July 17th, 2015
Vulnerability Bypassing blacklists Description:
For almost all levels I will be using Burpsuite. Burpsuite is an interception proxy that lets us modify the HTTP request / response by intercepting the data between the browser and the web server.
Blacklisting could be done by many variables, like IP address, User-Agent, Referer or a session token. So let’s see our request in Burp and possibly start playing with some values.
Aha! No need to play the guessing game with the values, right away we see Cookie name “welcome” with value of “no”. Let’s modify “no” to “yes” and resume our request.