Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Modify Headers Extension
Posted by: Obbin
Date: December 09, 2006 01:03PM

Today when I needed a simple way to spoof my http referrer I came upon the firefox extension Modify Headers (https://addons.mozilla.org/firefox/967/), and I like it a lot!
Personally I find it easier to use this to modify cookies, referrer, user agent and so on then downloading separate extensions for everything. Just great when you want to be a proxy that forwards a connection for someone in North Korea :P

Thought I'd let you know.
Thanks!



Edited 1 time(s). Last edit at 12/09/2006 01:46PM by Obbin.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: jungsonn
Date: December 09, 2006 01:35PM

Yes it nice, i got it also.
though, i prefer the "tamper data" extension a little more, you know this one?

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: Obbin
Date: December 09, 2006 01:44PM

Pretty nice one, a little advanced for my needs though.
I didn't test it a lot, but can you set permanent filters for headers in it?
If any of these two had regex as an option, I'd use that one!


EDIT: Typos



Edited 4 time(s). Last edit at 12/09/2006 01:54PM by Obbin.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: December 09, 2006 04:32PM

I think things like this have a time and place, but I'm still in love with burp proxy because it allows me to see what I'm sending on every request, and watch both inbound and outbound requests. It really should be integrated into Firefox properly, but the way it works is fine for my needs.

But cool plugin Obbin.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: WhiteAcid
Date: December 09, 2006 05:21PM

While I have the burp proxy I have to say that I haven't yet played with it as much as it deserves. Though to simply view data I'll usually start up wireshark, nothing quite beats that.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: December 09, 2006 05:50PM

Wireshark is good but it's also pretty noisy and gives me lots of information I'm not that interested in and also doesn't stop the packets in transit. If I want to look at the packets I generally also want to modify them before they are sent or received by the browser. But both definitely have their uses.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: jungsonn
Date: December 09, 2006 07:50PM

have anyone here tried "tamper data" ? it can come in good use. Cause on every request it pauses the browser and give you options to tamper the stream, it also got xss vectors and sql vectors build in, as well gives you the direct option to modify the full header, like the cookies.

personally I use it alot,
it reminds me of the win32 app called "intellitamper" for MS systems.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: WhiteAcid
Date: December 09, 2006 10:56PM

I've used tamnperdata for a long time, I love it. I don't really use it's inbuilt xss and sql injection stuff though.

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: maluc
Date: December 10, 2006 07:18AM

i had downloaded burp proxy quite a while ago, but never gave it a chance until last month. I'm in love with it now..

rsnake: it would be really nice if it were integrated - but the next best thing is to use the Tor Button extension. i set it to port 8080 so a simple left click to the 'Tor Disabled' in the bottom right turns Burp on and off. Also use a freeware program Iconize to put the two windows into the system tray

-maluc

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: December 10, 2006 09:42PM

Interesting... I've been using switchproxy plugin for ages. It does the same thing, but I have many proxies (not just Tor) so it's really ideal. The only reason I have both is because switchproxy doesn't handle SOCKS proxies, which Tor is. So I use both Tor button and switchproxy.

I tried tamperdata but I never got into it. It seemed a little too clunky and I ended up having to use Burp proxy in the end anyway since I also have to test in Internet Explorer, Netscape and Opera too (although really IE is the biggie).

Too many browsers. This is why not many people are good at the nuances of security. They focus too much on one browser or one technology. I'm a slut. I'll do anything as long as it's easy.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: maluc
Date: December 11, 2006 01:27AM

hrm, i hadn't heard of switchproxy - but installed it, and although the torbutton is meant for tor, i like it bettar. And switchproxy does have a socks 4 and 5 option, does it not work? or maybe it's a recent addition.

and since i was bored i switched out the button that says Tor Disabled/Enabled to say Burp Proxy .. but too lazy to change it most everywhere else to make it look purpose built. its in torbutton.jar/locale/en-US/torbutton.properties if anyone cares..

