👑Find IDOR (CWE-639)

  1. Load PwnFox.jar File Burp to User Based highlight in burp

  2. Create 2 Containers with Pwnfox Browser Extention

  3. Create 2 Accounts Attacker Account and Victim Account

  4. login Attacker Account and Victim Account

  5. Open Autorize Extention in Burp-suite

  6. And Paste Cookie/JWT Value with Header

  7. and Add filters

(1) Scope items only

(2) URL Not Contains (simple String): socket.io

(3) URL Contains (regex): .+/api/.+

  1. then tick Auto Scroll Check Box

  2. Click Autorize Box on

  3. then Manuly Chek Authorization and Authentication and Privilidge Access Funtions on Victim Accoun and With See the Result on Autorize TAB

PreviousCSRF Cheat SheetNextFind file Upload to RCE

Last updated