cat ~/footstep.ninja/blog.txt

where I share my findings and whatnot

  • IDOR via Websockets

    In my previous post, I shared my love for testing Insecure Direct Object Reference (IDOR) vulnerability. This time I’ll be sharing the situation where I found an IDOR in Websockets.

    Read more…
  • My Struggle with Websockets Testing

    Until a few months ago, I have only dealt with HTTP(S) endpoints. Then there was an application I was testing which I couldn’t figure out how it communicated to the server even though I am always logging every request with Burp Suite.

    Read more…
  • Story of an IDOR via Email

    A year ago, I discovered an Insecure Direct Object Reference (IDOR) vulnerability which allowed anyone to reply to messages on behalf of other users on a website.

    Read more…
  • How I built my blog from scratch with Hugo, Github, and Netlify

    Hello everyone! I’m going to document the steps involved in setting up this blog so anyone can also pick it up as a guide when they want to do the same.

    Read more…
  • Tale of a Misconfiguration in Password Reset

    This post is about a misconfiguration in password reset I found on a popular help desk software sometimes ago where they were leaking the reset token.

    Read more…
  • Hacken Cup 2018 CTF Walkthrough

    I’ve got this down since the CTF and saw a few writeups on the same. Then I thought why not share my approach too :D

    Read more…
  • Hello World

    Hello World! Yay! Finally, I made a blog. So, exactly a year ago today, I made a list of goals for this year, 2018.

    Read more…