In this article, we are telling you about Broken Authentication and Session Management, here you will be told practically about Broken Authentication and Session Management.
We have told you this earlier about what is session fixation vulnerability, if you want, you can also read our article here also, session fixation is not used anywhere, so you must know about it. All bug hunters must know about Broken Authentication and Session Management.
Here, you are being told about Broken Authentication and Session Management for educational purpose, if you find this bug in any website, then you should never misuse it.
Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.
What is Broken Authentication ?
First of all, you are being told about Broken Authentication, you must also know about them before going to Broken Authentication and Session Management practically. All bug hunters must know about Broken Authentication and Session Management.
Here we understand Broken Authentication in easy language, here all the bugs related to login page are called Broken Authentication bugs, let’s understand this by giving you examples.
As recently the data of facebook users has been leaked some time ago, in such a way if you get this information by a black hat hackers, then you can also understand to what extent they can use it incorrectly.
Just like if you login with your account in a website, in such a way, you can somehow login with another account using the forgot password request, in such a way it is called Broken Authentication.
Here you will also be told by doing this practically, Broken Authentication bug can be found in many ways, but it is not possible to tell all the ways in one article, you know here you get labs of portswigger which you can solve.
What is Session Management ?
Let us now tell you about Session Management, before telling you about it, you want to clear one thing, in Session Management you get bugs related to Session, in such a way you can get many different bugs in a website.
Like if a website passes the session id in the url address of the account itself and a hacker if they can login using the session id without username and password, then it comes in session management.
Like this, if the session id of a user can be easily guessed in a website or if a hacker can somehow create a session id randomly, then it also comes in session management itself.
There is such a session fixation bug about which we have already told you that if you have not read that article of ours, in such a way you can also read it here, if the session id does not change, in this case it is called session fixation.
Also Read
Metasploit framework tutorial 2021
Common vulnerabilities and exposures cve
What is privilege escalation vulnerability
Broken Authetication and Session Management
Let us now tell you how to find Broken Authentication and Session Management, here we are telling you by solving some labs of portswigger, apart from this you get more labs. All bug hunters must know about Broken Authentication and Session Management .
Username enumeration via different responses
First of all, you have to access the lab here and at the same time you must run the burp suite here, after accessing the lab you do not know the username and password here like we do not know in any website.
But if you are able to find the username and password of a website using a bruteforce attack, then it is called a bug, which gives you a good bounty, it comes in Broken Authentication and Session Management.
After accessing the lab here, first of all you have to login here by filling in any username and password as you can see in the image, just like you have to try on some kind of live website.
After this you will be able to see that you get this request in the burp suite, you have to send this request to the intruder and first you have to send the bruteforce attack to the username, you get it along with the list lab of usernames.
As you can see in the image you have got the username here, in our case the username can be different but if you solve this lab, you can get the username separately but you will know from the response code
After doing all this, you have to give what you have found to the username and you have to do the bruteforce attack now on the password, you get the list lab of the password here as well.
Here we have told you by finding the username in this lab, in the same way you have to find the password as well, here if you should know how to use intruder, which you have been told in many articles before.
As you can see, you have got the password here as well, here you get both the username and password, now you can login here, here you can open the request by right clicking and also create a session.
As soon as you fill the username and password here, you will be able to see that you login here and you also get this lab solved. You have got a message show of congratulations here, similarly you have to find this bug in the live website.
If you are already following our articles, then you should know about the intruder, if you are a beginner, then you will have a problem in understanding how this lab has been solved, but if your our bug bounty articles If you have followed then you will definitely know about it.
If You learn How to use Intruder xss automated testing tool 2021 , subdomain enumeration and subdomain bruteforce , bypass website two factor authentication
Password reset broken logic
Here you have been given Broken Authentication and Session Management in the heading but you can not find here the labs of session management, this is a separate topic which we have covered here and practically the same will be told.
But you get a lot of labs of Broken Authentication here, if all the labs are told by solving here, in this way this article gets increased so you must solve the labs of Broken Authentication yourself here.
https://portswigger.net/web-security/authentication/other-mechanisms/lab-password-reset-broken-logic
In this way, you are being told to solve another lab of Broken Authentication, it has many labs which you must try by yourself if you have any kind of problem in solving labs of Broken Authentication, then you can tell in the comment.
Here first you have to access lab, here you have been given the information to login, as you can see in the image, here first you have to click on forgot password, that is asked your username.
Here you have to give the username whose account password has to be forgotten, after this you will get a link to reset the password in the email client like we get on the password reset link email of a live website account.
After doing all this, you have to change the password as we have done here, you have to do it here as well and in some kind of live website, we do the same way, after this you will get this request in the burp suite.
After this you have to send this request to the repeater, after that you have to remove token from here, you have to send the request by removing the password token, you will see that you will get the button of this follow redirection.
You have to click on the follow redirection here, after this you can see the response, you will get the same way, after this you have to create the password reset link again, for this you have to do the same process.
In the email client, you will get another mail, here you have to change the password again but here you have to change the token here, you have to change the username here and send the request.
After doing all this, when you do the follow redirection, you get a response and now the username changes here but the password remains the same which we have changed, here in our case the username is carlos and the password is bughunting.
After this you have to give carlos in the username and you have to give bughunting in the password as you can see in the image, you also have to do something similar to this bug if you find it in a website, then you can get a good bounty.
As you can see in the image here this lab of ours has also been solved and we have got the message of congratulations here, here we have told you by solving two labs but you get more labs here which you can solve.
Session ID in URL ?
As you have been told, in session management, which we keep, we have already told you about the session fixation, just like this, here you are being told how the session id is shown in the url address itself.
As you have been told, if the session id shows in the url, then it comes only in session management, as you can see in the image, it is a kind of bug but on all websites reporting this bug is not a valid bug. All bug hunters must know about Broken Authentication and Session Management.
The Conclusion
I hope that now you can understand about Broken Authentication and Session Management We have told you here about theory and practical about Broken Authentication and Session Management.
It is not that all is done in Broken Authentication and Session Management, you get a lot of terms and methods that you can put in Broken Authentication and Session Management, but it is not possible to tell all about it in one article.
If you want to be told about more different methods in Broken Authentication and Session Management, in this way you can tell in the comment that we can give you more articles about Broken Authentication and Session Management.
If you like this article about our Broken Authentication and Session Management, then you should definitely share this article with us, here you have given many articles before bug hunting.
Subscribe to our blog for latest updates
Sharing is Caring
Thankyou
Leave a Reply