Freigeben über


IE Developer Toolbar helps me hack

I was browsing IE blog articles to get research ideas.  I came across IE Developer Toolbar, and decided to play with it.  I was checking out different options, and it impressed me as a good web client developer tool, as it offers a breakdown of HTML elements, such as image dimension and structure validation.  Almost I dismissed it as a security tool because as a security guy, I don't care so much about valid HTML.  :)

Then, a few menus dawned on me as very useful.  Disable menu offers disabling of Script, Popup Blocker and All CSS.  Disabling script is very useful when I want to temporarily bypass some client-side checks on lengths or content.  Of course, I can disable scripting via Internet Options or use Fiddler to bypass it, but it is easier via IE Developer Toolbar.

In addition, my favorite is Cache menu as shown in the first screenshot.  It offers some very useful options to manipulate cookies, such as Disable Cookies, Clear Session Cookies, Clearn Cookies for Domain and View Cookies Information.  I used to navigate to Temporary Internet Files directory, look for the right cookie among many temporary files, and review cookies by using Notepad.  Each time a cookie is changed, I will need to manually open the same cookie again because Notepad does not offer refresh.  It is time-consuming.  It will be even more difficult if I want to see all cookies from the same domain name because they are stored in different files sorted by hostnames.

By using IE Developer Toolbar, I can easily view cookies across a domain by using View Cookies Information that will tabulate all cookies across the domain of the active page.  The next screenshot shows a sample of all cookies from Microsoft.com as shown by View Cookies Information.  In addition, cookies can be deleted without going to the Temporary Internet Files directory directly.

By using IE Developer Tool, it enables me to learn a new security penetration vector around cookies.  Stay tuned for that.  Also, please share with me your favorite security tools.

Comments

  • Anonymous
    September 19, 2007
    The comment has been removed