@@ -41,12 +41,12 @@ https://user-images.githubusercontent.com/91306853/219386085-820ef832-3679-4d2c-
4141
4242## Test 4 : Swagger file detection - Security misconfiguration
4343
44- Step 1: Click on run and select swagger file detection test
45- Step 2: Go to testing and wait for a minute for test results
46- Step 3: Click on the failed test - Assets found on page
47- Step 4: Click on the Attempt tab to see the test API call
48- Step 5: The response contains HTML page with swagger details
49- Step 6: Verify it by actually entering the URL
44+ 1 . Click on run and select swagger file detection test
45+ 2 . Go to testing and wait for a minute for test results
46+ 3 . Click on the failed test - Assets found on page
47+ 4 . Click on the Attempt tab to see the test API call
48+ 5 . The response contains HTML page with swagger details
49+ 6 . Verify it by actually entering the URL
5050
5151🐞 Detected unprotected swagger file!
5252
@@ -57,14 +57,14 @@ https://user-images.githubusercontent.com/91306853/221205469-12081044-f357-457c-
5757
5858## Test 5 : JWT None algo attack
5959
60- Step 1: Look at the original data - last name is "johnson"
61- Step 2: Select the endpoint you want to test for JWT None attack
62- Step 3: Click on Run test and select JWT None algo attack
63- Step 4: Look at the test results - 1 HIGH severity issue found
64- Step 5: Akto made 4 attempts - 1 succeeded with 200 OK
65- Step 6: Refresh website, notice lastname changed from "johnson" to "victim"
66- Step 7: Look at the attack again, check the token on http://JWT.io
67- Step 8: Observe algo=none
60+ 1 . Look at the original data - last name is "johnson"
61+ 2 . Select the endpoint you want to test for JWT None attack
62+ 3 . Click on Run test and select JWT None algo attack
63+ 4 . Look at the test results - 1 HIGH severity issue found
64+ 5 . Akto made 4 attempts - 1 succeeded with 200 OK
65+ 6 . Refresh website, notice lastname changed from "johnson" to "victim"
66+ 7 . Look at the attack again, check the token on http://JWT.io
67+ 8 . Observe algo=none
6868
6969🐞 JWT None algo vulnerability found
7070
@@ -80,11 +80,11 @@ https://user-images.githubusercontent.com/91306853/221206399-5b6f856b-e56c-4fe8-
8080
8181## Test 6 : JWT failed to verify signature test
8282
83- 1: Select a POST order endpoint
84- 2: Select the Broken Authentication test - JWT failed to verify signature
85- 3: Go to test results. Observe that there is a high vulnerability issue
86- 4: Check the Original tab - the original token signature starts with "HQq0"
87- 5: Check Attempt tab - gives 200 OK response with signature starting with "aQq0" - this is invalid signature, yet server accepted
83+ 1 . Select a POST order endpoint
84+ 2 . Select the Broken Authentication test - JWT failed to verify signature
85+ 3 . Go to test results. Observe that there is a high vulnerability issue
86+ 4 . Check the Original tab - the original token signature starts with "HQq0"
87+ 5 . Check Attempt tab - gives 200 OK response with signature starting with "aQq0" - this is invalid signature, yet server accepted
8888
8989
9090
@@ -97,13 +97,13 @@ https://user-images.githubusercontent.com/91306853/221205245-6c32c6d3-2863-4db7-
9797
9898## Test 7 : Broken Object Level Authorization by Parameter Pollution
9999
100- 1: Select BOLA by parameter pollution
101- 2: Run test.
102- 3: Check results
103- 4: The original request has 3 params.
104- 5: Attempt request has 6 params - all occurring twice with a diff "BasketId" value.
105- 6: This results in a success response
106- 7: The victim's cart has a new product added now!
100+ 1 . Select BOLA by parameter pollution
101+ 2 . Run test.
102+ 3 . Check results
103+ 4 . The original request has 3 params.
104+ 5 . Attempt request has 6 params - all occurring twice with a diff "BasketId" value.
105+ 6 . This results in a success response
106+ 7 . The victim's cart has a new product added now!
107107
108108🐞 Vulnerable API
109109
@@ -115,13 +115,13 @@ https://user-images.githubusercontent.com/91306853/221206568-3d3d75f2-1e69-4d0d-
115115## Test 8 : Broken Object Level Authorization in old API versions
116116
117117
118- 1: Select the list of endpoints
119- 2: Select Old version API tests.
120- 3: Go to the test results section
121- 4: Check details for the vulnerability
122- 5: Notice that original endpoint uses v2 - /api/v2/users
123- 6: Navigate to Attempt tab
124- 7: Notice that /api/v1/users also returns 200 OK with the flag
118+ 1 . Select the list of endpoints
119+ 2 . Select Old version API tests.
120+ 3 . Go to the test results section
121+ 4 . Check details for the vulnerability
122+ 5 . Notice that original endpoint uses v2 - /api/v2/users
123+ 6 . Navigate to Attempt tab
124+ 7 . Notice that /api/v1/users also returns 200 OK with the flag
125125
126126🐞 BOLA in old api versions
127127
@@ -133,11 +133,11 @@ https://user-images.githubusercontent.com/91306853/221204869-5b191e29-9748-4e10-
133133
134134## Test 9 : Security misconfiguration - django-exposed-debug-page
135135
136- 1: Select the Django-exposed-debug-page test and run it
137- 2: Wait for the result
138- 3: Check the Attempt tab and look for debug details in the response
139- 4: Check details for the vulnerability
140- 5: Observe we open the debug page - with details of modules, and inner workings of Django server code
136+ 1 . Select the Django-exposed-debug-page test and run it
137+ 2 . Wait for the result
138+ 3 . Check the Attempt tab and look for debug details in the response
139+ 4 . Check details for the vulnerability
140+ 5 . Observe we open the debug page - with details of modules, and inner workings of Django server code
141141
142142🐞 django-exposed-debug-page
143143
0 commit comments