Technical Report The findings contained within this report were responsibly disclosed to the developer who resolved the issues and approved of its dissemination. Request When submitting a password change, the following POST request was intercepted via Burp Suite proxy: In addition to a variety of HTTP headers, cookies, and session ID, there are four fields submitted in the body of the POST request: whatpulse_token…
Category: Security Testing
WhatPulse Security Testing & Disclosure – Summary
Background I have been using WhatPulse for over 17 years. WhatPulse, first released in 2003, is a client capable of tracking computer usage data for personal analytics purposes. For example, it can generate a heatmap of the most frequently typed letters, most frequently clicked screen location, or how far your mouse cursor has traveled over time. Michael from Vsauce included WhatPulse in one of…
Hacking the Juice Shop: Enumeration
Welcome to the second article of my Juice Shop series, where I will be documenting a miniature penetration test against OWASP’s Vulnerable Web Application, Juice Shop. As a reminder, there are a few stages to the penetration testing process: Pre-engagement Interactions Reconnaissance / Information Gathering Scanning (or Enumeration) Vulnerability Assessment Exploitation Reporting These phases aren’t always linear. It’s best to think of it as…
Hacking the Juice Shop: Information Gathering
The Juice Shop is an intentionally vulnerable web application developed by the Open Web Application Security Project (OWASP). It has a series of challenges that allow hackers to learn how to exploit many of the vulnerabilities that fall under the OWASP Top 10. I’m going to be posting a series of articles that effectively documents a miniature penetration test, which, generally speaking, consists of…