0x02 - Broken Auth in 30 Seconds
Did you know broken authentication exploits are some of the the highest impact vulnerabilities you can find?
Applications that fail to check the validity of the user's session are vulnerable to broken authentication.
This allows attackers to access the app's resources without providing a username/password.
Most of the time this is possible by sending a direct HTTP request to the affected API endpoint.
Fortunately, there is a Burp extension to automate the process and repeat every request without any cookies to detect authentication vulnerabilities: Authorize
How to do it
Proxy traffic through Burp
Browse the application
Select requests ->
Extensions
->Authorize
->Send to Authorize
Check the
Unauthenticated
column for theBypassed
warningNavigate to the
Unauthenticated Response
tab and confirm if the request was successful without providing an authentication token