• caglararli@hotmail.com
  • 05386281520

How to avoid response manipulation in NodeJS Application?

Çağlar Arlı      -    10 Views

How to avoid response manipulation in NodeJS Application?

I have a NodeJS application on the server. The attacker from the client system already knows how the success response looks like for a request. Next time he sends a request with wrong credentials, here even if the request responses with failure status, he manipulates the response to success state and sends to the client (Angular 4). Thus now he can access rest of the process.

Node server already has HTTPS certification.

I do not understand what kind of attack this is? How can one solve such attack? IS there any way in NodeJS to protect from this kind of attacks?

Example:

Normal req and res flow:

A(client) ---> B(server) [A to B request]

B(server) ---> A(client) [B to A response]

Attacked req and res flow:

A(client) ---> B(server) [A to B request]

B(server) ---> C(attacker) --> A(client) [B to C, response is modified from failure to success status by c and sent to A]