4. Compute HASH

Hashing Methods

The parameter tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials, amount and quantity of products, etc.

public string ComputeHash(Request _req)
  {
  string _key= { Secret Key Provided by Casheer}
  string datatocomputeHash = $"{_req.amount}{_req.authKey}{_req.currency}{_req.merchantCode}{_req.pc}{_req.referenceID}{_req.sourceCurrency}{_req.timeStamp}{_req.tunnel}{_req.userReference}";
  return GetHashValue(datatocomputeHash, _key);
  }
  public string  GetHashValue(String datatocomputeHash, String HashKey)
  {
  HMACSHA256 hmac = new HMACSHA256(System.Text.Encoding.UTF8.GetBytes(HashKey));
  string computedHash = convertToHex(hmac.ComputeHash(System.Text.UTF8Encoding.Default.GetBytes(datatocomputeHash)));
  return computedHash;
  }
  private string convertToHex(byte[] data)
  {
  System.Text.StringBuilder sb = new System.Text.StringBuilder(data.Length);
  foreach (byte b in data)
  sb.AppendFormat("{0:X2}", (int)b);
  
  return sb.ToString();
  }

Last updated