The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

data returned from the applet is being submitted to the server

Download 5,76 Mb.

Pdf ko'rish

bet	206/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 202 203 204 205 206 207 208 209 ... 875

Bog'liq
3794 1008 4334

data returned from the applet is being submitted to the server.

■

If that data is transparent in nature (i.e., is not obfuscated or encrypted),

probe and attack the server’s processing of the submitted data in the

same way as for any other parameter.

■

If the data is opaque, decompile the applet to obtain its source code.

■

Review the relevant source code (starting with the implementation of the

method that returns the opaque data) to understand what processing is

being performed.

■

Determine whether the applet contains any public methods that can be

used to perform the relevant obfuscation on arbitrary input.

■

If not, modify and recompile the applet’s source in such a way as to neu-

tralize any validation it performs or allow you to obfuscate arbitrary

input.

■

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 202 203 204 205 206 207 208 209 ... 875