Labs Covered
This write-up focuses on the following APPRENTICE-level lab from the PortSwigger Web Security Academy related to OAuth Authentication:
1 Authentication bypass via OAuth implicit flow
This lab demonstrates how attackers can exploit weaknesses in OAuth implicit flow to bypass authentication mechanisms.
LAB 1 - Authentication bypass via OAuth implicit flow
Lab Description
Solution
Implicit Grant Type is used as OAuth Grant Type in Lab. The difference of the Implicit Grant Type is that the access token is sent immediately after the user approves. It is less reliable because all communication is routed through the browser.
First when I clicked on my account ,it Is telling me it is redirecting me to social media account.
The above interception request gives us GET /auth request. This request defines the client application’s access permissions to the OAuth service. There are many parameters and they are all used in different definitions.
Note:We can read above implict or Authorized code section to know what is happening in the request
After Redirecting we can see Sign Up page which will come up on the screen
Now login as wiener and peter credential
Afer clicking on above sign we can see below what things website is taking we click on continue
Now Above request Interception we can see below,Then sending it to repeater
After Sending request from above valid account of wiener it is giving us 302 redirection request
change the email address to carlos@carlos-montoya.net and send the request. Observe that you do not encounter an error.
Right-click on the POST request and select “Request in browser” > “In original session”. Copy this URL and visit it in the browser.
You are logged in as Carlos and the lab is solved.