουν χρήστες που γενικότερα δεν ακολουθούν τους κανονισμούς, βλέπε hackers. Τι μπορεί να συμβεί αν κάποιος χρήστης εγκαταλείπει τη φανταχτερό of a web application and start doing them up and down, without the limitations imposed by a browser?

code hack

Ο Firefox It is which most hackers and developers choose, because it has a very friendly design to accept plug-ins. One of the most popular tools used by hackers in Firefox is an add-on called Tamper Data. Tamper Data is not a complex . It's just a proxy, or something that gets in between the hacker and the web application. But let's see what it does.

tamper data

Tamper Data allows a hacker to uncover all the HTTP "magic" functions performed in the background. This way it can manage all GETs and POSTs without the restrictions imposed by the user interface (user interface) that shows the browser.

Hackers use Tamper Data because it allows them to interfere with the data received and sent between the client and the server. Using Tamper Data in a web application or website which runs on , all fields that allow the user to enter, or in the case of a malicious user the gaps that allow a breach, will be displayed. The hacker can then give a field an "alternative value" and start sending data that the application or website's rules don't allow to the server to see how it will react.

But let's see why this may be dangerous for some application:

Suppose a hacker wanders in an online market and has filled his shopping cart. The development of the web application shows the value of 5 which indicates the quantity of items in the shopping cart.
A hacker using Tamper Data could bypass the drop-down box restrictions that allow users to choose from a set of values ​​such as “1,2,3,4, and 5. Using Tamper Data, the hacker would could enter a different value like "-1" or maybe "0,0000005".

If the developer of the application has not correctly coded the payment validation routine, then this value "-5" or "0,0000005" value could possibly confuse the application and specifically the type it uses to calculate the cost (price x quantity). This could cause some unexpected results. If the shopping cart is poorly coded, then the hacker may end up with an unintentional huge discount, a return on a product he had not even bought, or who knows what else.

The possibilities of misusing a web application with Tamper Data are endless. On the other hand, Tamper Data is a great security tool if used by application developers to see how the at from client-side and how they manage the data.

For more information about Tamper Data Add-on for Firefox visit the official page.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).