SY0-301 · Question #726
Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her ma
The correct answer is D. Proxy. A proxy (specifically an intercepting/man-in-the-middle proxy) was used. Sara ran a tool that sat between her browser and the web server, intercepted the outbound HTTP POST request, and modified the form field value from 3 to 30 before forwarding it. Tools like Burp Suite or OWAS
Question
Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack?
Options
- ASQL injection
- BXML injection
- CPacket sniffer
- DProxy
How the community answered
(35 responses)- A3% (1)
- B3% (1)
- C11% (4)
- D83% (29)
Explanation
A proxy (specifically an intercepting/man-in-the-middle proxy) was used. Sara ran a tool that sat between her browser and the web server, intercepted the outbound HTTP POST request, and modified the form field value from 3 to 30 before forwarding it. Tools like Burp Suite or OWASP ZAP function as intercepting proxies for exactly this purpose. This is not SQL or XML injection (which target database queries or XML parsers), nor a packet sniffer (which passively captures traffic without modifying it).
Topics
Community Discussion
No community discussion yet for this question.