Working through PortSwigger's Web Security Academy and experimenting with Burp Suite and Kali.
- Access control
- Authentication
- Business logic vulnerabilities
- Command injection
- Directory traversal
- File upload vulnerabilities
- Information disclosure
- Server-side request forgery (SSRF)
- SQL injection
- XML external entity (XXE) injection
The content of this repo are study notes based on PortSwigger's Web Security Academy. They hold all rights to any content that is not my own.
# Install Homebrew, VirtualBox, Vagrant and create a Kali VM
curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh | bash
brew bundle
vagrant up
Optionally, configure Chromium to trust the Burp CA certificate:
- In the VM, open Burp's integrated Chromium browser.
- Go to
http://burpsuite
and download thecacert.der
certificate. - Go to
chrome://settings/certificates
and selectAuthorities
. - Click
Import
, selectcacert.der
, and trust for web identies.