Comment on page

80,443 - Web

Foothold

  • source code
  • links
  • redirect
  • cookies
  • burpsuite
  • headers

Fuzzing

  • directories
  • files
  • files+extensions
  • subdomains

Login

Injection

Generate errors

  • Check resources showing input info
  • Symbols to cause errors

Intercept with burp

  • send parameters empty
  • add symbols
  • change order of parameters
  • change content-type
  • content-type: if www-urlencoded ... change to application/json and format parameters
  • change http verbs (GET to POST, POST to OPTIONS, etc)

Bruteforce

  • Hydra hydra -L allowed.userlist -P allowed.userlist.passwd 10.10.10.10 http-post-form "/login.php
  • ffuf
  • wfuzz