Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Data tampering"

From NetSec
Jump to: navigation, search
m
(No difference)

Revision as of 14:21, 22 November 2010

Another way of attacking and exploiting web applications is through their cookies. Web sites that were coded rapidly will have easily tampered cookies that will allow an attacker to change his/her identity on the affected site, or perhaps remove or add different properties of an attacker's user for privilege escalation, and perhaps even change prices or quantities in online shopping carts, giving the attacker the ability to directly electronically steal from the affected server. Currently, Cisco IPS has no monitor for cookie and data tampering.

Tools

Tamper Data - A way to modify your user agent and cookie content in a firefox add-on.

curl - A linux command line web browser capable of using its own cookie jar and optimizing the user-agent.