21.1 Lab: Authentication bypass via OAuth implicit flow | 2023

This lab uses an OAuth service to allow users to log in with their social media accounts. Flawed validation by the client application makes it possible for an attacker to log in to other users’ accounts without knowing their password. To solve the lab, log in to Carlos’s account. His email address is carlos@carlos-montoya.net | Karthikeyan Nagaraj

Description

This lab uses an OAuth service to allow users to log in with their social media account. Flawed validation by the client application makes it possible for an attacker to log in to other users’ accounts without knowing their password.

To solve the lab, log in to Carlos’s account. His email address is carlos@carlos-montoya.net.

You can log in with your own social media account using the following credentials: wiener:peter.

Solution

1. Start Foxy Proxy, Turn of the Intercept on Burp and on the Browser try to Log in to the Account.
2. On Burp, Navigate to the Target Tab and add the Lab and Oauth Url to the Scope
3. Move on to Proxy Tab and on the Http Historysub-tab add the Lab and Oauth Url to the Scope.
4. Now, On the HTTP history tab search for /authenticate request and send it to Repeater
5. In Repeater tab, On the Body of the /authenticate Request, you can able to see the wiener’s Email, Change it to carlos@carlos-montoya.net and send the request
6. Now, Right click on the Response and Click Request in Browser > Original Session
7. Copy the Url and Paste it into the Browser. You will be logged in as Carlos and the Lab will be solved.
8. You can verify it by Clicking My Account

If you would like to support me so that I can create more free content — https://www.buymeacoffee.com/cyberw1ng

Thank you for Reading!

Happy Hacking ~

Author: Karthikeyan Nagaraj ~ Cyberw1ng

Telegram Channel for Ethical Hacking Dumps — https://t.me/ethicalhackingessentials