In this walk through, we will be going through the Base64 Encoding (Secret) vulnerability section from bWAPP Labs. We will be exploring and learn about the process of decoding the cookie secret values and how the application is affected because of it. So, let’s get started with the Hacking without any delay.
Table of Contents
Security: Low
- Setting the security level to Low.
- In this challenge we have to decrypt an encrypted cookie
- I intercepted the request via Burpusite, selected the secret value and send it to decoder by right clicking.
- Select Decode as “base 64”. Post that, we will receive the decoded value.
Security: Medium
- Setting the security level to Medium.
- I intercepted the request and captured the secret.
- I googled the encrypted value and found out that it was a SHA1 hash. Got in decrypted.
Security: High
- Setting the security level to High.
- The secret doesn’t get changed from medium to High.
Also Read: Tryhackme – Security Engineer Intro
Conclusion:
So, we finally completed all the security levels for the bWAPP Base64 Encoding (Secret) Vulnerability. We looked into the various ways how application has been set up in various levels and how we can bypass the security controls implemented. Next, we can mitigate the potential cookie value decoding by using a random string value encrypted with a strong cryptographic algorithm. On that note, i will take your leave and will meet you in next one with another bWAPP vulnerability writeup, till then “Keep Hacking”.