Exploit Searching

Things you can do in web app in order to obtain shell. Remember that cookies and headers also can be the vector of attack.

If you do not like searching for some kind of vulnerability it can be an indicator you are not well prepared in this field. In this case you should revisit portswigger and sharpen your skills.

Python script Burp Suite intercept

If you want to see and analyze the request from exploit you can forward it to Burp Suite

import requests

proxies = {"http": "http://127.0.0.1:8080", "https": "http://127.0.0.1:8080"}

r = requests.get("https://www.google.com/", proxies=proxies, verify=False)

PreviousInformation Gathering NextLogin Page

Last updated 1 year ago