How Hackers Change Product price on website to cheap price Using Burpsuite

 ### How Hackers Change Product Prices Using Burp Suite

**Burp Suite** is a popular tool used for security testing of web applications. Hackers can use it to manipulate web traffic and exploit vulnerabilities, such as changing product prices on e-commerce websites. Here’s a detailed guide on how this can be done and how to protect against it:

#### 1. **Understanding Burp Suite**

- **Burp Suite**: A security testing tool for web applications that allows users to intercept, inspect, and modify HTTP/HTTPS requests and responses between the browser and the web server.

#### 2. **Setup Burp Suite**

1. **Download and Install Burp Suite:**

   - Obtain Burp Suite from the official website and install it on your system.

2. **Configure Your Browser:**

   - Set up your browser to use Burp Suite as a proxy. This involves configuring your browser’s proxy settings to point to Burp Suite’s proxy listener (usually localhost:8080).

3. **Install Burp Suite Certificate:**

   - To intercept HTTPS traffic, install Burp Suite’s SSL certificate in your browser to avoid SSL/TLS warnings.

#### 3. **Intercepting Traffic**

1. **Open Burp Suite:**

   - Launch Burp Suite and go to the "Proxy" tab.

2. **Set Proxy Listener:**

   - Ensure that the proxy listener is active and set to the correct port (default is 8080).

3. **Capture HTTP/HTTPS Traffic:**

   - Use your browser to navigate to the e-commerce website. Burp Suite will capture all HTTP/HTTPS requests and responses between your browser and the server.

4. **Enable Intercept:**

   - In the "Proxy" tab, go to the "Intercept" sub-tab and turn on the intercept feature to catch requests before they reach the server.

#### 4. **Modifying Requests**

1. **Find the Product Request:**

   - Add an item to your cart on the e-commerce site. Look for the request that is sent to the server when you view or modify the cart.

2. **Inspect the Request:**

   - Use Burp Suite’s "HTTP History" tab to locate the request related to the cart or checkout process. Examine the request headers and body.

3. **Identify Price Parameters:**

   - Look for parameters in the request related to product prices. These might be in the URL, query parameters, or the request body.

4. **Modify the Price:**

   - Right-click the request and select "Send to Repeater" to modify and resend the request.

   - In the "Repeater" tab, change the product price to a lower value and send the modified request.

5. **Analyze Response:**

   - Check the response from the server. If successful, the modified price might reflect on the website. 

#### 5. **Testing the Exploit**

1. **Verify Price Change:**

   - Refresh the cart or checkout page on the website to see if the price has been updated to the value you set.

2. **Complete the Transaction:**

   - Try to complete the purchase with the altered price to see if the exploit works.

#### 6. **Security Implications and Prevention**

1. **Input Validation:**

   - Ensure that server-side validation is performed for all user inputs. Prices should be controlled by the server and not modifiable by client-side requests.

2. **Data Integrity Checks:**

   - Implement checks to verify the integrity of sensitive data (e.g., prices) before processing transactions.

3. **Secure Development Practices:**

   - Follow secure coding practices and regularly audit and test your application for vulnerabilities.

4. **Monitor and Log Activity:**

   - Maintain logs of transactions and monitor for unusual activities or patterns that could indicate exploitation.

5. **Use Security Tools:**

   - Employ security tools and practices like Web Application Firewalls (WAFs) and regular penetration testing to protect against such attacks.

By understanding how hackers can exploit vulnerabilities and using this knowledge to secure your applications, you can better protect against price manipulation and other similar attacks.