PortSwigger Labs by Desdes
  • 👋Bienvenid@!
  • WebSockets
    • Lab: Manipulating WebSocket messages to exploit vulnerabilities
    • Lab: Manipulating the WebSocket handshake to exploit vulnerabilities
    • Lab: Cross-site WebSocket hijacking
  • Insecure deserialization
    • Lab: Modifying serialized objects
    • Lab: Modifying serialized data types
    • Lab: Using application functionality to exploit insecure deserialization
    • Lab: Arbitrary object injection in PHP
    • Lab: Exploiting Java deserialization with Apache Commons
    • Lab: Exploiting PHP deserialization with a pre-built gadget chain
    • Lab: Exploiting Ruby deserialization using a documented gadget chain
    • Lab: Developing a custom gadget chain for Java deserialization
    • Lab: Developing a custom gadget chain for PHP deserialization
    • Lab: Using PHAR deserialization to deploy a custom gadget chain
  • GraphQL API vulnerabilities
  • Server-side template injection
    • Lab: Basic server side template injection
    • Lab: Basic server side template injection (code context)
    • Lab: Server side template injection using documentation
    • Lab: Server side template injection in an unknown language with a documented exploit
    • Lab: Server side template injection with information disclosure via user supplied objects
    • Lab: Server side template injection in a sandboxed environment
    • Lab: Server side template injection with a custom exploit
  • Web cache poisoning
  • HTTP Host header attacks
  • HTTP request smuggling
  • OAuth authentication
  • JWT attacks
  • Prototype pollution
  • Essential skills
Con tecnología de GitBook
En esta página
  1. WebSockets

Lab: Cross-site WebSocket hijacking

AnteriorLab: Manipulating the WebSocket handshake to exploit vulnerabilitiesSiguienteInsecure deserialization

Última actualización hace 1 año