My lab notes and learning progress for the PortSwigger Web Security Academy's Authentication Vulnerabilities chapter.
This repository is a record of my labs for "Chapter 2: Authentication Vulnerabilities" following PortSwigger's Web Security Academy training path hhttps://portswigger.net/web-security/authentication
The labs are done on Kali Linux VM on VirtualBox, where I also utilize Burp Suite Community Edition 2023.7.2.
Environment Setup Instructions: https://github.com/kienmarkdo/Netcat-NMAP-Lab
Most of the labs were solved manually then scripted using Python.
Manual penetration testing via random payloads is time-consuming. As such, I will not only try to solve these labs manually, but also I will attempt to write Python scripts that can perform the exploits.
In the cases where I need to enumerate a field, I wrote a list of steps to my approach in the notes.txt file, then I scripted the exploit in Python myself. This is the only way for me to solve the lab since I do not have Burp Intruder.