bWAPP - Base64 Encoding (Secret)

bWAPP – Base64 Encoding (Secret)

In this walk through, we will be going through the Base64 Encoding (Secret) vulnerability section from bWAPP Labs. We will be exploring and learn about the process of decoding the cookie secret values and how the application is affected because of it. So, let’s get started with the Hacking without any delay.

Base64 Encoding (Secret)

Security: Low

  • Setting the security level to Low.

Security level Low

  • In this challenge we have to decrypt an encrypted cookie

Base64 Encoding Secret

Encoded secret

  • I intercepted the request via Burpusite, selected the secret value and send it to decoder by right clicking.

Burpsuite intercept

  • Select Decode as “base 64”. Post that, we will receive the decoded value.

Decoded Secret

Security: Medium

  • Setting the security level to Medium.

Security level medium

  • I intercepted the request and captured the secret.

Encrypted secret

Burpsuite Intercept

  • I googled the encrypted value and found out that it was a SHA1 hash. Got in decrypted.

SHA1 Decrypted

Security: High

  • Setting the security level to High.

Security level high

  • The secret doesn’t get changed from medium to High.

same secret

Also Read: Tryhackme – Security Engineer Intro

Conclusion:

Conclusion

So, we finally completed all the security levels for the bWAPP Base64 Encoding (Secret) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential cookie value decoding by using a random string value encrypted with a strong cryptographic algorithm. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top