Beruflich Dokumente
Kultur Dokumente
Web Applications
Ch 5:
Bypassing Client-Side Controls
Clients Repeat Data
It's common for a server to send data to
a client
Server sends
hidden price field
to client
Changing Price with Burp
Cookie Fields
No proxy
needed
Just modify
the URL
Hidden URL Parameters
<img src="http://foo.com?price=449">
<iframe src="http://foo.com?price=449">
<form action="http://foo.com?price=449"
method="POST">
In a sandboxed environment
Link Ch 5d
Flash Serialization
Content-type header
Difficult to read
Obfuscation Methods
Unreachable statements
quantity is obfuscated
Download Applet and
Decompile with Jad
Decompiled Java
Header
Decompiled Java
Verifies tha qty is between 0 and 50
OllyDbg to debug