How to manipulate/inject a website using a proxy server
Please do this on your own site or get permission from the owner of the website, this is ILLEGAL
Download Burp Proxy PortSwigger.net - web application security
Run Burp Proxy
Once download and installed go to Golfsmith: Golf clubs, golf balls, golf accessories, golf shoes and golf apparel from Callaway Golf, TaylorMade, Taylor Made, Titleist, Cleveland Golf, Cobra, and Nike Golf
Find an expensive golf club you like Callaway Golf Clubs: Callaway Senior Fusion Wide Sole Iron Set 4-SW w/ Graphite Shafts
Select the options you need and just before you click checkout, go over to Burp Proxy, make sure you are on port 8080, select intercept, then minimize Burp Proxy, open Internet Options, Tools, Connections, LAN Settings, put a check mark in Use a proxy server......... and set it to localhost on port 8080. Then go back to the webpage and click checkout.
Burp Proxy will now show you the content of the website. On the Intercept tab, go thru the list and look for anything that show the price of just that golf club. So if its $500.00, look for and change all items you see that is $500.00 and change it to $1.00. Look thru the list completely. What we are doing here is manipulating and injecting information on this website/server. There is no edit>find in this program so you got to look manually.
If you noticed, the webpage is "frozen".
Next, after you have made all the changes to $1.00, click the forward button on Burp Proxy several times till there is no information being show. What is happening now is we are sending the information to the server to update the website.
Now looking at the website, instead of seeing a $500.00 golf club, its now $1.00 Pretty neat huh?
Now click on the checkout button and the go over to Burp Proxy, look thru the forward tab to make sure the price hasn't been changed back to $500.00. After the first windows has been checked thru, click forward and look thru that one untill the windows are blank.
You will notice that when you click the forward button in Burp Proxy, it feeds information to the website.
Here is the dangerous part, whatever you do DO NOT CLICK CHECKOUT UNLESS YOU HAVE PERMISSION OR ARE BRAVE ENOUGH.
So what do you all think?
Please do this on your own site or get permission from the owner of the website, this is ILLEGAL
Download Burp Proxy PortSwigger.net - web application security
Run Burp Proxy
Once download and installed go to Golfsmith: Golf clubs, golf balls, golf accessories, golf shoes and golf apparel from Callaway Golf, TaylorMade, Taylor Made, Titleist, Cleveland Golf, Cobra, and Nike Golf
Find an expensive golf club you like Callaway Golf Clubs: Callaway Senior Fusion Wide Sole Iron Set 4-SW w/ Graphite Shafts
Select the options you need and just before you click checkout, go over to Burp Proxy, make sure you are on port 8080, select intercept, then minimize Burp Proxy, open Internet Options, Tools, Connections, LAN Settings, put a check mark in Use a proxy server......... and set it to localhost on port 8080. Then go back to the webpage and click checkout.
Burp Proxy will now show you the content of the website. On the Intercept tab, go thru the list and look for anything that show the price of just that golf club. So if its $500.00, look for and change all items you see that is $500.00 and change it to $1.00. Look thru the list completely. What we are doing here is manipulating and injecting information on this website/server. There is no edit>find in this program so you got to look manually.
If you noticed, the webpage is "frozen".
Next, after you have made all the changes to $1.00, click the forward button on Burp Proxy several times till there is no information being show. What is happening now is we are sending the information to the server to update the website.
Now looking at the website, instead of seeing a $500.00 golf club, its now $1.00 Pretty neat huh?
Now click on the checkout button and the go over to Burp Proxy, look thru the forward tab to make sure the price hasn't been changed back to $500.00. After the first windows has been checked thru, click forward and look thru that one untill the windows are blank.
You will notice that when you click the forward button in Burp Proxy, it feeds information to the website.
Here is the dangerous part, whatever you do DO NOT CLICK CHECKOUT UNLESS YOU HAVE PERMISSION OR ARE BRAVE ENOUGH.
So what do you all think?
