Generate and submit a form from server

[Glasgow]

Hi

I am submitting data to a payment provider using an html form with hidden fields and SSL. However, it appears that this data can be intercepted and modified using a proxy tool. How can I achieve the equivalent within classic ASP alone - i.e. generate and submit the form from the server rather than from the browser?

The form currently looks something like this:

  <form action="[URL unfurl="true"]https://paymentprovider.com/purchase"[/URL] method=POST id=form1 name=PayForm>
  <input type=hidden name="instId"      value="1234">
  <input type=hidden name="amount"      value="100.00">
  <input type=hidden name="currency"    value="GBP">
  <input type=hidden name="country"     value="GB">
  <input type=hidden name="name"        value="Fred Bloggs">
  <input type=hidden name="email"       value="fred@bloggs.com">
  <input type=submit value="invisible" id=submit1 name=submit1 style="width:0">
  </form>
  <script type="text/javascript">document.WorldPayForm.submit()  </script>

If possible I'd prefer any solution to support older versions of IE but it's not essential.

Thanks in advance.

 

[ChrisHirst]

If the communication is over SSL the data being transferred is encrypted, so is unreadable by sniffers or interceptors

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

 

[Glasgow]

Thanks Chris.

I agree with you in principle but an external penetration testing company claim they managed to intercept and adjust payment to 0.01 GBP and there is evidence on the site to this effect. Perhaps they just tried a few changes to the encrypted text and got lucky. They advised submitting from server to avoid possibility of interception.