Web Penetration Testing Oneliners

Check if vhost is a live on specific DNS or subdomain:

curl -s -H "Host. $SUBDOMAIN.EXAMPLE.BA" http://example.ba

Other techniques described in vhost enumeration

Redirect URI with a Set-Cookie in GET request:

http://$EXAMPLE.BA/index.php?redirect_url=/%3f%0d%0a%09set-cookie:+hello=yoyoo

Rate Limit Bypass

Headers:
    * X-Forwarded-Host: http://evil.com (Password reset poisoning)
    * X-Forwarded-For: 127.0.0.* (Rate Limit Bypass)
Permutations:
    * Null byte techniques
    * Case sensitiveness

Some other techniques can be used, ie. 403 bypass via header manipulation.

Captcha Bypass Tricks 😂

Captcha Bypass is described in separate page.

Also See

Checklists are provided for both REST API Issue Library as well as Web Issue Library
API Abuse and Reuse
403 Bypass

halis duraki

security rep+

consulting

blog

~ notes

Web Penetration Testing Oneliners

Also See