This section contains labs of the WAP Challenges course on Pentester Academy. We would highly recommend following the course and then attempting the labs below to better understand the objective of this section. 

User Avatar

Section Introduction and Challenge 1

User Avatar

Challenge 2: HTTP Form Attacks Reloaded

User Avatar

HTTP Basic Authentication Attack (Easy)

User Avatar

Basic Authentication and Form Bruteforcing ...

User Avatar

Challenge 5: Digest Authentication Attack

User Avatar

Challenge 6: Digest Authentication Reloaded

User Avatar

Challenge 8: Broken Authentication

User Avatar

Challenge 9: Session ID Analysis Solution

User Avatar

Challenge 10: Session ID Analysis II

User Avatar

Challenge 11: Session ID Analysis III

User Avatar

Challenge 12: Decrypting SSL Traffic

User Avatar

Challenge 13: HTTP Forensics

User Avatar

Challenge 14: HTTP Traffic File Carving

User Avatar

Challenge 15: HTTP Traffic File Carving II

User Avatar

Challenge 16: HTML Injection

User Avatar

Challenge 17: HTML Injection II

User Avatar

Challenge 18: HTML Injection III

User Avatar

Challenge 20: XSS

User Avatar

Challenge 21: XSS II

User Avatar

Challenge 22: XSS III

User Avatar

Challenge 23: XSS IV

User Avatar

Challenge 24: XSS V

User Avatar

Challenge 25: XSS VI

User Avatar

Challenge 26: XSS VII

User Avatar

Challenge 27: XSS VIII

User Avatar

Challenge 28: XSS IX

User Avatar

Challenge 29: XSS X

User Avatar

Challenge 30: XSS XI

User Avatar

Challenge 31: XSS XII

User Avatar

Challenge 32: XSS XIII

User Avatar

Challenge 35: XSS 16

User Avatar

Challenge 36: XSS 17

User Avatar

Unvalidated Redirects: As Easy as it Gets

User Avatar

Unvalidated Redirects: Decode Me!

User Avatar

Unvalidated Redirects: Daisy Chains!

User Avatar

Unvalidated Redirects: Hashing

User Avatar

Unvalidated Redirects: Hash with a ...

User Avatar

Unvalidated Redirects: No Hints this Time!

User Avatar

Unvalidated Redirects: Salt is included ...

User Avatar

Unvalidated Redirects: Security through ...

User Avatar

CSRF: If only all Pentests were this Easy!

User Avatar

CSRF: Not All Links are Clickable

User Avatar

CSRF: No he won't click your links!

User Avatar

CSRF: How about a POST?

User Avatar

CSRF: Would hate a predictable life!

User Avatar

CSRF: Mutual Exclusivity is Important for ...

User Avatar

CSRF: Wow! This just got hard!

User Avatar

CSRF: We only hire after Reference Checks!

User Avatar

CSRF: What's in a Name?

User Avatar

CSRF: Custom Code is Always a Target!

User Avatar

CSRF: O! Token Where do you hide?

User Avatar

CSRF: The Web is Cross Domain :)