Web Based Parameter-Tampering on Shopping Site using BurpSuite Testing
Authors: Lijo Jose, M . Rajesh Khanna, D Meganathan and Praveen Kumar B T
Publishing Date: 28-11-2022
ISBN: 978-81-955020-5-9
Abstract
Client’s web application’s infrastructure was monitored using several footprinting techniques and scanning of ports was done using n-map and other tools to get an idea of total network infrastructure of our client and several tools to get close enough to the web application were done as part of bug bounty. Among all performed attacks for example SQL injection, remote access, Cross-site scripting, etc. Web Based Parameter tampering attack was successfully deployed in-order to affect the integrity of their web application. Parameter Tampering on a web application is a vulnerability which is found by analysing the site and its pages by using the BurpSuite tool, Freeze the payment request of the Client’s store web page using intercept action and try to alter the parameters such as price, quantity, product id or to develop parameters such as coupon code and forward the modified request to the web server by unfreezing the request. If there is an Integrity and validation mechanism error in the server then the changes are reflected then it is vulnerable to parameter tampering attack and the web server redirects to the payment gateway with a modified parameter and if found so it is reported to the concerned author of the site as bug bounty report. By performing this attack there was a huge impact on their business.
Keywords
Parameter Tampering, BurpSuite, Intercept, Forward request, Unfreeze the request, Vulnerable, Report.
Cite as
Lijo Jose, M . Rajesh Khanna, D Meganathan and Praveen Kumar B T, "Web Based Parameter-Tampering on Shopping Site using BurpSuite Testing", In: Saroj Hiranwal and Garima Mathur (eds), Artificial Intelligence and Communication Technologies, SCRS, India, 2022, pp. 527-535. https://doi.org/10.52458/978-81-955020-5-9-51