DEV Community

Kunal Singh
Kunal Singh

Posted on

2

How to bypass input filter

#cybersecurity #tutorial #opensource #security

Before going into client-side filters let’s understand what client-side filters are. As we know nowadays there are a lot of safer websites available in the market and to make themselves safer they use different kinds of filters also which can be categories in two parts :

  1. Client-Side Filters
  2. Server-Side Filters

We can also say that when we give input and if it satisfies the criteria then it will be accepted otherwise it will raise an error.

For example: Entering letters in the phone number field or Inserting email without @ symbol
Now let's jump in the client-side filter and understand what is meant by that.

  1. Client-Side Filter

On the client-side, the input is being checked on the by browser only which means before sending the input to the server Where on the server-side the input is being sent to the server, and then the server checks whether is valid or not. It is hard to bypass server-side filters as compared to client-side filters but in the end, both of the filters can be bypassed depending on the code and how they are written in the backend and what filters they have used, and whether they do their job completely or not.

We are going to use the burp suite to intercept the HTTP header response for our current example.

Steps to bypass client-side filters using burp suite.

Open the page where you want to check the client-side filter. I am taking the example of a signup page.

Now I will enter the correct details and click on the signup and intercept that request using a burp suite and note down the response that has been sent to the server by the browser when we enter the correct credentials.

Now in the burp suite, I can try to change or temper the data like dis selecting the selected field (terns and condition) changing the required fields (if age is 18 years or above changing it to less than 18)

After doing necessary changes if we forwarded the request from

Burp Suite and it is accepted and we are able to signup successfully that means there is no server-side filter or check.

This type of Vulnerability is also known as Improper or Missing Server Side Validation Vulnerability

To make our web application safer from Client-side attacks we can avoid this kind of vulnerabilities.

profile
AWS
 Promoted

AWS Q Developer image

Your AI Code Assistant

Automate your code reviews. Catch bugs before your coworkers. Fix security issues in your code. Built to handle large projects, Amazon Q Developer works alongside you from idea to production code.

Get started free in your IDE

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

gateru profile image

The Ultimate Guide to Chart Types in Power BI

Kaira Kelvin. -

vitalisorenko profile image

Tokenizing Open Source Licenses: Revolutionizing the Software Industry

Vitali Sorenko -

zhangwei42 profile image

Elon Musk’s Open Source Revolution in the NFT Landscape

Zhang Wei -

vitalisorenko profile image

Microsoft's Journey into Open Source: A Transformational Tale

Vitali Sorenko -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay