Skip to content

Commit

Permalink
updates
Browse files Browse the repository at this point in the history
  • Loading branch information
@alecmaly
alecmaly committed May 12, 2022
1 parent 297c126 commit 08b2869
Show file tree
Hide file tree
Showing 4 changed files with 614 additions and 12 deletions.
89 changes: 85 additions & 4 deletions burp-project-options.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -211,7 +211,83 @@
"monitor_sequencer":false
},
"macros":{
"macros":[]
"macros":[
{
"description":"Macro 1",
"items":[
{
"accept_response_cookies":true,
"custom_parameters":[
{
"end_at_delimiter":"\">\n <label>",
"end_at_fixed_length":32,
"end_mode":"at_delimiter",
"exclude_http_headers":false,
"extract_mode":"define_start_and_end",
"name":"csrf",
"start_af_offset":2614,
"start_after_expression":" value=\"",
"start_at_mode":"after_expression",
"url_encoded":false
}
],
"method":"GET",
"request":"GET /login HTTP/1.1\r\nHost: ac861fd31ebda5a38047177c00310013.web-security-academy.net\r\nCookie: session=X9p8Rn0yXhhF7O4OT2isft24OtsUfgRY\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nSec-Ch-Ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\"\r\nSec-Ch-Ua-Mobile: ?0\r\nReferer: https://ac861fd31ebda5a38047177c00310013.web-security-academy.net/login2\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nConnection: close\r\n\r\n",
"request_parameters":[],
"response":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: 3026\r\n\r\n<!DOCTYPE html>\n<html>\n <head>\n <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet>\n <link href=/resources/css/labs.css rel=stylesheet>\n <title>2FA bypass using a brute-force attack</title>\n </head>\n <body>\n <script src=\"/resources/labheader/js/labHeader.js\"></script>\n \n <div id=\"academyLabHeader\">\n <section class=\"academyLabBanner\">\n <div class=\"container\">\n <div class=\"logo\"></div>\n <div class=\"title-container\">\n <h2>2FA bypass using a brute-force attack</h2>\n <a id='lab-link' class='button' href='/'>Back to lab home</a>\n <a class=\"link-back\" href=\"https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-bypass-using-a-brute-force-attack\">\n Back&nbsp;to&nbsp;lab&nbsp;description&nbsp;<svg version=\"1.1\" id=\"Layer_1\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" x=\"0px\" y=\"0px\" viewBox=\"0 0 28 30\" enable-background=\"new 0 0 28 30\" xml:space=\"preserve\" title=\"back-arrow\">\n <g>\n <polygon points=\"1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15\"></polygon>\n <polygon points=\"14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15\"></polygon>\n </g>\n</svg>\n </a>\n </div>\n <div class=\"widgetcontainer-lab-status is-notsolved\">\n <span>LAB</span>\n <p>Not solved</p>\n <span class=\"lab-status-icon\"></span>\n </div>\n </div>\n </section>\n </div>\n\n <div theme=\"\">\n <section class=\"maincontainer\">\n <div class=\"container is-page\">\n <header class=\"navigation-header\">\n <section class=\"top-links\">\n <a href=/>Home</a><p>|</p>\n <a href=\"/my-account\">My account</a><p>|</p>\n </section>\n </header>\n <header class=\"notification-header\">\n </header>\n <h1>Login</h1>\n <section>\n <form class=login-form method=POST action=/login>\n <input required type=\"hidden\" name=\"csrf\" value=\"xxOcACoqHUrXTwhBVrwp5P78t3BCeLIO\">\n <label>Username</label>\n <input required type=username name=\"username\">\n <label>Password</label>\n <input required type=password name=\"password\">\n <button class=button type=submit> Log in </button>\n </form>\n </section>\n </div>\n </section>\n </div>\n </body>\n</html>\n",
"status_code":200,
"url":"https://ac861fd31ebda5a38047177c00310013.web-security-academy.net:443/login",
"use_request_cookies":true
},
{
"accept_response_cookies":true,
"cookies_received":"session",
"custom_parameters":[],
"method":"POST",
"request":"POST /login HTTP/1.1\r\nHost: ac861fd31ebda5a38047177c00310013.web-security-academy.net\r\nCookie: session=X9p8Rn0yXhhF7O4OT2isft24OtsUfgRY\r\nContent-Length: 70\r\nCache-Control: max-age=0\r\nSec-Ch-Ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\"\r\nSec-Ch-Ua-Mobile: ?0\r\nUpgrade-Insecure-Requests: 1\r\nOrigin: https://ac861fd31ebda5a38047177c00310013.web-security-academy.net\r\nContent-Type: application/x-www-form-urlencoded\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nReferer: https://ac861fd31ebda5a38047177c00310013.web-security-academy.net/login\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nConnection: close\r\n\r\ncsrf=xxOcACoqHUrXTwhBVrwp5P78t3BCeLIO&username=carlos&password=montoya",
"request_parameters":[
{
"name":"csrf",
"original_value":"xxOcACoqHUrXTwhBVrwp5P78t3BCeLIO",
"parameter_handling":"derive_from_prior_response",
"preset_value":"xxOcACoqHUrXTwhBVrwp5P78t3BCeLIO",
"type":"body_url_encoded"
},
{
"name":"username",
"original_value":"carlos",
"parameter_handling":"preset_value",
"preset_value":"carlos",
"type":"body_url_encoded"
},
{
"name":"password",
"original_value":"montoya",
"parameter_handling":"preset_value",
"preset_value":"montoya",
"type":"body_url_encoded"
}
],
"response":"HTTP/1.1 302 Found\r\nLocation: /login2\r\nSet-Cookie: session=XLHtEu08Ik5YDI4HyqsexnRXtAP1BGGk; Secure; HttpOnly; SameSite=None\r\nContent-Encoding: gzip\r\nConnection: close\r\nContent-Length: 0\r\n\r\n",
"status_code":302,
"url":"https://ac861fd31ebda5a38047177c00310013.web-security-academy.net:443/login",
"use_request_cookies":true
},
{
"accept_response_cookies":true,
"custom_parameters":[],
"method":"GET",
"request":"GET /login2 HTTP/1.1\r\nHost: ac861fd31ebda5a38047177c00310013.web-security-academy.net\r\nCookie: session=XLHtEu08Ik5YDI4HyqsexnRXtAP1BGGk\r\nCache-Control: max-age=0\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nSec-Ch-Ua: \" Not A;Brand\";v=\"99\", \"Chromium\";v=\"92\"\r\nSec-Ch-Ua-Mobile: ?0\r\nReferer: https://ac861fd31ebda5a38047177c00310013.web-security-academy.net/login\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nConnection: close\r\n\r\n",
"request_parameters":[],
"response":"HTTP/1.1 200 OK\r\nContent-Type: text/html; charset=utf-8\r\nConnection: close\r\nContent-Length: 2789\r\n\r\n<!DOCTYPE html>\n<html>\n <head>\n <link href=/resources/labheader/css/academyLabHeader.css rel=stylesheet>\n <link href=/resources/css/labs.css rel=stylesheet>\n <title>2FA bypass using a brute-force attack</title>\n </head>\n <body>\n <script src=\"/resources/labheader/js/labHeader.js\"></script>\n \n <div id=\"academyLabHeader\">\n <section class=\"academyLabBanner\">\n <div class=\"container\">\n <div class=\"logo\"></div>\n <div class=\"title-container\">\n <h2>2FA bypass using a brute-force attack</h2>\n <a id='lab-link' class='button' href='/'>Back to lab home</a>\n <a class=\"link-back\" href=\"https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-bypass-using-a-brute-force-attack\">\n Back&nbsp;to&nbsp;lab&nbsp;description&nbsp;<svg version=\"1.1\" id=\"Layer_1\" xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" x=\"0px\" y=\"0px\" viewBox=\"0 0 28 30\" enable-background=\"new 0 0 28 30\" xml:space=\"preserve\" title=\"back-arrow\">\n <g>\n <polygon points=\"1.4,0 0,1.2 12.6,15 0,28.8 1.4,30 15.1,15\"></polygon>\n <polygon points=\"14.3,0 12.9,1.2 25.6,15 