3 Videos for OAuth2: Authorization Server OpenRedirect

PRO
Tier
difficulty_medium_icon
Medium
clock icon
< 1 Hr.
number of users completed icon
912
image of exercise OAuth2 101
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
OAuth2 101

In this video, we introduce the basics of OAuth2, explaining key terminologies like Resource, Resource Owner, User-Agent, Resource Server, and Authorization Server, and delve into different OAuth2 flows such as Authorization Code Grant and Implicit Grant. We also discuss the intricacies and potential vulnerabilities within these flows.

video duration icon05:02 number of views icon1680

 

image of exercise OAuth2 Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
OAuth2 Introduction

This video introduces the OAuth2 authorization framework, explaining key components such as the Resource Owner, Resource Server, Authorization Server, and OAuth2 Client. We explore a practical example with a photo printing service and examine both the normal authorization flow and a potential attack exploiting the redirect URI vulnerability.

video duration icon05:58 number of views icon1511

 

image of exercise OAuth2: Exploitation
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
OAuth2: Exploitation

In this video, we cover the exploitation of OAuth2 within the authorization and authentication framework. We demonstrate how to manipulate OAuth2 parameters to redirect users to a malicious server, and ultimately obtain the key for the exercise.

video duration icon06:21 number of views icon2073