PlexTrac is the next generation platform for cybersecurity professionals. Workflow integrations and automated reporting make PlexTrac the last cybersecurity tool you will ever need.…
All posts in JuiceShop
In today's post we will be talking about the Juice Shop walkthrough part two, and walking through the two star challenges. The screenshot below is from the scoreboard we found in part one. The first challenge is to access someone else's basket. The first step is to access our own basket to under more clearly how the authorization process is handled. For this challenge fire up your BurpSuite interception proxy, and set it to intercept before clicking on Your Basket. The screenshot below shows the request being caught by BurpSuite. Before forwarding the request try simply changing the /rest/basket/…
From previous posts I have talked extensively on the magical powers that is Docker. This is a script I created to help setup a fresh Kali image with multiple vulnerable web apps for training or practice purposes. #!/bin/bash # Install Docker curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add - echo 'deb https://download.docker.com/linux/debian stretch stable' > /etc/apt/sources.list.d/docker.list apt-get update apt-get remove docker docker-engine docker.io -y apt-get install docker-ce -y systemctl start docker systemctl enable docker # Install Dnsmasq apt-get install dnsmasq -y echo "# New Changes…
This post will contain screenshots for all of the 1 star challenges of the OWASP Juice Shop which was covered in a previous post. Just as a reminder the Juice Shop web application relies upon HTML5 web storage to store a cookie with current progress. If you attempt to access the Juice Shop from a different host machine or different browser you might not have your progress saved. However, if you were to restart the host machine or restart the remote server hosting the application your stored cookie will refresh your progress. The first real (albeit easier challenge) is really…