Hacking Oauth Applications - Pt. 1

In this part we discuss about Oauth - What, Why & How and then look at some of the flows like authorization code grant and implicit grant. We close today's session by doing a hands-on with Portswigger lab on Implicit grant flow. ▬▬▬▬▬▬ 🔗 Links ▬▬▬▬▬▬ Oauth Portswigger Article : https://portswigger.net/web-security/... Oauth Grant Types : https://portswigger.net/web-security/... RFC Oauth 2.0 : https://tools.ietf.org/html/rfc67499 ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ What is OAuth ? Open Authentication Why do we require OAuth ? OAuth 2.0 was originally developed as a way of sharing access to specific data between applications. Now used for authentication as well. Outsourcing authentication How does OAuth work ? Client application Resource owner OAuth service provider Authorization Server ------ Both are same here in FB Resource Server ------ Both are same here in FB OAuth Flows or Grant Types : Now let's talk about oauth flows. So the most common types are "implicit grant" and "authorization code" - Show Demo Let me show you a demo of the authorization code flow and then we would see implicit grant one Scope : Which data it wants to access and what kind of operations it wants to perform ? Now as you've seen the authorization code flow, let's see the implicit grant type - It's way simpler. Take images and highlight the parts as you're going through the flow in this diagram : https://portswigger.net/web-security/... Let's do a lab on this implicit grant ▬▬▬▬▬▬ 🔗 Other Links ▬▬▬▬▬▬ 💸 $100 Digital Ocean referral link :💸 https://m.do.co/c/5e8e8b6c9c39 Google FeedBack Form : https://forms.gle/rA9oy5wqN5GSLkh8A Discord :   / discord   Subreddit :   / hackingsimplified   Telegram : https://t.me/hackingsimplified42 Hope it was worth your time. Stay tuned. Thank you everyone :) ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ Disclaimer : These materials are for educational and research purposes only. Do not attempt to violate the law with anything contained here. If this is your intention, then LEAVE NOW! The creator of this video, nor anyone else affiliated in any way, is going to accept responsibility for your actions. ------------------------------------------------------------------------------------------------------------------------ #oauth #hacking #HackingSimplified #oauthbypass #hackingoauth #StartHacking #beTheHACR #websecurity #howtohack #hack #howtobeahacker #hackingCourse #bugBounty #bug #bounty #hacker #freeHacking #freecourse oauth, hacking ,HackingSimplified, hacking oauth, oauth bypass, Hacking Simplified, Start Hacking ,Be The HACR, web security, how to be a hacker, free hacking, free hacking course, web security,hacking Course,bug Bounty,hacker,bug bounty,cyber security,bug bounty hunting