tamperdata
| resources: | Home How to Use it Screenshots Warnings Installation To do Source Code Members |
|---|
Warnings
General
- If you don't understand security testing, or the values contained in the request header and body, then don't change them.
- Modifying values in headers and the request body, especially using the context menu suggestions, will generally cause web applications to fail. Well designed web applications will detect the bad values, and fail gracefully, and potentially trigger investigations of malicious behavior. Poorly designed applications, may fail in ways difficult to detect, but in general, will also trigger investigations of malicious behavior.
- I don't recommend tampering with requests to web sites outside of your direct control
Security and Privacy
All data in request headers and body is recorded.Be aware of this when surfing to sites that request passwords etc.
e.g. it may not be a good idea to leave this extension running while performing online banking.
Compatibility
As this tool modifies values in the request other tools such as live http headers (which the complicated parts of this code are based on) may not work correctly at the same time as tamperdata.Potential Bugs
Some things I see as potential causes of problems:- Tamper confirmation pop up is modal to the tamper dialog, you can still access the browser window to add additional request to the queue - don't do this
- Request/Response pairs are stored in javascript arrays. Run this extension for a long time any firefox may run out of memory - don't do this
- Request/Response matching will get confused by stops and multiple reloads. Just press clear and start again