Michael's OWASP Juice Shop Workshop
0 likes152 views
The document outlines the use of Burp Suite for exploiting and patching web vulnerabilities, specifically focusing on tools like Repeater and Intruder. It includes instructions for attacking an insecure website, OWASP Juice Shop, and illustrates how to analyze and manipulate SQL queries to demonstrate SQL injection techniques. Additionally, it acknowledges contributions from various sources and provides installation guidance for Burp Suite Community Edition.
Michael's OWASP Juice Shop Workshop
- 1. Exploiting and patching vulnerabilities on the web. WebSecurity
- 2. OUTLINEFORTODAY RequiredSoftware Please install Burp Suite if you have not already! 01 OverviewofBurpSuite Tools like Repeater, Intruder, etc. 02 OWASPJuiceShop Attack a live insecure website, fix security bugs 03
- 5. WhyUseBurpSuite? ● Keep a log of web traffic ● View and modify HTTP requests/responses on a website ● Suite of tools: ○ Proxy ■ View all traffic routed through the Burp proxy ■ Intercept and modify requests ○ Intruder ■ Brute force HTTP requests by parameters, endpoints, HTTP headers, etc. ○ Repeater ■ Repeating a previous HTTP request with modifications . . .
- 6. BurpSuiteProxy The web application response is sent back to the Burp proxy. WebServer Request is sent from the browser to Burp Suite. Allows for the modification of request data. Forwards the request to the web server. BurpSuite Browser
- 8. Placeanorderthat makesyourich ● Make the shop pay you
- 9. User input fields may be used as arguments in an SQL query. If these input fields are not sanitized or validated correctly, an attacker may be able to modify the query maliciously. SQLInjection 9
- 10. SQLi-LoginasAdmin ● Analyzing SQL queries and crafting an SQLi string ● Brute forcing SQLi strings with Burp Intruder
- 11. SQLInjection OWASP Juice Shop login.ts
- 12. Accessthe AdministrationSection ● Find the URL to the administration section
- 13. RegisteranAdmin Account ● Find the parameter required to register an admin account ● Craft a registration request with this parameter
- 15. This is where you give credit to the ones who are part of this project. ◂ Presentation template by Slidesgo ◂ Icons by Flaticon ◂ Infographics by Freepik ◂ Author introduction slide photo created by Freepik ◂ Text & Image slide photo created by Freepik.com CREDITS