Broken Authentication Checks #
Requirements: #
- Account / Authentication on the web application1
Instructions #
- Login to the application using credentials while being passed through Burp Suite (Intercept: Off)
- Intercept: Off
- Make sure target is in scope and is being recorded (History)
- Browsing / Crawling
- Browse to all pages
- Try all functions
- Change password
- Add / Edit / Delete
- Accounts
- Data/entries
- In Target -> Sitemap, on the specific URL/host -> "Copy URLs in this host"
- In a text editor/grep, remove the base URL
- i.e.
https://domain.com/some/function/page.aspx
->/some/function/page.aspx
- i.e.
- Logout from the web application (Destory the session / Expire)
- On Burp's Intruder, Mode: Sniper
- Input the link as payload for the Intruder on Line 1
- Examples:
GET /some/function/page.aspx HTTP/1.1
POST /some/function/changepassword HTTP/1.1
- Examples:
- Input the link as payload for the Intruder on Line 1
- Monitor for the response code and size
- For links / function with potential
- Retrieve the correct data(parameters etc.) and try again
Last update: January 27, 2021