How to Bypass Client Side Controls and Attack Authentication
- Ethical Hacking
- Project length: 1h 34m
In this project we will learn that how you can bypass some of the client side controls that are placed in the webapplication limit the user inputs. Also we will learn about some of the silly mistakes devs do while coding the applications. This is a very important thing you should have to learn while pentesting webapps. Because sometimes just simple things can give you high severity vulnerability. We will also cover how you can abuse authentication functions in the attacking authentication sessions. We will look into some of the most common vulnerabilities developers forgets to patch. This project will be helpful for those persons who are interested in WebApplication penetration testing.
In this project we will learn that how you can bypass some of the client side limitations developers apply to filter or limit the user inputs. Also some of the bad habits of Developers which may lead to very severe vulnerability in the webapplication. We will also learn that how you can attack authentication and can use them for your benefits like how you can test the authentication schema of a webapplication
What are the requirements?
- How to use Burp Suite
- Very basic knowledge of HTML and PHP
- And the most important is: desire to learn
What is the target audience?
- The person who want to learn the webapp pentesting
- Learners who want to enhance their knowledge
- People who have the curiousity to learn about the authentication schema of website and how to bypass or abuse them
Session 1: Setting-up the Environment
In this session we will setup a environment locally. I will use some of the vulnerable applications and some custom coded scripts in this session
Session 2: Bypassing the Client Side Controls
In this session we will learn that how you can take advantage of some silly mistakes done by devs and how you can bypass some of the client side restrictions applied by the devs
Session 3. Bypassing client side controls -2
In this session we will continue exploring how you can bypass some other client side restrictions like cookie manipulation while setting the pricing etc.
Session 4: Attacking Authentication
In this session we will learn that how we can abuse some of the authentication schemas in webapplications like how an autocomplete field can pose risk for users
Session 5: Attacking Authentication -2
In this session we will move ahead in the attacking authentication and we will learn that how cookie can be manipulated if they dont have enough entropy and how to abuse forgot password function as well.
Session 6.: Attacking Authentication By Brute Forcing
In this session we will cover how to attack authentication with brute forcing and how we can use burp suite for this purpose as well and some of the cool features which makes your work simple while brute forcing.
Session 7. Attacking Authentication on services
In this session we will cover that how you can attack on services like ftp, http etc and we will wrap up our project here.