exploiting-oauth-misconfiguration

Featured

Identifying and exploiting OAuth 2.0 and OpenID Connect misconfigurations including redirect URI manipulation, token leakage, and authorization code theft during security assessments.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Exploiting OAuth Misconfiguration ## When to Use - During authorized penetration tests when the application uses OAuth 2.0 or OpenID Connect for authentication - When assessing "Sign in with Google/Facebook/GitHub" social login implementations - For testing single sign-on (SSO) flows between applications - When evaluating API authorization using OAuth bearer tokens - During security assessments of applications acting as OAuth providers or consumers ## Prerequisites - **Authorization**: Written penetration testing agreement covering OAuth/SSO flows - **Burp Suite Professional**: For intercepting OAuth redirect flows - **Browser with DevTools**: For monitoring redirect chains and token leakage - **Multiple test accounts**: On both the OAuth provider and the target application - **curl**: For manual OAuth flow testing - **Attacker-controlled server**: For receiving redirected tokens/codes ## Workflow ### Step 1: Map the OAuth Flow and Configuration Identify the OAuth grant type, endpoints, and configuration. ```bash # Discover OAuth/OIDC configuration endpoints curl -s "https://target.example.com/.well-known/openid-configuration" | jq . curl -s "https://target.example.com/.well-known/oauth-authorization-server" | jq . # Key endpoints to identify: # - Authorization endpoint: /oauth/authorize # - Token endpoint: /oauth/token # - UserInfo endpoint: /oauth/userinfo # - JWKS endpoint: /oauth/certs # Capture the authorization request in Burp # Typical authorization code fl...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

OAuth · Auth

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Featured

testing-oauth2-implementation-flaws

Tests OAuth 2.0 and OpenID Connect implementations for security flaws including authorization code interception, redirect URI manipulation, CSRF in OAuth flows, token leakage, scope escalation, and PKCE bypass. The tester evaluates the authorization server, client application, and token handling for common misconfigurations that enable account takeover or unauthorized access. Activates for requests involving OAuth security testing, OIDC vulnerability assessment, OAuth2 redirect bypass, or authorization code flow testing.

12,642 Updated today
mukul975
AI & Automation Featured

exploiting-idor-vulnerabilities

Identifying and exploiting Insecure Direct Object Reference vulnerabilities to access unauthorized resources by manipulating object identifiers in API requests and URLs.

12,642 Updated today
mukul975
Testing & QA Featured

testing-cors-misconfiguration

Identifying and exploiting Cross-Origin Resource Sharing misconfigurations that allow unauthorized cross-domain data access and credential theft during security assessments.

12,642 Updated today
mukul975
AI & Automation Featured

testing-for-open-redirect-vulnerabilities

Identify and test open redirect vulnerabilities in web applications by analyzing URL redirection parameters, bypass techniques, and exploitation chains for phishing and token theft.

12,642 Updated today
mukul975
API & Backend Solid

hunt-oauth

Hunting skill for oauth vulnerabilities. Built from 19 public bug bounty reports. Use when hunting oauth on any target.

1,380 Updated 4 days ago
elementalsouls