•  19-06-2021
  •  | 
  •  

Question

If a program sends a http request, is there a way to spoof the data returned by the request?

For example:

Program that sends name to server to check for permission: http://example.com/test.php?name=Stackoverflow

Actual Response: HI

Response I want to spoof: HELLO

Also, are there good forms of authentication to protect against this (if it is possible).

Was it helpful?

Solution

This question is pretty open-ended, so it's hard to answer it with something terribly specific. Depending on exactly what you're trying to do, a simple proxy like Fiddler (Windows-only), Burp, etc. might do the trick. You could also play tricks with hosts files, iptables (see Otto's comment), etc. It's definitely possible, but depending on exactly what you're trying to do, some methods may be more suitable than others.

As for the second part of your question (authentication to ensure this doesn't happen), this is one of the primary purposes of HTTPS.

In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against Man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.

http://en.wikipedia.org/wiki/HTTP_Secure

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top