12.9,28.8 14.3,30 28,15\"></polygon>\n </g>\n</svg>\n </a>\n </div>\n <div class=\"widgetcontainer-lab-status is-notsolved\">\n <span>LAB</span>\n <p>Not solved</p>\n <span class=\"lab-status-icon\"></span>\n </div>\n </div>\n </section>\n </div>\n\n <div theme=\"\">\n <section class=\"maincontainer\">\n <div class=\"container is-page\">\n <header class=\"navigation-header\">\n <section class=\"top-links\">\n <a href=/>Home</a><p>|</p>\n <a href=\"/my-account\">My account</a><p>|</p>\n </section>\n </header>\n <header class=\"notification-header\">\n </header>\n <form class=login-form method=POST>\n <input required type=\"hidden\" name=\"csrf\" value=\"0eaYCEdcOACnPdAppGdFCt4D5vV5q19V\">\n <label>Please enter your 4-digit security code</label>\n <input required type=text name=mfa-code>\n <button class=button type=submit> Login </button>\n </form>\n </div>\n </section>\n </div>\n </body>\n</html>\n",
"status_code":200,
"url":"https://ac861fd31ebda5a38047177c00310013.web-security-academy.net:443/login2",
"use_request_cookies":true
}
],
"serial_number":6073102946618358784
}
]
},
"session_handling_rules":{
"rules":[
Expand Down Expand Up @@ -289,7 +365,7 @@
},
"by_request_type":{
"hide_items_without_responses":false,
"show_only_in_scope_items":true,
"show_only_in_scope_items":false,
"show_only_parameterized_requests":false
},
"by_search":{
Expand Down Expand Up @@ -624,7 +700,12 @@
"scope":{
"advanced_mode":false,
"exclude":[],
"include":[]
"include":[
{
"enabled":true,
"prefix":"https://project-extension-preference-store-do-not-delete:65535/loggerplusplus"
}
]
}
}
}
}
16 changes: 8 additions & 8 deletions burp-user-options.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@
"errors":"ui",
"extension_file":"bapps\\f9bbac8c4acf4aefa4d7dc92a991af2f\\Autorize.py",
"extension_type":"python",
"loaded":true,
"loaded":false,
"name":"Autorize",
"output":"ui"
},
Expand Down Expand Up @@ -146,12 +146,12 @@
"errors":"ui",
"extension_file":"bapps\\98275a25394a417c9480f58740c1d981\\build\\libs\\xss-validator-all.jar",
"extension_type":"java",
"loaded":true,
"loaded":false,
"name":"XSS Validator",
"output":"ui"
},
{
"bapp_serial_version":37,
"bapp_serial_version":42,
"bapp_uuid":"9abaa233088242e8be252cd4ff534988",
"errors":"ui",
"extension_file":"bapps\\9abaa233088242e8be252cd4ff534988\\build\\libs\\turbo-intruder-all.jar",
Expand Down Expand Up @@ -221,10 +221,10 @@
"output":"ui"
},
{
"bapp_serial_version":1,
"bapp_serial_version":2,
"bapp_uuid":"64060217b1d84abfa14b01edf3a29817",
"errors":"ui",
"extension_file":"bapps\\64060217b1d84abfa14b01edf3a29817\\html5_auditor.jar",
"extension_file":"bapps\\64060217b1d84abfa14b01edf3a29817\\build\\libs\\html5-auditor-all.jar",
"extension_type":"java",
"loaded":true,
"name":"HTML5 Auditor",
Expand All @@ -246,7 +246,7 @@
"errors":"ui",
"extension_file":"bapps\\db57ecbe2cb7446292a94aa6181c9278\\build\\libs\\content-type-converter-all.jar",
"extension_type":"java",
"loaded":true,
"loaded":false,
"name":"Content Type Converter",
"output":"ui"
},
Expand All @@ -256,7 +256,7 @@
"errors":"ui",
"extension_file":"bapps\\b2244cbb6953442cb3c82fa0a0d908fa\\UploadScanner.py",
"extension_type":"python",
"loaded":true,
"loaded":false,
"name":"Upload Scanner",
"output":"ui"
}
Expand All @@ -266,7 +266,7 @@
},
"python":{
"folder_for_loading_modules":"",
"location_of_jython_standalone_jar_file":"C:\\Users\\alecj\\Downloads\\jython-standalone-2.7.2.jar"
"location_of_jython_standalone_jar_file":"C:\\jython2.7.2\\jython.jar"
},
"ruby":{
"location_of_jruby_jar_file":""
Expand Down
Loading

0 comments on commit 08b2869

Please sign in to comment.