Tips to beat a website payment page security
Some of the tips to help you beat a website’s credit card payment:
1. Look up the Payment Gateway documentation
You want to read the payment gateway documentation provided by the developers of the merchant website. In the documentation, you may find the critical information you can work with to bypass the credit card payment on the merchant site such as:
2. Consider changing product quantity
Apart from just changing the product price on the credit card page of the merchant website or at the Payment Gateway, you could change the quantity, which reduces the amount you’re charged for the item.
Simply, locate the quantity fields or similar in the captured packets in the Burp Suite software and make changes. For instance:
Quantity = 5 & Price = $ 50 ; Grand total = 5 X 50 = $ 250
Now,
Tamper Quantity = 0.01 & Price = $ 50 ; Grand total = 0.01 X 50 = $ 0.5
If the price is secured with the server-side like this, you try manipulating the quantity to pay way less.
3. Fuzz other parameters
Other parameters you could try fuzzing include:
Some of the tips to help you beat a website’s credit card payment:
1. Look up the Payment Gateway documentation
You want to read the payment gateway documentation provided by the developers of the merchant website. In the documentation, you may find the critical information you can work with to bypass the credit card payment on the merchant site such as:
- Transaction success message
- Transaction success code
- Hash parameters and technique
- Response messages
- Promo code data
- Response code, etc.
2. Consider changing product quantity
Apart from just changing the product price on the credit card page of the merchant website or at the Payment Gateway, you could change the quantity, which reduces the amount you’re charged for the item.
Simply, locate the quantity fields or similar in the captured packets in the Burp Suite software and make changes. For instance:
Quantity = 5 & Price = $ 50 ; Grand total = 5 X 50 = $ 250
Now,
Tamper Quantity = 0.01 & Price = $ 50 ; Grand total = 0.01 X 50 = $ 0.5
If the price is secured with the server-side like this, you try manipulating the quantity to pay way less.
3. Fuzz other parameters
Other parameters you could try fuzzing include:
- Wallet amount
- Promo codes
- Delivery charges