We covered a practical example demonstrating encoded cross site scripting vulnerability using character encoding & Brup Suite to solve Challenge 004 in OWASP Hackademic free lab.
The Challenge: Restricted Access
The video demonstrated a scenario (Challenge 5 of OWASP Hackademic) where access to a website’s content was restricted unless a specific user agent was used in the GET request. In this particular challenge, the required user agent was "pawn browser". When I initially tried to navigate to the site, access to the content was denied, which perfectly simulates real-world situations where you might encounter restricted directories or “access forbidden” messages.
The Solution: Modifying the User Agent
To gain access, the solution was to intercept the HTTP request and modify the user agent string.
Demonstration:
- I used a tool (likely Burp Suite, though not explicitly named) to intercept the request.
- I turned on the intercept feature and refreshed the page.
- In the intercepted request, I changed the existing user agent field to
"pawn browser". - After forwarding the modified request, access to the website’s content was successfully granted!
Real-World Application and Core Concept
The video emphasized that changing the user agent can sometimes help bypass restrictions on websites, such as accessing forbidden directories. However, it’s also important to note that this technique may not always work, as websites can implement more sophisticated checks.
The core concept illustrated here is that sometimes, websites check the user agent string to grant or deny access. By impersonating a different user agent, these restrictions can potentially be circumvented. This highlights how applications can rely on client-provided information for access control, and how manipulating that information can lead to unauthorized access.
