Friday, August 13, 2010

Security Testing - HPP Attack (HTTP Parameter Pollution)

HTTP Parameter Pollution (HPP) Attack

HPP attack can be defined as process of modifying or exploiting the REQUEST post and url parameters and changing the application behavior. It is a serious attack which is underestimated.

It is classified into Client and Server side attack.

There are may tools available to perform this attack, but it can be performed in a better way using NeoLoad, as it expose parameters, request and response in great detail. Actually it is a load testing tool, you can download the trial version and play with it. It automatically handle session and cookies, just need to concentrate on tweaking the parameters. Attaching the tool screen shot displaying parameters, request and response for a request.

Following articles will help you under stand HPP in a better way.

Minded Security Blog

Minded Security Blog - Client side attack 

HPP attach on Yahoo Mail


No comments:

Post a Comment