And for anything interesting, i like to test it in both IE and firefox - but i don't usually find it worth my time to test most things in opera or netscape or safari. When upwards of 95 out of 100 people use one of the main two, it's a compelling cost/benefit.

-maluc

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: December 11, 2006 10:59AM

Ooh, I don't know why, but I had never seen that SOCKS setting before. Cool! Now I don't need to use Tor button at all. But, I'm sorry, I meant to write this yesterday, but I forgot to and therefor I ended up inadvertently lying. That is not the only reason I use switchproxy. I know, I know, you can shoot me for being a liar. I _also_ use it because I have many proxies I connect through (mostly SSL port forwarding, actually). Nothing beats it for testing outside your firewall, especially if you already have the port forwarding open as you are SSHed in anyway. It's just way way faster than any other extension I've found (I use it 10 times a day or more when I'm testing).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: Obbin
Date: December 11, 2006 11:04AM

I think I'll try Burp now after hearing so much good about it!
I usually use Proxifier to make sure java and such doesn't leak my ip. It is very useful for it's purpose but a bit clumsy to turn on and off (No hotkeys and special features etc). However it lets you chain proxies.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: December 11, 2006 03:19PM

That is nice... I hadn't heard about that one. You prefer Proxifier over Tor/Privoxy?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: Obbin
Date: December 12, 2006 08:16AM

Yes, absolutely. I like the way it proxy's the whole comp so you won't have to turn off java/wmp/vlc/realplayer plugins, cause they won't leak anyway. It also supports SOCKS4a (It can do DNS lookups through Tor).



Edited 1 time(s). Last edit at 12/12/2006 08:20AM by Obbin.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: maluc
Date: December 12, 2006 09:21AM

umm, are the java applets allowed to communicate with a server? i.e. play any of those Yahoo Games through it. If it can, i don't see how a proxy could possibly prevent IP leakage. Java can access it natively, and at best it can only blacklist your IP from being sent.

I don't think it has any hope of prevent an IP that's been ROT-13d, or XOR'd .. or converted to a DWORD and adding 2 _-_

-maluc

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: Obbin
Date: December 12, 2006 11:10AM

I might be wrong here, but I believe Prixifier works as a firewall, it simply passes every outgoing package through Tor (or any other proxy). And since it's a firewall, is there any way a package could sneak by? If there were wouldn't that be a big security risk in itself (a virus/adware/whatever could simply bypass your firewall)?

EDIT: Do you know any site that tests your privacy? i.e. Through java applets, images, plugins etc.
EDIT #2: I searched a bit and found a few java ip detectors and none of them could find my ip, going to try some chess right now to make sure the java works as it should.



Edited 2 time(s). Last edit at 12/12/2006 02:27PM by Obbin.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: jungsonn
Date: December 12, 2006 03:19PM

@Maluc:

I heard it's possible through a proxy to leak DNS info.

@Obbin:
You can test it @ showmyip .com

Yes that JAVA IP detecting issue, from what i know that was a bug, and is fixed. it should only show you 127.0.0.1 - localhost which is useless.

If anyone still can do it, i really like to know, cause it solves the TOR detection puzzle :)

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: ntp
Date: December 23, 2006 07:22PM

for those looking for a tor alternative try sixfour or JAP
http://anon.inf.tu-dresden.de/index_en.html
http://sourceforge.net/projects/sixfour/

for those looking for a burpproxy alternative (which i'm not anytime soon): consider Charles or WebProxyEditor

burp (proxy-only version) is fast, it's nice, it's easy, it's simply the best tool out there for web application penetration testing and vulnerability assessment work. more web application security-related bugs have certainly been found through it than any other blackbox tool. SPIKEproxy might be close, especially considering the integration with OWASP VulnXML. SPIKEproxy is a mess, though.

i played with Pantera and Suru - too slow, too many features, too confusing. burp suite also has too many features.

