Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Data tampering"
From NetSec
WillieArce (Talk | contribs) m |
GertieUbpgdd (Talk | contribs) |
||
(One intermediate revision by one other user not shown) | |||
Line 1: | Line 1: | ||
− | Another way of attacking and exploiting web [[ | + | Another way of attacking and exploiting web [[application]]s is through their [[cookies]]. Web sites that were coded rapidly will have easily tampered [[cookies]] that will allow an attacker to change his/her identity on the affected site, or perhaps remove or add different properties of an attacker's user for [[privilege escalation]], and perhaps even change prices or quantities in online shopping carts, giving the attacker the ability to directly electronically steal from the affected server. Currently, Cisco [[IPS]] has no monitor for cookie and data tampering. |
==Tools== | ==Tools== | ||
Line 6: | Line 6: | ||
curl - A [[linux]] command line web browser capable of using its own cookie jar and optimizing the user-agent. | curl - A [[linux]] command line web browser capable of using its own cookie jar and optimizing the user-agent. | ||
− | + | {{expand}} |
Latest revision as of 03:59, 2 May 2012
Another way of attacking and exploiting web applications is through their cookies. Web sites that were coded rapidly will have easily tampered cookies that will allow an attacker to change his/her identity on the affected site, or perhaps remove or add different properties of an attacker's user for privilege escalation, and perhaps even change prices or quantities in online shopping carts, giving the attacker the ability to directly electronically steal from the affected server. Currently, Cisco IPS has no monitor for cookie and data tampering.
Tools
Tamper Data - A way to modify your user agent and cookie content in a firefox add-on.
curl - A linux command line web browser capable of using its own cookie jar and optimizing the user-agent.
This article contains too little information, it should be expanded or updated. |
---|
Things you can do to help:
|