Tuesday 25 February 2014

Getting Started with Tamper Data (Firefox extension)

The Tamper Data Firefox extension is a tool used to intercept and modify HTTP/HTTPs requests. This tool can be used by hackers to edit responses or view requests. This add-on also serves as a great tool for web developers to ensure they are susceptible to sercurity vulnerabilities which could potentially be exposed by a hacker using similar methods as what is used in this extension. Below I describe the process which one can use to install Tamper Data on FireFox:



Open FireFox browser and click ALT to open the toolbar menu at the top of your browser. Go to 'Tools' and then 'Add-ons'.You should see an interface similar to the one below. 




 In the search bar at the top type in 'tamper data 11.0' to search for the add-on. The add-on is shown in the screenshot below at the top of the results. Install the add-on.




Read the End-User License Agreement and then cllick "Accept and Install..."


Restart your browser when you get the green message that says to do so, so that the installation will take effect.




















Now you are able to work with this extension to get a feel for how hackers can access or edit information sent between the browser and the server, so that you can prevent your own websites from being prone to such attacks. You can also take away a better understanding of why it can be very important not to have credentials passed between the browser and server without going to some measure to either encrypt the information or disguise it so that it is harder for a hacker to pinpoint and recognize.
Posted by at No comments:

Friday 21 February 2014

Setting up WebGoat

Webgoat is an application that is designed to be vulnerable to hacking so that it can serve as a resource for users to practice hacking and learn how to prevent being hacked. Webgoat is created for ethical hackers so they can stay up to date on newer methods of hacking. It is also an excellent introduction tool for hacking web applications. 


Go to the webgoat download page: https://code.google.com/p/webgoat/downloads/list
Download the top link (zip file) for Windows operating system:
Once the zip has finished downloading extract the files whereveer you want, and they should appear as shown below. Click on the webgoat_8080 Batch file.


This will start the Apache Tomcat server which will be run on localhost and use port 8080 by default, and you should see content in your terminal window that has opened as shown below. 

 You can visit the local web goat application by opening a browser and navigating to: http://127.0.0.1:8080/WebGoat/attack
Once you arrive there you will be asked for login credentials you can use one the following to login information:
Username: guest
Password: guest

Then you should see an interface as shown below, you can click on 'Start WebGoat' to begin the lessons:

 Now you have access to WebGoat's various tools and lessons for you to explore.

Posted by at No comments:
Subscribe to: Posts (Atom)