-
Book Overview & Buying
-
Table Of Contents
-
Feedback & Rating

Burp Suite Cookbook
By :

HTTP parameter pollution (HPP) is an attack in which multiple HTTP parameters are sent to the web server with the same name. The intention is to determine whether the application responds in an unanticipated manner, allowing exploitation. For example, in a GET
request, additional parameters can be added to the query string—in this fashion: "&name=value"
—where name
is a duplicate parameter name already known by the application code. Likewise, HPP attacks can be performed on POST
requests by duplicating a parameter name in the POST
body data.
Using OWASP Mutillidae II, let’s determine whether the application allows HPP attacks.
Figure 8.21 – Navigate to the HTTP Parameter Pollution lesson...
Change the font size
Change margin width
Change background colour