0x02 - Broken Auth in 30 Seconds

Did you know broken authentication exploits are some of the the highest impact vulnerabilities you can find?

Applications that fail to check the validity of the user's session are vulnerable to broken authentication.

This allows attackers to access the app's resources without providing a username/password.

Most of the time this is possible by sending a direct HTTP request to the affected API endpoint.

Fortunately, there is a Burp extension to automate the process and repeat every request without any cookies to detect authentication vulnerabilities: Authorize


How to do it

  1. Proxy traffic through Burp

  2. Browse the application

  3. Select requests -> Extensions -> Authorize -> Send to Authorize

  4. Check the Unauthenticated column for the Bypassed warning

  5. Navigate to the Unauthenticated Response tab and confirm if the request was successful without providing an authentication token


References