Cappricio University

Web Hacking

And

Penetration Testing

profile card
Karthikeyan V
Mentor For Web Hacking and Penetration Testing
India , Chennai
7
Courses
10
Writeups
85
Works
Enroll Now!

Requirements:
  • Basic IT skills
  • Basic knowledge of Linux and/or Windows
  • Understand basic computer networking
  • Laptop or PC with minimum 2 - 4 GB Ram

NOTE:

  • This course is created only for educational purposes and all the attacks are launched in live web application not in labs and All the attacks shown in this course are properly disclosed

Who this course is for:

  • Web Developers
  • IT students and/or passionate
  • Anyone who want to learn the ethical hacking and penetration testing process

What you will learn:

  • Burp suite
  • Recon
  • Web exploitation
  • OWASP Bugs
  • Unique Bugs with high impact
  • Understand web application's security principles and potential dangers
  • As a web application developer you will understand how to secure your application
  • Understand the penetration testing process
  • Report writing

Course Details:

  • Duration : 25 days
  • Student Pricing : 3000 inr
  • Ordinary pricing : 5000 inr
  • Course language : Tamil
Enroll Now!

Course Curriculum

Chapter - 1 : Recon and Automation

  1. 1. Playing with Burp
  2. 2. All about Recon
  3. 3. Acquisition Recon (Automation Recon)
  4. 4. Sub-Domains Enumeration (Automation Recon)
  5. 5. Sub-Domains Brute force (Automation Recon)
  6. 6. Subs Dorking (Automation Recon / Manual Recon)
  7. 7. Removing Duplicates
  8. 8. Find live sites (Automation Recon)
  9. 9. Find IP & open Ports (Automation Recon)
  10. 10. Find Status Code (Automation Recon)
  11. 11. Screenshots and Content discovery (Automation Recon)
  12. 12. Crawling and Brute forcing parameters (Automation Recon)

Chapter - 2 : Open Redirect

  1. 1. About Open Redirect
  2. 2. DOM Based Open Redirect
  3. 3. Parameter Based Open Redirect
  4. 4. Header Based Open Redirect
  5. 5. POC 1 BaseCamp Open Redirect
  6. 6. POC 2 Humble Open Redirect
  7. 7. POC 3 Microsoft Open Redirect
  8. 8. POC 4 Microsoft Open Redirect leads to Webcam Hacking
  9. 10. POC 5 Nokia Open Redirect

Chapter - 3 : Abusing HTTP Communication

  1. 1. About HTTP Header attack
  2. 2. Methods to Hunt
  3. 3. DNS Ping-Back Attack
  4. 4. Password Reset Poisoning
  5. 5. Web Cache Poisoning
  6. 6. Web Cache Poisoning (Automation Hunting)
  7. 7. XSS via HTTP Header
  8. 8. POC 1 APPLE Blind SSRF
  9. 9. POC 2 Nokia Blind SSRF
  10. 10. POC 3 Header based Open Redirect

Chapter - 4 : SSRF

  1. 1. About SSRF
  2. 2. Methods to Hunt SSRF
  3. 3. Live Hunting of SSRF
  4. 4. POC 1 Google SSRF
  5. 5. POC 2 Google Blind SSRF
  6. 6. POC 3 Pinterest SSRF

Chapter - 5 : Rate Limiting

  1. 1. About Rate Limiting
  2. 2. Methods to Hunt Rate Limiting
  3. 3. Live Hunting of Rate Limiting 1
  4. 4. Live Hunting of Rate Limiting 2
  5. 5. Bypass of Rate Limiting
  6. 6. POC 1 Aptible Rate Limiting
  7. 7. POC 2 Blanco Rate Limiting
  8. 8. POC 3 JET Rate Limiting
  9. 9. POC 4 Paytm Rate Limiting
  10. 10. POC 5 NL site Rate Limiting
  11. 11. POC 6 Casper Rate Limiting

Chapter - 6 : Broken Auth

  1. 1. About Broken Auth
  2. 2. Methods to Hunt Broken Auth
  3. 3. Live Hunting of Broken Auth 1
  4. 4. Live Hunting of Broken Auth 2
  5. 5. Broken Auth in Password reset
  6. 6. POC 1 Convertkit Broken Auth
  7. 7. POC 2 FitBit Broken Auth
  8. 8. POC 3 GetMoneyTree Broken Auth
  9. 9. POC 4 SEEK Broken Auth
  10. 10. POC 5 Electroneum Broken Auth
  11. 11. POC 6 TransferWise Broken Auth
  12. 12. POC 7 Trip-Advisor Broken Auth

Chapter - 7 : Image Attack

  1. 1. About EXIF Attack
  2. 2. Methods to Hunt EXIF
  3. 3. Live Hunting of EXIF
  4. 4. POC 1 TheSecurity EXIF
  5. 5. POC 2 TheSecurity EXIF Bypass
  6. 6. About Picture File Upload
  7. 7. SVG File Upload Attack
  8. 8. Pixel Flooding Attack
  9. 9. Users Info Stealing Attack
  10. 10. POC 1 BaseCamp Pixel Flooding
  11. 11. POC 2 Nokia Users IP Stealing
  12. 12. POC 3 TheSecurity Blind XXE

Chapter - 8 : Cloud App Hacking

  1. 1. About Cloud App Hacking
  2. 2. Methods to Hunt Cloud App bugs
  3. 3. Live Hunting of Cloud App bugs
  4. 4. HTML to PDF Live Attack
  5. 5. POC 1 SEJDA Blind XSS to SSRF

Chapter - 9 : JSON Response Attack

  1. 1. About JSON Response Attack
  2. 2. Methods to Hunt JSON Response Attack
  3. 3. Live Hunting of JSON Response Attack 1
  4. 4. Live Hunting of JSON Response Attack 2
  5. 5. POC 1 SLACK OTP Bypass
  6. 6. POC 2 STACKPATH 2FA Bypass
  7. 7. POC 3 UpWork 2FA Bypass
  8. 8. POC 4 Canva Password Panel Bypass

Chapter - 10 : CSRF/XSRF Attack

  1. 1. About CSRF/XSRF Attack
  2. 2. Methods to Hunt CSRF/XSRF Attack
  3. 3. Live Hunting of CSRF/XSRF Attack
  4. 4. POC 1 EverNote CSRF/XSRF
  5. 5. POC 2 Transfer-wise CSRF/XSRF

Chapter - 11 : XSS Attack

  1. 1. About XSS Attack
  2. 2. Methods to Hunt XSS Attack
  3. 3. Live Hunting of XSS Attack
  4. 4. POC 1 Trip-Advisor XSS
  5. 5. POC 2 Nl Site XSS
  6. 6. POC 3 Base-Camp Blind XSS
Enroll Now!

Course Content and trailer Videos