This section contains labs of the Web Application Pentesting course on Pentester Academy. We would highly recommend following the course and then attempting the labs below to better understand the objective of this section. 

User Avatar

HTTP Basics

User Avatar

Netcat Lab for HTTP 1.1 and 1.0

User Avatar

HTTP Methods and Verb Tampering

User Avatar

HTTP Method Testing with Nmap and Metasploit

User Avatar

HTTP Verb Tampering Lab Exercise

User Avatar

HTTP Basic Authentication

User Avatar

Attacking HTTP Basic Authentication with ...

User Avatar

HTTP Digest Authentication RFC 2069

User Avatar

HTTP Digest Auth Hashing (RFC 2069)

User Avatar

HTTP Digest Authentication (RFC 2617)

User Avatar

HTTP Statelessness and Cookies

User Avatar

HTTP Set-Cookie with HTTPCookie

User Avatar

Session ID

User Avatar

SSL - Transport Layer Protection

User Avatar

SSL MITM using Proxies

User Avatar

File Extraction from HTTP Traffic

User Avatar

HTML Injection Basics

User Avatar

HTML Injection in Tag Parameters

User Avatar

HTML Injection using 3rd Party Data Source

User Avatar

HTML Injection - Bypass Filters Cgi.Escape

User Avatar

Command Injection

User Avatar

Command Injection - Filters

User Avatar

Web to Shell on the Server

User Avatar

Web Shell: PHP Meterpreter

User Avatar

Web Shell: Netcat Reverse Connects

User Avatar

Web Shell: Using Python, PHP etc.

User Avatar

Javascript for Pentesters: Introduction and ...

User Avatar

XSS: Cross Site Scripting

User Avatar

Javascript for Pentesters: Variables

User Avatar

Types of XSS

User Avatar

Javascript for Pentesters: Operators

User Avatar

XSS via Event Handler Attributes

User Avatar

Javascript for Pentesters: Conditionals

User Avatar

DOM XSS

User Avatar

Javascript for Pentesters: Loops

User Avatar

Javascript for Pentesters: Functions

User Avatar

Javascript for Pentesters: Data Types

User Avatar

Javascript for Pentesters: Enumerating ...

User Avatar

Javascript for Pentesters: HTML DOM

User Avatar

Javascript for Pentesters: Event Handlers

User Avatar

Javascript for Pentesters: Cookies

User Avatar

Javascript for Pentesters: Stealing Cookies

User Avatar

Javascript for Pentesters: Exceptions

User Avatar

Javascript for Pentesters: Advanced Forms ...

User Avatar

Javascript for Pentesters: XMLHttpRequest ...

User Avatar

Javascript for Pentesters: XHR and HTML ...

User Avatar

Javascript for Pentesters: XHR and JSON ...

User Avatar

Javascript for Pentesters: XHR and XML ...

User Avatar

File Upload Vulnerability Basics

User Avatar

Beating Content-Type Check in File Uploads

User Avatar

Bypassing Blacklists in File Upload

User Avatar

Bypassing Blacklists using PHPx

User Avatar

Bypassing Whitelists using Double ...

User Avatar

Defeating Getimagesize() Checks in File ...

User Avatar

Exploiting File Uploads to get Meterpreter

User Avatar

Remote File Inclusion Vulnerability Basics

User Avatar

Exploiting RFI with Forced Extensions

User Avatar

RFI to Meterpreter

User Avatar

LFI Basics

User Avatar

LFI with Directory Prepends

User Avatar

Remote Code Execution with LFI and File ...

User Avatar

LFI with File Extension Appended - Null ...

User Avatar

Remote Code Execution with LFI and Apache ...

User Avatar

Remote Code Execution with LFI and SSH Log ...

User Avatar

Unvalidated Redirects

User Avatar

Encoding Redirect Params

User Avatar

Open Redirects: Base64 Encoded Params

User Avatar

Open Redirects: Beating Hash Checking

User Avatar

Open Redirects: Hashing with Salt

User Avatar

Securing Open Redirects

User Avatar

CSRF and XSS

User Avatar

CSRF Token Bypass with Hidden Iframes

User Avatar

Insecure Direct Object Reference

User Avatar

HTTP Method Enumeration

User Avatar

NoSQL Basics

User Avatar

Laravel Unserialize RCE

User Avatar

Rails DoubleTap RCE

User Avatar

Guestbook

User Avatar

Directory Enumeration with Gobuster

User Avatar

Directory Enumeration with Dirbuster

User Avatar

Directory Enumeration with Opendoor

User Avatar

Directory Enumeration with ZAProxy

User Avatar

Directory Enumeration with Burp Suite

User Avatar

Scanning Web Application with ZAProxy

User Avatar

XSS Attack with XSSer

User Avatar

Passive Crawling with Burp Suite

User Avatar

Authenticated XSS Attack with XSSer

User Avatar

Attacking HTTP Login Form with Hydra

User Avatar

Attacking Basic Auth with Burp Suite

User Avatar

Attacking HTTP Login Form with ZAProxy

User Avatar

PHP Code Injection

User Avatar

Basic SQL Injection

User Avatar

Union Based SQL Injection

User Avatar

Error Based SQL Injection

User Avatar

Blind Boolean Based SQL Injection

User Avatar

Blind Time Based SQL Injection

User Avatar

Command Injection II

User Avatar

Command Injection III

User Avatar

Vulnerable File Backup Utility - Command ...

User Avatar

Bind vs Reverse Shell

User Avatar

Vulnerable Xdebug Extension

User Avatar

Vulnerable Online Calculator - Code ...

User Avatar

Shellshock

User Avatar

PHP Object Injection

User Avatar

Pickle Deserialization RCE II

User Avatar

Improper Session Management IV

User Avatar

Vulnerable Bank Portal: Dictionary Attack