Control | Function |
URL Editbox | This box contains the URL which is being requested from the server. This field is editable. So, for instance, you can change the |
Send Altered Data | This button will send the edited HTTP request to the specified URL. |
Send Original Data | This button will send the unedited HTTP request to the original URL. |
Cookies | This tab presents a read-only view of the cookies which are being sent to the server.You can edit your cookies by editing the cookie file on disk or using a great browser plugin like CookieSpy. |
Raw Headers | This tab presents a read/write view of the custom HTTP headers which are being sent to the server. These are rarely used by web pages, but can be useful in some circumstances. For instance, sometimes web sites will not check authorization if "secret" HTTP headers are present in the request. |
Raw Post | This tab presents a read/write view of the HTTP POST body which is being sent to the server. This is where TamperIE shines.Many web applications are coded very poorly, and implicitly trust data sent by the POST body. Some corporations mistakenly think that if the HTTP Header "Referer" is correct, the POST data must have been generated securely. Wrong. |
PrettyPost | This tab presents a "pretty" read/write view of the HTTP POST body. POSTs are generally URL encoded, and this editing grid allows easy tampering. More on this in a moment. |
Option | Function |
Tamper with HTTP POSTs | Show the TamperIE dialog when a form is submitted with METHOD=POST |
Tamper with HTTP GETs | Show the TamperIE dialog whenever a HTTP GET is performed. |
Tamper with GET requests for the following files | Show the TamperIE dialog whenever a HTTP GET is performed and the resource address ends with the specified text.For instance, given the filter in the above screenshot, the following URL requests will match: www.washingtonpost.com/article.html?q=12311 www.banker.com/payee.html?id=321312&amt=1231 www.bayden.com/register.asp?product=TamperIE www.microsoft.com/passport/register.asp#FAQ etc... If this box contains a *, all GET requests will match the filter. |
Only tamper with GETs with Query string parameters | Show the TamperIE dialog only when a HTTP GET is performed and there is query string data in the URL. Query string data is found in the URL after the ? character. For instance, in this Google hit, query data is shown in Red.http://www.google.com/search?hl=en&q=hacker |
欢迎光临 思步网 (http://www.step365.com/) | Powered by Discuz! X3.2 |