Mitigating Parameter Tampering: Practical Insights and Solutions

jadavvineet73 91 views 27 slides Jul 26, 2024
Slide 1
Slide 1 of 27
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27

About This Presentation

Delve into the world of parameter tampering with our in-depth presentation. This project highlights the risks associated with manipulating request parameters and provides actionable strategies for detection and prevention. Through a series of practical labs and case studies, we demonstrate how param...

Size: 2.81 MB
Language: en
Added: Jul 26, 2024
Slides: 27 pages

Slide Content

PARAMETER TEMPERING

INDEX INTRODUCTION TYPES TOOL STEP BEFORE TEMPERING STEP AFTER TEMPERING PREVENTION

Parameter Tampering   Parameter tampering is a type of web-based  cyber attack  in which certain parameters in a  URL  are changed without a user's authorization. In some cases, the data entered by a user into a form field of a webpage may also be modified -- again, without the user's authorization. The attack may point the  browser  to a link, page or site that the user did not intend to access.

Parameter Tampering   Parameter tampering is a type of web-based  cyber attack  in which certain parameters in a  URL  are changed without a user's authorization. In some cases, the data entered by a user into a form field of a webpage may also be modified -- again, without the user's authorization. The attack may point the  browser  to a link, page or site that the user did not intend to access.

TYPES OF PARAMETER TEMPERING

1. Cookie Manipulation Think of cookies as the digital crumbs that track your online journey. While they generally serve for good purposes, Attackers can easily alter cookie contents and send them back to the server, a process known as Cookie Manipulation.

2. Form Fields Manipulation Forms, are not immune to manipulation. Attacker exploit this vulnerability by tweaking the information transmitted to the server via these forms..

3. URL Manipulation URLs play a crucial role in data transmission, but they can be exploited by attackers.    An attacker can intercept this URL and manipulate the debit amount, potentially causing financial chaos by altering the "1" to a much larger value.

4. HTTP Headers Manipulation: HTTP headers, accompany every request and carry essential metadata. Among these, the referrer header show the source of a request. Attackers, however, can manipulate this header to trick Server into thinking a request originates from a trusted source. 

TOOLS

Burp Suite It is developed by the company named Portswigger , which is also the alias of its founder Dafydd Stuttard .  Burp or Burp Suite is a set of tools used for penetration testing of web applications. It is the most popular tool among professional web app security researchers and bug bounty hunters. Its ease of use makes it a more suitable choice over free alternatives like OWASP ZAP. 

STEPS TO PERFORM parameter tempering STEPS 1

STEPS TO PERFORM parameter tempering STEPS 2

STEPS TO PERFORM parameter tempering STEPS 3

STEPS TO PERFORM parameter tempering STEPS 4

STEPS TO PERFORM parameter tempering STEPS 5

STEPS TO PERFORM parameter tempering When I was checking this Iphone , I checked that price tampering is happening here. After that , I used burpsuite tool

STEPS TO PERFORM parameter tempering STEPS 1 Open burpsuite

STEPS TO PERFORM parameter tempering STEPS 2 Check the intercept of that iphone price page

STEPS TO PERFORM parameter tempering STEPS 3 change the price

STEPS TO PERFORM parameter tempering STEPS 4 Forward that page

STEPS TO PERFORM parameter tempering STEPS 5 Amount was change

STEPS TO PERFORM parameter tempering STEPS 6 Request from Payment

STEPS TO PERFORM parameter tempering STEPS 7

How to prevent parameter tampering? The following steps can help limit this vulnerability: The forms on the site should have some built-in protection Server-side validation compared with all inputs Avoid unwanted or hidden data Don’t allow interception

Questions ?

Thank You!
Tags
slideshare presentation slideshare student presentation cyber protection cyber security project cyberwarfare cyberthreats #cyber security cyber defenses #cyber security course cyber attacks cyber environment #cyber training
Categories
Education Technology Sports
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 91
  • Slides 27
  • Age 494 days
Related Slideshows
TLE-9-Prepare-Salad-and-Dressing.pptxkkk 11
TLE-9-Prepare-Salad-and-Dressing.pptxkkk
MaAngelicaCanceran
32 views
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx 12
LESSON 1 ABOUT MEDIA AND INFORMATION.pptx
JojitGueta
25 views
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru 60
GRADE-8-AQUACULTURE-WEEKQ1.pdfdfawgwyrsewru
MaAngelicaCanceran
41 views
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx 26
Feelings PP Game FOR CHILDREN IN ELEMENTARY SCHOOL.pptx
KaistaGlow
40 views
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx 54
Jeopardy_Figures_of_Speech_Template.pptx [Autosaved].pptx
acecamero20
24 views
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd 7
Jeopardy_Figures_of_Speech.pptxvdsvdsvsdvsd
acecamero20
25 views
View More in This Category