This repo contains the solutions for the PortSwigger Labs available in the Academy section of their website: https://portswigger.net/web-security/all-labs
This repo has been created to keep in a single place all the solutions of the labs. It should be helpful when preparing for the Burp Suite Certified Practitioner (https://portswigger.net/web-security/certification).
The tools needed (other than Burp Pro) to complete the labs.
- SQL Injection:
sqlmap; - XSS:
dalfox,xsstrike; - Clickjacking: None;
- DOM-based: None;
- CORS: None;
- XXE: None;
- SSRF: None;
- OS Command Injection: None;
- Server-Side Template Injection: None;
- Directory Traversal: None;
- Access Control: None;
- Authentication: None;
- WebSockets: None;
- Web Cache Poisoning: None;
- Information Disclosure: None;
- OAuth authentication: None;
- File Upload Vulnerabilities:
ExifTool;
This primary goal is to add the Apprentice and Practitioner level labs (since are the ones suggested to complete before taking the exam):
- SQL Injection Labs
- XSS Labs
- CSRF Labs
- Clickjacking Labs
- DOM-based vulnerabilities Labs
- CORS Labs
- XXE Injection Labs
- SSRF Labs
- HTTP Request Smuggling Labs
- OS Command Injection Labs
- Server-Side Template Injection Labs
- Directory Traversal Labs
- Access Control Vulnerabilities Labs
- Authentication Labs
- WebSockets Labs
- Web Cache Poisoning Labs
- Insecure Deserialization Labs
- Information Disclosure Labs
- Business Logic Vulnerabilities Labs
- HTTP Host Header Attacks Labs
- OAuth Authentication Labs
- File Upload Vulnerabilities Labs