Hướng Dẫn Thực Hành - BackTrack 5 : Lesson 11- How to Enable Tamper Data

{ How to Enable Tamper Data }

---

Section 0. Background Information

• What is tamper data?
  • Tamper Data is a Firefox Extension which gives you the power to view, record and modify outgoing HTTP/HTTPS requests (headers and post parameters)
• Pre-Requisite Lab
  1. BackTrack: Lesson 1: Installing BackTrack 5 
     • Note: This is not absolutely necessary, but if you are a computer security student or professional, you should have a BackTrack VM.
• Lab Notes
  • In this lab we will do the following:
    1. We will enable Tamper Data in Firefox on BackTrack 5R1.

•  

Section 1. Configure BackTrack Virtual Machine Settings

1. Edit the BackTrack5R1 VM
   • Instructions:
     1. Select BackTrack5R1 VM
     2. Click Edit virtual machine settings
   • 
2. Edit Virtual Machine Settings
   • Instructions:
     1. Click on Network Adapter
     2. Click on the Bridged Radio button
     3. Click on the OK Button
   • 

Section 2. Play and Login to BackTrack

1. Play the BackTrack5R1 VM
   • Instructions:
     1. Click on the BackTrack5R1 VM
     2. Click on Play virtual machine
   • 
2. Login to BackTrack
   • Instructions:
     1. Login: root
     2. Password: toor or <whatever you changed it to>.
   • 
3. Bring up the GNOME
   • Instructions:
     1. Type startx
   • 

Section 3. Open Console Terminal and Retrieve IP Address

1. On BackTrack, Start up a terminal window
   • Instructions:
     1. Click on the Terminal Window
   • 
2. Obtain the IP Address
   • Instructions:
     1. ifconfig -a
   • Note(FYI):
     • My IP address 192.168.1.109.
     • In your case, it will probably be different.
     • This is the machine that will be use to attack the victim machine (Metasploitable).
   • 

Section 4. Enable Tamper Data

1. Start Firefox
   • Instructions:
     1. Click on Firefox
   • 
    
2. Select Add-ons
   • Instructions:
     1. Tools --> Add-ons
   • 
3. Enable Tamper Data
   • Instructions:
     1. Click on Extensions
     2. Click on Tamper Data Enable Button
   • 
4. Restart Firefox
   • Instructions:
     1. Click Restart Now (See Picture)
   • 

Section 15. Proof of Lab

1. Proof of Lab, (On a BackTrack Terminal)
   • Instructions:
     1. find /root/.mozilla/firefox/* -name "localstore.rdf" | xargs grep -i tamper | wc -l
        • find /root/.mozilla/firefox/*, Search the (/root/.mozilla/firefox/) path
        • -name "localstore.rdf", Search for the file (localstore.rdf).
        • xargs grep -i tamper, Search for the string (tamper) and ignore case.
        • wc -l, Count the number of results.
     2. date
     3. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
   • Proof of Lab Instructions:
     1. Do a PrtScn
     2. Paste into a word document
     3. Upload to website www.antoanthongtin.edu.vn
   •