This section contains labs of the Web Application Pentesting course on Pentester Academy. We would highly recommend following the course and then attempting the labs below to better understand the objective of this section. 

User Avatar

HTTP Basics

Premium
User Avatar

Netcat Lab for HTTP 1.1 and 1.0

Premium
User Avatar

HTTP Methods and Verb Tampering

Premium
User Avatar

HTTP Method Testing with Nmap and Metasploit

Premium
User Avatar

HTTP Verb Tampering Lab Exercise

Premium
User Avatar

HTTP Basic Authentication

Premium
User Avatar

Attacking HTTP Basic Authentication with ...

Premium
User Avatar

HTTP Digest Authentication RFC 2069

Premium
User Avatar

HTTP Digest Auth Hashing (RFC 2069)

Premium
User Avatar

HTTP Digest Authentication (RFC 2617)

Premium
User Avatar

HTTP Statelessness and Cookies

Premium
User Avatar

HTTP Set-Cookie with HTTPCookie

Premium
User Avatar

Session ID

Premium
User Avatar

SSL - Transport Layer Protection

Premium
User Avatar

SSL MITM using Proxies

Premium
User Avatar

File Extraction from HTTP Traffic

Premium
User Avatar

HTML Injection Basics

Premium
User Avatar

HTML Injection in Tag Parameters

Premium
User Avatar

HTML Injection using 3rd Party Data Source

Premium
User Avatar

HTML Injection - Bypass Filters Cgi.Escape

Premium
User Avatar

Command Injection

Premium
User Avatar

Command Injection - Filters

Premium
User Avatar

Web to Shell on the Server

Premium
User Avatar

Web Shell: PHP Meterpreter

Premium
User Avatar

Web Shell: Netcat Reverse Connects

Premium
User Avatar

Web Shell: Using Python, PHP etc.

Premium
User Avatar

Javascript for Pentesters: Introduction and ...

Premium
User Avatar

XSS: Cross Site Scripting

Premium
User Avatar

Javascript for Pentesters: Variables

Premium
User Avatar

Types of XSS

Premium
User Avatar

Javascript for Pentesters: Operators

Premium
User Avatar

XSS via Event Handler Attributes

Premium
User Avatar

Javascript for Pentesters: Conditionals

Premium
User Avatar

DOM XSS

Premium
User Avatar

Javascript for Pentesters: Loops

Premium
User Avatar

Javascript for Pentesters: Functions

Premium
User Avatar

Javascript for Pentesters: Data Types

Premium
User Avatar

Javascript for Pentesters: Enumerating ...

Premium
User Avatar

Javascript for Pentesters: HTML DOM

Premium
User Avatar

Javascript for Pentesters: Event Handlers

Premium
User Avatar

Javascript for Pentesters: Cookies

Premium
User Avatar

Javascript for Pentesters: Stealing Cookies

Premium
User Avatar

Javascript for Pentesters: Exceptions

Premium
User Avatar

Javascript for Pentesters: Advanced Forms ...

Premium
User Avatar

Javascript for Pentesters: XMLHttpRequest ...

Premium
User Avatar

Javascript for Pentesters: XHR and HTML ...

Premium
User Avatar

Javascript for Pentesters: XHR and JSON ...

Premium
User Avatar

Javascript for Pentesters: XHR and XML ...

Premium
User Avatar

File Upload Vulnerability Basics

Premium
User Avatar

Beating Content-Type Check in File Uploads

Premium
User Avatar

Bypassing Blacklists in File Upload

Premium
User Avatar

Bypassing Blacklists using PHPx

Premium
User Avatar

Bypassing Whitelists using Double ...

Premium
User Avatar

Defeating Getimagesize() Checks in File ...

Premium
User Avatar

Exploiting File Uploads to get Meterpreter

Premium
User Avatar

Remote File Inclusion Vulnerability Basics

Premium
User Avatar

Exploiting RFI with Forced Extensions

Premium
User Avatar

RFI to Meterpreter

Premium
User Avatar

LFI Basics

Premium
User Avatar

LFI with Directory Prepends

Premium
User Avatar

Remote Code Execution with LFI and File ...

Premium
User Avatar

LFI with File Extension Appended - Null ...

Premium
User Avatar

Remote Code Execution with LFI and Apache ...

Premium
User Avatar

Remote Code Execution with LFI and SSH Log ...

Premium
User Avatar

Unvalidated Redirects

Premium
User Avatar

Encoding Redirect Params

Premium
User Avatar

Open Redirects: Base64 Encoded Params

Premium
User Avatar

Open Redirects: Beating Hash Checking

Premium
User Avatar

Open Redirects: Hashing with Salt

Premium
User Avatar

Securing Open Redirects

Premium
User Avatar

CSRF and XSS

Premium
User Avatar

CSRF Token Bypass with Hidden Iframes

Premium
User Avatar

Insecure Direct Object Reference

Premium
User Avatar

HTTP Method Enumeration

Premium
User Avatar

SQL Basics

Premium
User Avatar

NoSQL Basics

Premium
User Avatar

Laravel Unserialize RCE

Premium
User Avatar

Rails DoubleTap RCE

Premium
User Avatar

Guestbook

Premium
User Avatar

Directory Enumeration with Dirb

Premium
User Avatar

Directory Enumeration with Gobuster

Premium
User Avatar

Directory Enumeration with Dirbuster

Premium
User Avatar

Directory Enumeration with Opendoor

Premium
User Avatar

Directory Enumeration with ZAProxy

Premium
User Avatar

Directory Enumeration with Burp Suite

Premium
User Avatar

Scanning Web Application with Nikto

Premium
User Avatar

Scanning Web Application with ZAProxy

Premium
User Avatar

XSS Attack with XSSer

Premium
User Avatar

Active Crawling with ZAProxy

Premium
User Avatar

Passive Crawling with Burp Suite

Premium
User Avatar

Authenticated XSS Attack with XSSer

Premium
User Avatar

SQL Injection with SQLMap

Premium
User Avatar

Attacking HTTP Authentication with Hydra

Premium
User Avatar

Attacking HTTP Login Form with Hydra

Premium
User Avatar

Attacking Basic Auth with Burp Suite

Premium
User Avatar

Attacking HTTP Login Form with ZAProxy

Premium
User Avatar

Attacking HTTP Login Form with Burp Suite

Premium
User Avatar

Command Injection

Premium
User Avatar

PHP Code Injection

Premium
User Avatar

Basic SQL Injection

Premium
User Avatar

Union Based SQL Injection

Premium
User Avatar

Error Based SQL Injection

Premium
User Avatar

Blind Boolean Based SQL Injection

Premium
User Avatar

Blind Time Based SQL Injection

Premium
User Avatar

Command Injection II

Premium
User Avatar

Command Injection III

Premium
User Avatar

Vulnerable File Backup Utility - Command ...

Premium
User Avatar

Bind vs Reverse Shell

Premium
User Avatar

Vulnerable Xdebug Extension

Premium
User Avatar

RCE via MySQL

Premium
User Avatar

Vulnerable Online Calculator - Code ...

Premium
User Avatar

Shellshock

Premium
User Avatar

Pickle Deserialization RCE

Premium
User Avatar

PHP Object Injection

Premium
User Avatar

Pickle Deserialization RCE II

Premium
User Avatar

Improper Session Management IV

Premium
User Avatar

Vulnerable Bank Portal: Dictionary Attack

Premium