Skip to content
Related Articles

Related Articles

What is Client-Side Filter Bypass?
  • Last Updated : 15 Jul, 2020

Many websites lack client-side filter checks, so it becomes easy to bypass that. But, our bypass will only be successful if there is no server-side filter check either. First, let’s dig a little bit about the client-side filter bypass. 

Client-Side Filter

These filters ensure that the input given by the user is in the correct format. Basically, this filter validates the input, and then it is forwarded to the server-side. For example: If you don’t put ‘@’ in your email id, or if u don’t click on terms and conditions if you insert alphabets in phone no. field, you are prompted to enter valid inputs. 

Cleint-Side Filter

Prerequisites: The basic knowledge of Burp suite or any proxy which intercepts the data. 

Steps to Bypass The Filters

Step 1: Enter the correct data in the correct format in the field. 

Enter correct data in correct format

Step 2: Open Burp suite and turn the intercept on. 

Step 3: Click on the REGISTER button in the form. 

Step 4: Open burp suite and you will see something like this: 

Open Burp suite

Now, you see that ‘@’ is converted into %40 and notice at the end there is ‘&terms=true’ depicting the terms and conditions. Our motive is to bypass the terms and condition filters as well as correct formatted email filters. 

Step 5: Let’s delete the ‘&terms=true’ and also %40 (which denotes ‘@’ of an email id) from the Burp Suite.

Delete details from Burp suite

Step 6: Turn off the intercept and see the magic. 

Turn off Intercept

Now, you might think what’s a big deal in bypassing these filters. Well, this was just basic. Let’s see what can be done by bypassing the client-side filters. Suppose, you have ordered a product in a website which lacked client-side and server-side filter checks and you proceed to check out an item as follows: 

Product Order

As you can see, you don’t have enough balance to buy that item. But, we can try our luck by opening the Burp suite and intercepting the request to check if we can tamper with the data: 

Step 1: Turn the intercept on of burp suite and you will see something as follows:

Turn Intercept On

Step 2: Here, you will notice a parameter named discount. Let’s try to increase the discount value to our product price value and check if there is any filter. 

Increase discount value

Step 3: Turn off the intercept of the Burp suite and see the magic. 

Turn Off Intercept


Try out the all-new GeeksforGeeks Premium!

My Personal Notes arrow_drop_up
Recommended Articles
Page :