{ How to Enable Tamper Data }
Section 0. Background Information |
- What is tamper data?
- Tamper Data is a Firefox Extension which gives you the power to view, record and modify outgoing HTTP/HTTPS requests (headers and post parameters)
- Pre-Requisite Lab
- BackTrack: Lesson 1: Installing BackTrack 5
- Note: This is not absolutely necessary, but if you are a computer security student or professional, you should have a BackTrack VM.
- Lab Notes
- In this lab we will do the following:
- We will enable Tamper Data in Firefox on BackTrack 5R1.
Section 1. Configure BackTrack Virtual Machine Settings |
- Edit the BackTrack5R1 VM
- Instructions:
- Select BackTrack5R1 VM
- Click Edit virtual machine settings
- Edit Virtual Machine Settings
- Instructions:
- Click on Network Adapter
- Click on the Bridged Radio button
- Click on the OK Button
Section 2. Play and Login to BackTrack |
- Play the BackTrack5R1 VM
- Instructions:
- Click on the BackTrack5R1 VM
- Click on Play virtual machine
- Login to BackTrack
- Instructions:
- Login: root
- Password: toor or <whatever you changed it to>.
-
- Bring up the GNOME
- Instructions:
- Type startx
-
Section 3. Open Console Terminal and Retrieve IP Address |
- On BackTrack, Start up a terminal window
- Instructions:
- Click on the Terminal Window
- Obtain the IP Address
- Instructions:
- ifconfig -a
- Note(FYI):
- My IP address 192.168.1.109.
- In your case, it will probably be different.
- This is the machine that will be use to attack the victim machine (Metasploitable).
Section 4. Enable Tamper Data |
- Start Firefox
- Instructions:
- Click on Firefox
- Select Add-ons
- Instructions:
- Tools --> Add-ons
- Enable Tamper Data
- Instructions:
- Click on Extensions
- Click on Tamper Data Enable Button
- Restart Firefox
- Instructions:
- Click Restart Now (See Picture)
- Proof of Lab, (On a BackTrack Terminal)
- Instructions:
- find /root/.mozilla/firefox/* -name "localstore.rdf" | xargs grep -i tamper | wc -l
- find /root/.mozilla/firefox/*, Search the (/root/.mozilla/firefox/) path
- -name "localstore.rdf", Search for the file (localstore.rdf).
- xargs grep -i tamper, Search for the string (tamper) and ignore case.
- wc -l, Count the number of results.
- date
- echo "Your Name"
- Replace the string "Your Name" with your actual name.
- e.g., echo "John Gray"
- Proof of Lab Instructions:
- Do a PrtScn
- Paste into a word document
- Upload to website www.antoanthongtin.edu.vn
-
Không có nhận xét nào:
Đăng nhận xét