Chapter 5  ■ Bypassing Client-Side Controls

■■

Automatic updating of the 

Content-Length

header when messages are

modified.

■■

Browsing history and message cache.

■■

Ability to replay and remodify individual requests.

■■

Integration with other tools such as spiders and fuzzers.

If you have not installed or used a proxy tool before, see Chapter 19 for

instructions and for a comparison of the main tools available.

Once an intercepting proxy has been installed and suitably configured, you

can trap the request that submits the form, and modify the 

price

field to any

value, as shown in Figure 5-2.

Figure 5-2:  Modifying the values of hidden form fields using an intercepting proxy

If the application processes the transaction based on the price submitted,

then you can purchase the product for any price of your choosing.

T I P

Download 5,76 Mb.

Do'stlaringiz bilan baham: