Broken Authentication Checks

Requirements:

Instructions

  1. Login to the application using credentials while being passed through Burp Suite (Intercept: Off)
    • Intercept: Off
    • Make sure target is in scope and is being recorded (History)
  2. Browsing / Crawling
    • Browse to all pages
    • Try all functions
      • Change password
      • Add / Edit / Delete
        • Accounts
        • Data/entries
  3. In Target -> Sitemap, on the specific URL/host -> "Copy URLs in this host"
  4. In a text editor/grep, remove the base URL
    • i.e. https://domain.com/some/function/page.aspx -> /some/function/page.aspx
  5. Logout from the web application (Destory the session / Expire)
  6. On Burp's Intruder, Mode: Sniper
    1. Input the link as payload for the Intruder on Line 1
      • Examples:
        • GET /some/function/page.aspx HTTP/1.1
        • POST /some/function/changepassword HTTP/1.1
  7. Monitor for the response code and size
  8. For links / function with potential
    1. Retrieve the correct data(parameters etc.) and try again