This section contains labs of the Web Application Pentesting course on Pentester Academy. We would highly recommend following the course and then attempting the labs below to better understand the objective of this section. 

User Avatar

HTTP Basics

User Avatar

Netcat Lab for HTTP 1.1 and 1.0

User Avatar

HTTP Methods and Verb Tampering

User Avatar

HTTP Method Testing with Nmap and Metasploit

User Avatar

HTTP Verb Tampering Lab Exercise

User Avatar

HTTP Basic Authentication

User Avatar

Attacking HTTP Basic Authentication with ...

User Avatar

HTTP Digest Authentication RFC 2069

User Avatar

HTTP Digest Auth Hashing (RFC 2069)

User Avatar

HTTP Digest Authentication (RFC 2617)

User Avatar

HTTP Statelessness and Cookies

User Avatar

HTTP Set-Cookie with HTTPCookie

User Avatar

Session ID

User Avatar

SSL - Transport Layer Protection

User Avatar

SSL MITM using Proxies

User Avatar

File Extraction from HTTP Traffic

User Avatar

HTML Injection Basics

User Avatar

HTML Injection in Tag Parameters

User Avatar

HTML Injection using 3rd Party Data Source

User Avatar

HTML Injection - Bypass Filters Cgi.Escape

User Avatar

Command Injection

User Avatar

Command Injection - Filters

User Avatar

Web to Shell on the Server

User Avatar

Web Shell: PHP Meterpreter

User Avatar

Web Shell: Netcat Reverse Connects

User Avatar

Web Shell: Using Python, PHP etc.

User Avatar

Javascript for Pentesters: Introduction and ...

User Avatar

XSS: Cross Site Scripting

User Avatar

Javascript for Pentesters: Variables

User Avatar

Types of XSS

User Avatar

Javascript for Pentesters: Operators

User Avatar

XSS via Event Handler Attributes

User Avatar

Javascript for Pentesters: Conditionals

User Avatar

DOM XSS

User Avatar

Javascript for Pentesters: Loops

User Avatar

Javascript for Pentesters: Functions

User Avatar

Javascript for Pentesters: Data Types

User Avatar

Javascript for Pentesters: Enumerating ...

User Avatar

Javascript for Pentesters: HTML DOM

User Avatar

Javascript for Pentesters: Event Handlers

User Avatar

Javascript for Pentesters: Cookies

User Avatar

Javascript for Pentesters: Stealing Cookies

User Avatar

Javascript for Pentesters: Exceptions

User Avatar

Javascript for Pentesters: Advanced Forms ...

User Avatar

Javascript for Pentesters: XMLHttpRequest ...

User Avatar

Javascript for Pentesters: XHR and HTML ...

User Avatar

Javascript for Pentesters: XHR and JSON ...

User Avatar

Javascript for Pentesters: XHR and XML ...

User Avatar

File Upload Vulnerability Basics

User Avatar

Beating Content-Type Check in File Uploads

User Avatar

Bypassing Blacklists in File Upload

User Avatar

Bypassing Blacklists using PHPx

User Avatar

Bypassing Whitelists using Double ...

User Avatar

Defeating Getimagesize() Checks in File ...

User Avatar

Exploiting File Uploads to get Meterpreter

User Avatar

Remote File Inclusion Vulnerability Basics

User Avatar

Exploiting RFI with Forced Extensions

User Avatar

RFI to Meterpreter

User Avatar

LFI Basics

User Avatar

LFI with Directory Prepends

User Avatar

Remote Code Execution with LFI and File ...

User Avatar

LFI with File Extension Appended - Null ...

User Avatar

Remote Code Execution with LFI and Apache ...

User Avatar

Remote Code Execution with LFI and SSH Log ...

User Avatar

Unvalidated Redirects

User Avatar

Encoding Redirect Params

User Avatar

Open Redirects: Base64 Encoded Params

User Avatar

Open Redirects: Beating Hash Checking

User Avatar

Open Redirects: Hashing with Salt

User Avatar

Securing Open Redirects

User Avatar

CSRF and XSS

User Avatar

CSRF Token Bypass with Hidden Iframes

User Avatar

Insecure Direct Object Reference

User Avatar

Bind vs Reverse Shell