This repository documents all my progress, notes, and resources related to learning Web Exploitation.
Including but not limited to writeups of Challenges/Rooms/Labs
- Portswagger-Learning-Paths
- HTB-WEB-Writeups -THM-WEB -Basics-Of-Web
- OWASP-Checklist
- Google-XSS-Game
- SSTI-Labs
Currently using a basic setup like this , but looking to actively improve my setup for better automation and workflow with better resources.
-
Browser - Firefox with
HackBar,Wappalyzer,Cookie-Editorwith any vpnUse:
- Hackbar for URL modification - Wappalyzer for getting what technology is used in the web app - Cookie - Editor for editing cookies
Or just the Burp with its browser
-
Burp Suite community [Resource]{https://portswigger.net/burp/documentation/desktop}
-
Postman
-
nmap
-
fuff - for directory fuzzing
-
SQLMAP - for sql injections
-
requests - python library for sending requests
-
JWT.io - for jwt analysis
-
Payloads of all thing - Link
-
Burp Payloads from Link
-
Reqeust-Bin for webhooks and HTTP requests.
- HTML,CSS,JS
- PHP
- SQL
- Python / Flask
- Node.js / React