I have developed a login page using php and i have an firefox addon named "Tamper Data 11.0.1.1-signed" . I entered the username and password and started tampering of that data using that addon. I am able to see the password in clear text in the data captured by the addon. Is there any way to prevent it? –
Asked
Active
Viewed 1,431 times
1
-
1Why would you want to prevent this? This can only be done on the machine where the user enters the credentials. – Jeroen Jun 25 '15 at 05:16
-
2It is expected that you're physically in control of the system that you are typing your password on. You are now tampering with your own data. On the other hand, this shows that if the browser itself is compromised, then other websites or extensions can also do the same thing. – munchkin Jun 25 '15 at 05:46
1 Answers
1
When a web page is displayed in your web browser a local copy of the webpage is stored in your computer. The web browser reads this local copy. You can in fact alter this local copy and it will not have any effect in the copies displayed by other visitors to that web page.
What the plug in is doing is something like that, it alters what you see or type in the local copy of that web page. One way is to display an overlay of the password, another is to change the type of the input from password to text, there may be others but they are all local to your computer.
You may choose to send that information back to the server (by submitting the form) or not, but before you send it (or an automated script does it), it has no effect on the server or in what other users are seeing on the website.
Purefan
- 3,560
- 19
- 26