-
Book Overview & Buying
-
Table Of Contents
Burp Suite Cookbook - Second Edition
By :
HTTP parameter pollution (HPP) is an attack in which multiple HTTP parameters are sent to the web server with the same name. The intention is to determine whether the application responds in an unanticipated manner, allowing exploitation. For example, in a GET request, additional parameters can be added to the query string—in this fashion: "&name=value"—where name is a duplicate parameter name already known by the application code. Likewise, HPP attacks can be performed on POST requests by duplicating a parameter name in the POST body data.
Using OWASP Mutillidae II, let’s determine whether the application allows HPP attacks.
Figure 8.21 – Navigate to the HTTP Parameter Pollution lesson...
Change the font size
Change margin width
Change background colour