Lesson Plan Title: How to Perform Silent Transactions Attacks.

Concept / Topic To Teach:

This lesson teaches how to perform silent transactions attacks.

How the attacks works:

Any system that silently processes transactions using a single submission is dangerous to the client. For example, if a normal web application allows a simple URL submission, a preset session attack will allow the attacker to complete a transaction without the user’s authorization. In Ajax, it gets worse: the transaction is silent; it happens with no user feedback on the page, so an injected attack script may be able to steal money from the client without authorization.

General Goal(s):

* This is a sample internet banking application - money transfers page.
* It shows below your balance, the account you are transferring to and amount you will transfer.
* The application uses AJAX to submit the transaction after doing some basic client side validations.
* Your goal is to try to bypass the user's authorization and silently execute the transaction