nerdexam
CompTIA

SY0-301 · Question #726

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her ma

The correct answer is D. Proxy. A proxy (specifically an intercepting/man-in-the-middle proxy) was used. Sara ran a tool that sat between her browser and the web server, intercepted the outbound HTTP POST request, and modified the form field value from 3 to 30 before forwarding it. Tools like Burp Suite or OWAS

Threats, vulnerabilities, and mitigations

Question

Sara, a hacker, is completing a website form to request a free coupon. The site has a field that limits the request to 3 or fewer coupons. While submitting the form, Sara runs an application on her machine to intercept the HTTP POST command and change the field from 3 coupons to 30. Which of the following was used to perform this attack?

Options

  • ASQL injection
  • BXML injection
  • CPacket sniffer
  • DProxy

How the community answered

(35 responses)
  • A
    3% (1)
  • B
    3% (1)
  • C
    11% (4)
  • D
    83% (29)

Explanation

A proxy (specifically an intercepting/man-in-the-middle proxy) was used. Sara ran a tool that sat between her browser and the web server, intercepted the outbound HTTP POST request, and modified the form field value from 3 to 30 before forwarding it. Tools like Burp Suite or OWASP ZAP function as intercepting proxies for exactly this purpose. This is not SQL or XML injection (which target database queries or XML parsers), nor a packet sniffer (which passively captures traffic without modifying it).

Topics

#proxy attack#HTTP interception#parameter tampering#web application attack

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice