This repository contains all the automation codes which i have written as part of my practice on the PortSwigger Web Academy platform.
Special thanks to Rana Khalil and Rana Khalil Academy for the motivation and respect for her great work for the community.
This section includes all the labs and their respective codes provided as a solution to complete the labs.
Recommendation is to try doing it yourself first, in case you are stuck you can always come back to this repository for help.
| S. No | Lab Name | Status |
|---|---|---|
| 1. | Information disclosure in error messages | COMPLETED |
| 2. | Information disclosure on debug page | COMPLETED |
| 3. | Source code disclosure via backup files | COMPLETED |
| 4. | Authentication bypass via information disclosure | COMPLETED |
| 5. | Information disclosure in version control history | COMPLETED |
| S. No | Lab Name | Status |
|---|---|---|
| 1. | Basic SSRF against the local server | COMPLETED |
| 2. | Basic SSRF against another back-end system | COMPLETED |
| S. No | Lab Name | Status |
|---|---|---|
| 1. | Exploiting an API endpoint using documentation | COMPLETED |
| 2. | Finding and exploiting an unused API endpoint | COMPLETED |
| S. No | Lab Name | Status |
|---|---|---|
| 1. | Basic clickjacking with CSRF token protection | COMPLETED |
| 2. | Clickjacking with form input data prefilled from a URL parameter | COMPLETED |
| 3. | Clickjacking with a frame buster script | COMPLETED |
| 4. | Exploiting clickjacking vulnerability to trigger DOM-based XSS | COMPLETED |
| 5. | Multistep clickjacking | COMPLETED |