What is Client-Side Filter Bypass?

Many websites lack client-side filter checks, so it becomes easy to bypass that. But, our bypass will only be successful if there is no server-side filter check either. First, let’s dig a little bit about the client-side filter bypass. 

Client-Side Filter

These filters ensure that the input given by the user is in the correct format. Basically, this filter validates the input, and then it is forwarded to the server-side. For example: If you don’t put ‘@’ in your email id, or if u don’t click on terms and conditions if you insert alphabets in phone no. field, you are prompted to enter valid inputs. 

Cleint-Side Filter

Prerequisites: The basic knowledge of Burp suite or any proxy which intercepts the data. 

Steps to Bypass The Filters

Step 1: Enter the correct data in the correct format in the field. 



Enter correct data in correct format

Step 2: Open Burp suite and turn the intercept on. 

Step 3: Click on the REGISTER button in the form. 

Step 4: Open burp suite and you will see something like this: 

Open Burp suite

Now, you see that ‘@’ is converted into %40 and notice at the end there is ‘&terms=true’ depicting the terms and conditions. Our motive is to bypass the terms and condition filters as well as correct formatted email filters. 

Step 5: Let’s delete the ‘&terms=true’ and also %40 (which denotes ‘@’ of an email id) from the Burp Suite.

Delete details from Burp suite



Step 6: Turn off the intercept and see the magic. 

Turn off Intercept

Now, you might think what’s a big deal in bypassing these filters. Well, this was just basic. Let’s see what can be done by bypassing the client-side filters. Suppose, you have ordered a product in a website which lacked client-side and server-side filter checks and you proceed to check out an item as follows: 
 

Product Order

As you can see, you don’t have enough balance to buy that item. But, we can try our luck by opening the Burp suite and intercepting the request to check if we can tamper with the data: 

Step 1: Turn the intercept on of burp suite and you will see something as follows:

Turn Intercept On

Step 2: Here, you will notice a parameter named discount. Let’s try to increase the discount value to our product price value and check if there is any filter. 

Increase discount value

Step 3: Turn off the intercept of the Burp suite and see the magic. 

Turn Off Intercept

 

My Personal Notes arrow_drop_up


If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.


Article Tags :

Be the First to upvote.


Please write to us at contribute@geeksforgeeks.org to report any issue with the above content.