Honeypot Processors: Hidden Input Form Processor

Many webmasters create forms which post to a common form handling service; using hidden fields to indicate how the service should handle the data. A common hacking technique is to look for these hidden parameters and see if there is any way to change the behavior of the service by manipulating its input parameters. This processor is responsible for injecting a fake hidden input into forms in HTML responses and ensuring that when those values are posted back to the server, they have not been modified.

Table 17: Hidden Input Form Processor Configuration Parameters

Parameter

Type

Default Value

Description

Basic

Processor Enabled

Boolean

True

Whether traffic should be passed through this processor.

Advanced

Hidden Input Parameter

Collection

Collection

The possible hidden inputs on a page.

Inject Input Enabled

Boolean

True

Whether to inject hidden inputs into HTML forms.

Maximum Injections

Integer

3

The maximum number of fake hidden parameters that will be added to any given URL.

Strip Fake Input

Boolean

True

Whether to remove the fake input value from the posted form results before proxying the request to the backend servers. This should only be turned off if there is some additional security implemented on the form, where its contents are signed on the client and validated on the server.

Incident: Hidden Parameter Manipulation

Boolean

True

The user submitted the form and the value of the injected parameter is not what was expected.

Incident: Hidden Input Type Manipulation

Boolean

True

The user submitted the form and the value of the injected parameter is not what was expected. It was also modified to post a file.