
Tamper Chrome extension to modify requests in flight - alpb
https://chrome.google.com/webstore/detail/tamper-chrome-extension/hifhgpdkfodlpnlmlnmhchnkepplebkb/
======
kevinwang
I've used this before to modify the leaderboard scores of small web games[0]

I was amazed at how simple it was to use. Pretty full-featured, as well.

[0]: [http://kevinwang.us/cheating-a-guide-to-achieving-high-
score...](http://kevinwang.us/cheating-a-guide-to-achieving-high-scores-
without-hard-work/)

~~~
tomglynch
Your blog post is very interesting, replicated it in a game against some of my
friends too. Very easy.

~~~
niilzon
If you believe 2 years of CS are required to achieve this.. Anybody with a
brain can exploit this classic, basic flaw, without any CS studies but just
some curiosity. Sorry to put it blundly like this though.

~~~
zulln
Eh hm... are you sure you replied to the correct comment?

~~~
DorothySim
Probably yes. Sending scores in HTTP requests is such a low-hanging fruit for
exploitation.

A friend of mine was responsible for scoring system on games. As they had some
real awards (like bikes, tickets etc.) they captured the entire flow of the
game with various statistics and later analyzed them for weird variations.
That was in Flash and people used browser plugins to slow down the play, that
was easy to spot. Of course it won't stop 100% of attacks, but it raises a bar
sufficiently to thwart most attempts.

------
ic4l
There is also the trusty Charles app
([https://www.charlesproxy.com/](https://www.charlesproxy.com/))

------
amenghra
Charles proxy, Paros, Burp and Fiddler are all great tools to intercept and
modify traffic.

Great for debugging or just inspecting/reversing/hacking in general.

Im glad if similar tools are being made available as browser extensions, it
might lower the barrier to entry and get more people poking at the network
layer.

PS:
[https://github.com/square/PonyDebugger](https://github.com/square/PonyDebugger)
is a cool debugger that lets you use Chrome developer tools when developing
iOS apps.

PS2: [https://paw.cloud/](https://paw.cloud/) and some other tools take these
proxies to a whole new level in terms of UI/polish.

~~~
tehlike
[https://mitmproxy.org/](https://mitmproxy.org/) is pretty nice too.

~~~
pwillia7
Tamper is built on MITM -- I built some internal tools using Tamper a few
years back - Great proxy service.

------
homakov
Can it be extended so I could copy entire request in one click in some format
(XAR is best)

~~~
joshschreuder
Can't dev tools already do this? Right click request and copy as CURL, etc.

~~~
homakov
Yes, but you cannot cancel the request. If you go offline mode it lacks
cookies. That's why I need an extension that blocks request first.

------
platz
the tamper window seems to not open half the time leaving after specifying to
tamper request headers, leaving chrome waiting for the extension with no way
to resume the request

------
synthecypher
This functionality is built in to Firefox would be nice if it was the case in
Chrome.

~~~
SmellyGeekBoy
How much functionality should browsers have built in? Seems like extra bloat
for the 99.9% of users who'd never even need this, but the same could be said
for most of the dev tools I guess.

