Instructions
Black Hills Information Security: Finding Access Control Vulnerabilities with Autorize
Run Juice-Shop in Docker Rootless
systemctl --user start dockerdocker context use rootlessdocker run --rm -p 8000:3000 bkimminich/juice-shop
Set up Firefox
firefox --no-remote -p- Create Primary and Secondary profiles
- Install foxy-proxy
- Add Burp proxy type in foxy-proxy
- Edit about:config to allow firefox proxying for localhost
- network.proxy.allow_hijacking_localhost
- network.proxy.testing_localhost_is_secure_when_hijacked
Log in as admin on Primary Firefox
admin@juice-sh.op
admin123
Upload a Profile Picture
This would be an activity that should require auth and authz
Send the Profile Upload to Burp Repeater
Remove cookies to find which are required for auth
Log in as mc.safesearch on Secondary Firefox
mc.safesearch@juice-sh.op
Mr. N00dles