Charles would be really good for XHR, XML, JSON, and SOAP work. Probably better than Firebug, which is what I have been using for Web 2.0, although still required for modification of code execution.
http://www.xk72.com/charles/

WebProxyEditor is probably the best proxy I've seen and played with. But it's Windows only.
http://www.microsoft.com/mspress/companion/0-7356-2187-X/

My biggest complaint about both WebProxyEditor and burpproxy is that neither is easily extensible to someone with rudimentary time or care to write something in C# or Java for a simple change like adding support for XSSFuzz or XSSAssistant features. I can't stand the copy/paste work for this stuff into and out of burpproxy. Pantera, written in Python, is probably the best bet, which is really sad because we just don't play nicely together yet.

However, burpproxy has proven to be fairly extensible when used along with log parsers, curl, and a little bit of effort. but i want it in the tool!

EDIT: Found CAL9000 on the OWASP page. It really sucks, as does most of the stuff coming out of OWASP. i hate to say it, but their apps are mostly crap. Anyone else agree/disagree?



Edited 1 time(s). Last edit at 12/25/2006 07:00AM by ntp.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: jungsonn
Date: December 24, 2006 06:01AM

I'm still searching for l33t proxies out there, very hard to find one.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: sharoncreech
Date: January 18, 2007 12:59PM

Proxifier is not firewall.It works same way as FreeCap (that is free) and almost same as SocksCap (that support only socks).
Java is security risk but in mostly cases socksification of appz is enough to hide your ip address.
I can remember that in my test a couple years a go i was able to connect to chat based on Java through socksified appz.

btw

You can find a lot working proxy servers jungsonn on ProxyBlind

Anonymous Free Proxy Server List | Proxy List | Anonymous Proxy | Proxy Forum



Edited 1 time(s). Last edit at 01/18/2007 12:59PM by sharoncreech.

Options: ReplyQuote
Re: Modify Headers Extension
Date: March 17, 2007 12:46AM

rsnake Wrote:
-------------------------------------------------------
> I think things like this have a time and place,
> but I'm still in love with burp proxy because it
> allows me to see what I'm sending on every
> request, and watch both inbound and outbound
> requests.

You can use another extension called Live HTTP Headers to do that.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: trev
Date: March 17, 2007 06:01AM

I thought of that but didn't want to bring up the old topic :)
The good thing about LiveHTTPHeaders is that it works for HTTPS connections as well. It allows you to see every request, you can also "replay" it with different headers if you like. Very nice extension.

PS: LiveHTTPHeaders is on addons.mozilla.org? I didn't even know... Finally!

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: March 18, 2007 04:19PM

Burp also works with liveheaders, however, unlike liveheaders burp also allows you to see ALL the text of the request, including all the hits on the page, redirects, etc... (and it does work over SSL as well as long as you don't mind the popup). Liveheaders is okay, but it's severely lacking in features that I most commonly use to do auditing. After playing with it for a few weeks I finally just uninstalled it. Burp is just that much better despite the fact that it is an extra step and I have to keep Java and switchproxy installed.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: trev
Date: March 18, 2007 04:46PM

Ever tried Tools / Live HTTP Headers? That window shows you all requests, with redirects, headers and POST data.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: March 18, 2007 06:06PM

Yes, but does it also both show and allow you to modify the text of the page before rendering? Lots of times I want to stop things from loading (in the case where something sets a token each time that's especially useful).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: trev
Date: March 18, 2007 07:26PM

No, that isn't what this extension is meant for.

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: rsnake
Date: March 18, 2007 08:04PM

Right... so while useful for some people, definitely not what webappsec guys need (at least not the serious ones).

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: Modify Headers Extension
Posted by: hackathology
Date: April 07, 2007 02:35AM

What about webscarab??? I use webscarab to do auditing and i find it easy and powerful.

http://hackathology.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.