Questions about this topic? Sign up to ask in the talk tab.

Data tampering

From NetSec
Revision as of 03:59, 2 May 2012 by GertieUbpgdd (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Another way of attacking and exploiting web applications is through their cookies. Web sites that were coded rapidly will have easily tampered cookies that will allow an attacker to change his/her identity on the affected site, or perhaps remove or add different properties of an attacker's user for privilege escalation, and perhaps even change prices or quantities in online shopping carts, giving the attacker the ability to directly electronically steal from the affected server. Currently, Cisco IPS has no monitor for cookie and data tampering.

Tools

Tamper Data - A way to modify your user agent and cookie content in a firefox add-on.

curl - A linux command line web browser capable of using its own cookie jar and optimizing the user-agent.

This article contains too little information, it should be expanded or updated.
Things you can do to help:
  • add more content.
  • update current content.