1 year ago

#313032

test-img

mmathan

How to send form data securely to server without any middle attack

I am sending form data to the Java backend server through form submit post method

I am sending important parameters like amount to the server. During testing process, testers using Burp suite software, change the parameters and updating some other amount to the server and state it as vulnerability issue

How to send these kind of parameters to server so that it cannot be changed by any middle man attack.

I have also deployed the application in https site. But still same issue occurs.

Javascript:

Inside the success function of an ajax call, i am submitting the form using below code, $( "#myForm" ).submit();

Java- Backend server

@Path("/saveFeeDetail")
    @POST
    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
    @Produces(MediaType.TEXT_HTML)

    //@JWTTokenNeeded
    public Response saveFeeDetails(@Context ServletContext context,@FormParam("toPayAmthid") String toPayAmt,@FormParam("pendingAmthid") String pendingAmt,@FormParam("feeIdhid") String feeId,@FormParam("feeTypehid") String feesTypeFd,@FormParam("payStatushid") String paymentStatus,@FormParam("studentIdhid") String stuId,@FormParam("paymentFlaghid") String flag,@FormParam("courseIdhid") String courseId,@FormParam("yearIdhid") String yearId,@FormParam("semIdhid") String semId,@FormParam("academicyearIdhid") String academicYearId,@FormParam("amountPaidhid") String amountPaid,@FormParam("paidAmounthid") String paidAmount,@Context HttpServletRequest request) {     
        getUserRegistrationServiceLog.info("UserRegistrationService getFeesDiscountByStudentID Process method starts here");

        
            List saveFeeDetailsList=null;
    

        NumberToWord number=new NumberToWord();
        String numberToText= number.convert(Integer.parseInt(amountPaid));

         saveFeeDetailsList =userregistrationConfigService.saveFeeDetailsById(stuId,toPayAmt,feesTypeFd,pendingAmt,paymentStatus,feeId,numberToText,courseId,academicYearId,yearId,semId,amountPaid,flag,paidAmount);
        
        getUserRegistrationServiceLog.info("UserRegistrationService Save Fee Details Process method ends here");

            //return Response.status(200).entity(saveFeeDetailsList).build();
           UriBuilder builder = UriBuilder.fromPath(context.getContextPath());
           HttpSession session=request.getSession();  

            builder.path("student/status.jsp");
            for(int i=0;i<saveFeeDetailsList.size();i++){
                           session.setAttribute("ReceiptNo",saveFeeDetailsList.get(1));  
                   session.setAttribute("BillText",saveFeeDetailsList.get(2));  

            }
            request.setAttribute("receiptList", saveFeeDetailsList);

            return Response.seeOther(builder.build(request)).build();
            
            
        
            
    }

javascript

java

https

form-data

man-in-the-middle

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs