Many websites lack client-side filter checks, so it becomes easy to bypass that. But, our bypass will only be successful if there is no server-side filter check either. First, let’s dig a little bit about the client-side filter bypass.
These filters ensure that the input given by the user is in the correct format. Basically, this filter validates the input, and then it is forwarded to the server-side. For example: If you don’t put ‘@’ in your email id, or if u don’t click on terms and conditions if you insert alphabets in phone no. field, you are prompted to enter valid inputs.
Prerequisites: The basic knowledge of Burp suite or any proxy which intercepts the data.
Steps to Bypass The Filters
Step 1: Enter the correct data in the correct format in the field.
Step 2: Open Burp suite and turn the intercept on.
Step 3: Click on the REGISTER button in the form.
Step 4: Open burp suite and you will see something like this:
Now, you see that ‘@’ is converted into %40 and notice at the end there is ‘&terms=true’ depicting the terms and conditions. Our motive is to bypass the terms and condition filters as well as correct formatted email filters.
Step 5: Let’s delete the ‘&terms=true’ and also %40 (which denotes ‘@’ of an email id) from the Burp Suite.
Step 6: Turn off the intercept and see the magic.
Now, you might think what’s a big deal in bypassing these filters. Well, this was just basic. Let’s see what can be done by bypassing the client-side filters. Suppose, you have ordered a product in a website which lacked client-side and server-side filter checks and you proceed to check out an item as follows:
As you can see, you don’t have enough balance to buy that item. But, we can try our luck by opening the Burp suite and intercepting the request to check if we can tamper with the data:
Step 1: Turn the intercept on of burp suite and you will see something as follows:
Step 2: Here, you will notice a parameter named discount. Let’s try to increase the discount value to our product price value and check if there is any filter.
Step 3: Turn off the intercept of the Burp suite and see the magic.
- Best Books to Learn Data Science for Beginners and Experts
- Top 10 Machine Learning Project Ideas That You Can Implement
- Neuromorphic Computing
- Top 5 Golang Frameworks in 2020
- What is Google Chrome Operating System?
- How to Learn Python in 21 Days?
- What is Crowdsourcing?
- Top 5 Cloud Platform Service Providers in 2020
- Subscriber Identity Module (SIM)
- 10 Web Development and Web Design Facts That You Should Know
- 5 Online Education Etiquette That You Must Know in 2020
- GATE CS 2021 (Revised) Syllabus
- 7 Must-Have Mobile Apps to Prepare for Online Interviews
- 5 Tips to Crack Low-Level System Design Interviews
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.