INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Generate and submit a form from server

Generate and submit a form from server

(OP)
Hi

I am submitting data to a payment provider using an html form with hidden fields and SSL. However, it appears that this data can be intercepted and modified using a proxy tool. How can I achieve the equivalent within classic ASP alone - i.e. generate and submit the form from the server rather than from the browser?

The form currently looks something like this:

CODE

  <form action="https://paymentprovider.com/purchase" method=POST id=form1 name=PayForm>
  <input type=hidden name="instId"      value="1234">
  <input type=hidden name="amount"      value="100.00">
  <input type=hidden name="currency"    value="GBP">
  <input type=hidden name="country"     value="GB">
  <input type=hidden name="name"        value="Fred Bloggs">
  <input type=hidden name="email"       value="fred@bloggs.com">
  <input type=submit value="invisible" id=submit1 name=submit1 style="width:0">
  </form>
  <script type="text/javascript">document.WorldPayForm.submit()  </script>

If possible I'd prefer any solution to support older versions of IE but it's not essential.

Thanks in advance.

RE: Generate and submit a form from server



If the  communication is over SSL the data being transferred is encrypted, so is unreadable by sniffers or interceptors

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: Generate and submit a form from server

(OP)
Thanks Chris.

I agree with you in principle but an external penetration testing company claim they managed to intercept and adjust payment to 0.01 GBP and there is evidence on the site to this effect. Perhaps they just tried a few changes to the encrypted text and got lucky. They advised submitting from server to avoid possibility of interception.

 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close