{ How to Enable Tamper Data }
Section 0. Background Information |
- What is tamper data?
- Tamper Data is a Firefox Extension which gives you the power to view, record and modify outgoing HTTP/HTTPS requests (headers and post parameters)
- Pre-Requisite Lab
- BackTrack: Lesson 1: Installing BackTrack 5
- Note: This is not absolutely necessary, but if you are a computer security student or professional, you should have a BackTrack VM.
- Lab Notes
- In this lab we will do the following:
- We will enable Tamper Data in Firefox on BackTrack 5R1.
Section 1. Configure BackTrack Virtual Machine Settings |
- Edit the BackTrack5R1 VM
- Instructions:
- Select BackTrack5R1 VM
- Click Edit virtual machine settings
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vXrY_9l7Ybxg_KX4fy6uoQssMqlPVRJa_o856DVDu7aswFLLgOK54a3EVdBIijtPhGrABdFuM1aBFZpBCvNeP2Z0iUb0KvORQL7kgvKNk441Zl84JordFHKUzpbOqo1FH25PaR-trK4WULhBUTVZBNvSSCCAb7Fe8v5w=s0-d)
- Edit Virtual Machine Settings
- Instructions:
- Click on Network Adapter
- Click on the Bridged Radio button
- Click on the OK Button
Section 2. Play and Login to BackTrack |
- Play the BackTrack5R1 VM
- Instructions:
- Click on the BackTrack5R1 VM
- Click on Play virtual machine
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tUkWlN7ugMMCpkgvMqm1ACF1TJIisNj469iPzUFD2YvIyg33lqvxzgn7FfCP2tnE0Hxrj5LJKgLGn1-5w9GpsDCG-dtqxWZoNBbTnDVQqJbWc6b6hiHvUTBuYhoKNSOM3BB6e48BaZPHBLeyzuTBHXQEWVbyCkFYgAIg=s0-d)
- Login to BackTrack
- Instructions:
- Login: root
- Password: toor or <whatever you changed it to>.
- Bring up the GNOME
- Instructions:
- Type startx
Section 3. Open Console Terminal and Retrieve IP Address |
- On BackTrack, Start up a terminal window
- Instructions:
- Click on the Terminal Window
- Obtain the IP Address
- Instructions:
- ifconfig -a
- Note(FYI):
- My IP address 192.168.1.109.
- In your case, it will probably be different.
- This is the machine that will be use to attack the victim machine (Metasploitable).
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uNjfRqYTfAG0FDBxeAY9_bdJm4rD3V4QxuPGjeWGof6e9zGVM1BWHaR5HyA-TKZnyRs5Zg1QoguL9maje3ZrGREdUJjbiakFjMjIwE4bdBrRwRso5v6zioc2nMlWTAtpzrlbwOXeK7J4gHmqPyPbFX2lDGB8xCKbBdbw=s0-d)
Section 4. Enable Tamper Data |
- Start Firefox
- Instructions:
- Click on Firefox
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sp24RgWlm3as09Phg7AJbmGoS95ToZl8wBUFva9vE7-uXb_nB3cDaPtsF9u8AjS3cPufkFqgVg9MMuka1RHvSTavOFnNHJLueGr7V3OgrSnFg6YA80brOCaPEvKfo3cHV97cv6V7xogVwfoY6JqNL-yfFzAewi8x17Bh5Q=s0-d)
- Select Add-ons
- Instructions:
- Tools --> Add-ons
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uebvH4Wbhejaj2ajLPW3I8OY6NLVZ00gRFJE09N2ui-1tHVQPBeg0WDSHQhoVQGL8xIDUF6jgVbNb-Fuy_aseraBk5WgS2KjcT4okz3eN_Aw4paF2tIRa_9LP9wzXfPe6xL4Nn0QDJS0GKD0a8O5W52YGv3E82yWTtwAs=s0-d)
- Enable Tamper Data
- Instructions:
- Click on Extensions
- Click on Tamper Data Enable Button
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_utuuMKu6ZDsK_tj9VWic_SjrkZ1lIrAVRcmeMES3ugG3E6jv2gLAX4iHPaRRt57M22C_jKiu20JUE9TVvrQrFXi0AF2euFYd2f36qadXOmErqvvdO1RSql9_GmWllfqlPTVWu17X4YEB_a2e8VKaaua7vyN9qomzQU763y=s0-d)
- Restart Firefox
- Instructions:
- Click Restart Now (See Picture)
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vb4xv94ZvikAWO_NY2u8qVbxn-jj7H-0liXECxQuumy4hlbnfKnY615T-37Yqq405fyEd1tmG2lXFLWxYP8niuoETyXq57_pRridq0cHdUtbEn5ZQHQzTUmjA8v5vCZzhh2qBj39HtWbbLYcjU5idkuas_Ok4uLw_7pDC0=s0-d)
- Proof of Lab, (On a BackTrack Terminal)
- Instructions:
- find /root/.mozilla/firefox/* -name "localstore.rdf" | xargs grep -i tamper | wc -l
- find /root/.mozilla/firefox/*, Search the (/root/.mozilla/firefox/) path
- -name "localstore.rdf", Search for the file (localstore.rdf).
- xargs grep -i tamper, Search for the string (tamper) and ignore case.
- wc -l, Count the number of results.
- date
- echo "Your Name"
- Replace the string "Your Name" with your actual name.
- e.g., echo "John Gray"
- Proof of Lab Instructions:
- Do a PrtScn
- Paste into a word document
- Upload to website www.antoanthongtin.edu.vn
-
![](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_uIHrvK6ktYEtITT4iJ9fUMJqYMLyQAm8928ZXfvsTQV8ps5iODRjiFAm7g11dqqxvlV2A36g_hNJ18jY1yf1ZOoA2NWvJYPO1kw6U0ZoBY_pQ_QdNdJ88Eeqe5wqjZxQO4PjIGozpGf4YVNAJTb97GOFMS39BIqRp3WMSJ=s0-d)
Không có nhận xét nào:
Đăng nhận xét