Imagine buying a product online for $1000… and paying only $1. No coupons. No hacks on the server. Just a simple tweak in your browser. Sounds impossible? It's not. It's what happens when applications trust the client too much.

In this example, we'll focus on this topic by solving PortSwigger's Excessive Trust in Client-Side Controls Lab Example. It'll be a simple step-by-step guide, so if you're new, do not worry!

1- Open BURPSUITE and use BurpSuite's Browser:

We'll visit the required pages with the browser of BurpSuite. For now, Intersept should be off!

2- Create an account on PortSwigger

3- Click-on Academy section

4- Go through All Content > All Labs

5- Scroll down on the All Topics panel, and choose Business Logic Vulnerabilities

Select Excessive Trust in Client-Side Controls Lab

Now, we have the details of the lab and the credentials (username: wiener; password: peter). Hover-over Access the Lab and click on it:

Select My Account to enter credentials:

username: wiener; password: peter

Turn back to Home:

6- Select View Details

Now, we're the exact page to solve the question:

7- Before moving on, TURN BACK TO BURPSUITE'S PROXY PAGE AND ENSURE THAT INTERSECPT IS ON!

8- Go back to the browser, scroll down and select Add to Chart:

After clicking this, you'll see that Burp Suite intercepts the request before it reaches the website. Now, you see the request!

It's time to change the price of the jacket! Delete the current price and set it to 1. Then, Forward it!"

AFTER THIS STEP, DON'T FORGET TO MAKE INTERCEPT OFF! Turn back to the BurpSuite's browser, and you'll see the jacket was added to your basket:

With the new price: $0.01! Place Order:

VOILA! WE PURCHASED $1337 DOLAR JACKET JUST FOR $0.01!

It was an example that startled me! So easy and so dangerous (for profits and reputations of a company)! I hope you enjoyed it as much as I did! See you in the next exercises, bye!