How to validate a request/response to a JSP page in Struts 1.2 ??
Short scenario: the response from the action class is captured on the way to jsp and is tweaked. how to validate whether that response has been touched? (This is all part of VAPT so excuse me if something sounds illogical)
response from the action class is captured on the way to jsp and is tweaked
Are you saying that the Java and JSPs are not running the same container, or even the same JVM, and therefore are going over the wire, and you're worried about interception there?
Or do you mean that some kind of filter class in you server stack is deliberately altering the response, and you want to validate your own transformation of it?
Or do you mean you're concerned about interception between server and the client, and that what you mean by the word JSP is actually the rendered HTML sent to the client (browser)?
In general, the way you detect tampering is to use hashing - this is why when you download an open source project, you will often see a hash download next to it. I don't know of any off-the-shelf solution for this in a normal browser context. Maybe have some javascript in a separate tab / frame, which checks for hash delivered in a separate request?
But ultimately, if you're that worried about man-in-the-middle attacks, make the request over https. Maybe even use mutual certificates (server sends a cert to browser, and a browser sends cert to the server, as a mutual authentication.)
