Honeypot Processors: Hidden Input Form Processor
Many webmasters create forms which post to a common form handling service; using hidden fields to indicate how the service should handle the data. A common hacking technique is to look for these hidden parameters and see if there is any way to change the behavior of the service by manipulating its input parameters. This processor is responsible for injecting a fake hidden input into forms in HTML responses and ensuring that when those values are posted back to the server, they have not been modified.
Table 1: Hidden Input Form Processor Configuration Parameters
Parameter | Type | Default Value | Description |
|---|---|---|---|
Basic | |||
Processor Enabled | Boolean | True | Whether traffic should be passed through this processor. |
Advanced | |||
Hidden Input Parameter | Collection | Collection | The possible hidden inputs on a page. |
Inject Input Enabled | Boolean | True | Whether to inject hidden inputs into HTML forms. |
Maximum Injections | Integer | 3 | The maximum number of fake hidden parameters that will be added to any given URL. |
Strip Fake Input | Boolean | True | Whether to remove the fake input value from the posted form results before proxying the request to the backend servers. This should only be turned off if there is some additional security implemented on the form, where its contents are signed on the client and validated on the server. |
Incident: Hidden Parameter Manipulation | Boolean | True | The user submitted the form and the value of the injected parameter is not what was expected. |
Incident: Hidden Input Type Manipulation | Boolean | True | The user submitted the form and the value of the injected parameter is not what was expected. It was also modified to post a file. |
