Different kinds of hacking
The idea is like this:
A hacker sets up a man in the middle attack on him / herself.
While using the web based app, you monitor the requests, responses, & actions that are happening in the browser.
Using the Man in the middle attack, the hacker will change a website’s element & resend the packet which provides a new & different response.
I have used this tactic to grab SAML authentication or cookies, but never to send an unexpected request to a website. Well, kinda…
I have found hundreds of websites that have elements that are hidden where if you change the element to display, you have a new field box on the page or something similar.
I have never really thought of this as “hacking” but with the addition of more and more web based applications, this opens access to more and more internal databases that a website can query. Also, using these apps, as they write data to these servers, a hacker could use this to write files to it. A carefully placed file on a server could cause the unit to download & execute a RAT (Remote Access Tool). This is a tool that I need to have on my tool belt.
I am attempting to research this & set this up in my lab. If you are a pro at this… let me know so we can work on this together.