How to bypass input filter
Kunal Singh
Posted on October 9, 2021
Before going into client-side filters let’s understand what client-side filters are. As we know nowadays there are a lot of safer websites available in the market and to make themselves safer they use different kinds of filters also which can be categories in two parts :
- Client-Side Filters
- Server-Side Filters
We can also say that when we give input and if it satisfies the criteria then it will be accepted otherwise it will raise an error.
For example: Entering letters in the phone number field or Inserting email without @ symbol
Now let's jump in the client-side filter and understand what is meant by that.
- Client-Side Filter
On the client-side, the input is being checked on the by browser only which means before sending the input to the server Where on the server-side the input is being sent to the server, and then the server checks whether is valid or not. It is hard to bypass server-side filters as compared to client-side filters but in the end, both of the filters can be bypassed depending on the code and how they are written in the backend and what filters they have used, and whether they do their job completely or not.
We are going to use the burp suite to intercept the HTTP header response for our current example.
Steps to bypass client-side filters using burp suite.
Open the page where you want to check the client-side filter. I am taking the example of a signup page.
Now I will enter the correct details and click on the signup and intercept that request using a burp suite and note down the response that has been sent to the server by the browser when we enter the correct credentials.
Now in the burp suite, I can try to change or temper the data like dis selecting the selected field (terns and condition) changing the required fields (if age is 18 years or above changing it to less than 18)
After doing necessary changes if we forwarded the request from
Burp Suite and it is accepted and we are able to signup successfully that means there is no server-side filter or check.
This type of Vulnerability is also known as Improper or Missing Server Side Validation Vulnerability
To make our web application safer from Client-side attacks we can avoid this kind of vulnerabilities.
Posted on October 9, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.