Basic Hacking with Firefox (Part 2): Data Intercepting

February 9, 2016 | Views: 7742

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

In Part 1, we saw how to view and collect different information about websites using HttpFox, User-Agent Switcher, RefControl. In this session, we’ll learn how to use this information to exploit and perform a simple hack of a website.

The basic aim is to intercept the data to hack the websites using different tools and extensions of the Firefox browser. The Firefox community has built too many tools to intercept data like:

  1. Live Http Header
  2. Tamper Data
  3. Firebug

 

1. Live Http Header:

Live Http Headers are used to view/modify the Http headers in the same session. Live Http Headers are used to send the data after modifying. When the Live Http Headers is started, it records all the data sent through the request header.

One simple example will make it more clear to you. If a website is vulnerable to SQL Injection, we can login the admin or other user account using Live Http Header (to find whether a site is vulnerable to SQL injection or not use an other Mozila Firefox extension “SQL Inject Me” side bar).

Find a username on the website – you might find it on the forums, comments or any posts on the website. After finding the name go to sign in form, start Live Http Header, insert dummy values in the form and press sign in. Now, go to Live Http header and scroll to the values you have inserted in the form. Select the line which may look like this “username=dummy&&password=dummy?login.php” Select the line and click on replay. The replay box will be open. Edit the values and again, click replay. It will send the data again to website. In this way, sent the values again and again to hack the login process using Live Http Header (Search “SQL injection” to find which values that have been sent and only change the password, not the user name (you found on the website). It’s not only used to replay the values posted – it can also be used to replay and alter the referrer, user agent and the URL, etc.

Download Live Http Headers

 

2. Tamper Data:

As the name specifies, this Mozilla Firefox extension is used to tamper with the data of the request header. It’s used to tamper with the data posted – either through the Get or POST method. It’s used to tamper the URL, Host, referrer , user agent, accept encoding, cookies etc before sending to the server. Data tampering of POST data is used in SQL Inject and SSI. User-Agent and referrer is also used to launch attack to the website.

Download Tamper Data

 

 

3. FireBug:

Firebug integrates with Firefox to put a wealth of development tools at your fingertips while you browse. You can edit, debug and monitor CSS, HTML and JavaScript live on any web page. The benefit of the Firebug is that to change the code of a website after “Save Page As” is not effective. Taking a simple example: websites use forms (Dropdown Selection, Radio Selection, Checklist) to submit the values of selected item. In the forms, there are values for every selection. If the page is saved and value is changed, it will be ineffective and can not be submitted. Use the FireBug to change the code or values of and submit it and acquire results of your wish.

To do this, right-click on the element you want to change and choose “Inspect with Fire bug” from the menu. Now, it will show the exact piece of code for that element. Click on code and change the values and submit again.

Something fun to try: Ask your Friend to enter his Facebook password. Before clicking on “Log in”, inspect it with Firebug and change type of password field to “Type=”text””. It will show the password immediately.

Download Fire Bug inspector

 

 

 

Friendly Disclaimer: This tutorial is for beginners. If you already know this stuff – ignore it.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
16 Comments
  1. Super Helpfull……Thanx a Million

  2. hahahaa imagine am floating, but am still intrested

  3. Very helpful. Thanks for sharing.

Page 3 of 3«123
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel