Skip to content

Latest commit

 

History

History
52 lines (47 loc) · 1.76 KB

README.md

File metadata and controls

52 lines (47 loc) · 1.76 KB

🧪 PortSwigger Labs

This repo contains the solutions for the PortSwigger Labs available in the Academy section of their website: https://portswigger.net/web-security/all-labs

Why

This repo has been created to keep in a single place all the solutions of the labs. It should be helpful when preparing for the Burp Suite Certified Practitioner (https://portswigger.net/web-security/certification).

Tools

The tools needed (other than Burp Pro) to complete the labs.

  • SQL Injection: sqlmap;
  • XSS: dalfox, xsstrike;
  • Clickjacking: None;
  • DOM-based: None;
  • CORS: None;
  • XXE: None;
  • SSRF: None;
  • OS Command Injection: None;
  • Server-Side Template Injection: None;
  • Directory Traversal: None;
  • Access Control: None;
  • Authentication: None;
  • WebSockets: None;
  • Web Cache Poisoning: None;
  • Information Disclosure: None;
  • OAuth authentication: None;
  • File Upload Vulnerabilities: ExifTool;

Roadmap

This primary goal is to add the Apprentice and Practitioner level labs (since are the ones suggested to complete before taking the exam):

  • SQL Injection Labs
  • XSS Labs
  • CSRF Labs
  • Clickjacking Labs
  • DOM-based vulnerabilities Labs
  • CORS Labs
  • XXE Injection Labs
  • SSRF Labs
  • HTTP Request Smuggling Labs
  • OS Command Injection Labs
  • Server-Side Template Injection Labs
  • Directory Traversal Labs
  • Access Control Vulnerabilities Labs
  • Authentication Labs
  • WebSockets Labs
  • Web Cache Poisoning Labs
  • Insecure Deserialization Labs
  • Information Disclosure Labs
  • Business Logic Vulnerabilities Labs
  • HTTP Host Header Attacks Labs
  • OAuth Authentication Labs
  • File Upload Vulnerabilities Labs