Tamperdata Firefox Extension

I haven’t posted any blog entries in a long time, but I do have a couple of nice ones in the works. This one’s a quickie though, that I’ve pushed through for an immediate post just because it’s so cool :) . I’ll be back on track soon, with more original content and book reviews.

I’ve covered web application testing using proxies (specifically Burp Suite) before, and I do that sort of thing pretty often. It can be a pain, requiring that I have launch Burp and make sure my browser’s proxy settings are set to point at it. Once I’m done, I also have to make sure I set things back, or else the browser will stop working once Burp’s unloaded.

I recently participated in ha.ckers.org’s blackhat challenge (and won a t-shirt!), in which a proxy like this comes in handy. After the contest was over, Ronald van den Heetkamp of http://www.0×000000.com/ posted some help for the others in a comment, and mentioned the Tamperdata extension for Firefox. Investigating it, it seems like it’ll do the trick for a lot of the things I’d normally do with Burp.

Once it’s installed, you can use it to intercept requests and modify the headers/parameters before sending it along to the server. It has a fairly nice interface for it too. It’s not as nice and feature-filled as the Burp Suite (for instance, I don’t think I can intercept and modify server responses with it), so you’ll still want to keep that around. For most quick tests, however, it seems like it’ll be pretty handy. I’ve installed it on my Firefox, and if you do a lot of web application testing using proxies to modify data, you might be able to use this to save some effort too.