How Hackers Manipulate the Live Data Stream on Internet
1. First of all install WebGoat and configure Web browser
2. We will use the tool Achilles. It is a tool designed for testing the security of Web applications. Achilles is a proxy server, which acts as a man-in-themiddle during an HTTP session. For more about Achilles, pls check its official website.
3. Double-click the webgoat.exe icon from the directory containing the WebGoat application.
4. onfigure the LAN setting as shown in the below fig
5. Run the Achilles application & select the options of the application as shown in below fig.
Intercept mode ON
Intercept Client Data
Select Log to File – Save the data
6. Your Achilles screen should look like the following.
7. Open Internet Explorer and Adjust both screens equally on your desktop as shoen below.
8. Click the Start button on Achilles and notice that the status bar along the lower-left side of Achilles will let you know it is running.
9. In the address bar of Internet Explorer, enter the following address:
10. Press Enter, and Achilles will list the data flowing through to the Tomcat application. Click the Send button in Achilles. You will be presented with a login screen. For the User Name and Password enter the word guest. click the Send button again.
11. Click the Send button again & WebGoat screen will be displayed in the Web browser.
12. Under the Unvalidated Parameters section, specifically the Hidden Field Tampering area. Click on this area.
13. Click the Send button again.
14. WebGoat will appear with a shopping cart as shown below.
15. Click the Purchase button. Within Achilles you will see the QTY=1 & is Price=4999.99. Now if you want to make a purchase, whose actual cost is 4999.99 but you have only 1.99 in your account, Within Achilles edit the 4999.99 to 1.99 and then click the Send button.
16. The sale has completed, with a total charge of $1.99