Control
|
Function
|
Start
|
Enable Tamper IE/Firefox Requests.
|
Stop
|
Disable Tamper IE/Firefox Requests.
|
Tamper with HTTP POSTs
|
Show the Tamper editor dialog when a form is submitted with METHOD=POST
|
Tamper with HTTP GETs
|
Show the Tamper editor dialog whenever a HTTP GET is performed.
|
Only tamper with GETs with Query string parameters
|
Show the Tamper editor dialog only when a HTTP GET is performed and there is query string data in the URL. Query string data is found in the URL after the ? character. For instance, in this Google hit, query data is shown in Red.http://www.google.com/search?hl=en&q=httpanalyzer
|
Tamper requests for the following URLs
|
Show the Tamper editor dialog whenever a HTTP GET is performed and the resource address contains with the specified text.
For instance, given the filter in the above screenshot, the following URL requests will match:
www.onlineby.com/checkout.html
http://www.google.com/search?hl=en&q=httpanalyzer
http://www.ieinspector.com/test/testpost.htm
etc...
|
Disabled URL Filter
|
Disable/Enabled the URL filter function, all GET/Post requests will match the filter.
|
Control
|
Function
|
Send Altered Data
|
This button will send the edited HTTP request to the specified URL.
|
Send Original Data
|
This button will send the unedited HTTP request to the original URL.
|
Abort Request
|
This button will cancel the request and abort immediately.
|
URL Editbox
|
This box contains the URL which is being requested from the server. This field is editable.
|
Query Params
|
This button will show the "Query String Editor" dialog. It will presents a "pretty" read/write view of the URL Query part. The query part is URL Encoded. The dialog allows you add or modify the query string easily.
|
Raw Headers
|
This tab presents a read/write view of the custom HTTP headers which are being sent to the server.
|
Cookies
|
This tab presents a read/write view of the cookies which are being sent to the server.
|
Raw Post Data
|
This tab presents a read/write view of the HTTP POST body which is being sent to the server. This is where Tamper IE/Firefox shines.
Many web applications are coded very poorly, and implicitly trust data sent by the POST body. Some corporations mistakenly think that if the HTTP Header "Referer" is correct, the POST data must have been generated securely. Wrong.
|
Edit Post Data
|
This button will show the "Post Data Editor" dialog. It will presents a "pretty" read/write view of the HTTP POST body. POSTs are generally URL encoded, and this editor dialog allows easy tampering.
|