Using Tamper Data add-on to intercept and modify requests
Sometimes, applications have client-side input validation mechanisms through JavaScript, hidden forms, or POST parameters that one doesn't know or can't see or manipulate directly in the address bar; to test these and other kind of variables, we need to intercept the requests the browser sends and modify them before they reach the server. In this recipe, we will use a Firefox add-on called Tamper Data to intercept the submission of a form and alter some values before it leaves our computer.
How to do it...
- Go to Mantra's menu and navigate to Tools | Application Auditing | Tamper Data.
- Tamper Data's window will appear. Now, let's browse to
http://192.168.56.102/dvwa/login.php. We can see the requests section in the add-on populating:
Note
Every request we make in the browser will go through Tamper Data while it is active.
- To intercept a request and change its values, we need to start the tampering by clicking on...
