SOLUTIONS.md

Solutions

Did you write a guide specifically on hacking OWASP Juice Shop or record a hacking session of your own? Add it to this file and open a PR! The same goes for any scripts or automated tools you made for making Juice Shop easier to hack!

Everything mentioned on this specific page is considered to contain spoilers for entire challenge solutions so the entries themselves are not individually tagged! You might not want to view anything from this page before tackling the related challenges yourself!

🧃 is followed by the last known major release of OWASP Juice Shop that a solution/script/tool is supposedly working with or that a video guide/solution was recorded for.

Hacking Videos

• Hack OWASP Juice Shop playlist of Hacksplained (🧃v10.x)
  • ★ Zero Stars
  • ★ Confidential Document
  • ★ DOM XSS
  • ★ Error Handling
  • ★ Missing Encoding
  • ★ Outdated Whitelist
  • ★ Privacy Policy
  • ★ Repetitive Registration
  • ★★ Login Admin
  • ★★ Admin Section
  • ★★ Classic Stored XSS
  • ★★ Deprecated Interface
  • ★★ Five Star Feedback
  • ★★ Login MC SafeSearch
  • ★★ Password Strength
  • ★★ Security Policy
  • ★★ View Basket
  • ★★ Weird Crypto
  • ★★★ API-Only XSS
  • ★★★ Admin Registration
  • ★★★ Björn's Favorite Pet
  • ★★★ Captcha Bypass
  • ★★★ Client-side XSS Protection
  • ★★★ Database Schema
  • ★★★ Forged Feedback
  • ★★★ Forged Review
  • ★★★ GDPR Data Erasure
  • ★★★ Login Amy
• HackerSploit Youtube channel (🧃v7.x)
  • OWASP Juice Shop - SQL Injection
  • Web App Penetration Testing - #15 - HTTP Attributes (Cookie Stealing)
  • Web App Penetration Testing - #14 - Cookie Collection & Reverse Engineering
  • Web App Penetration Testing - #13 - CSRF (Cross Site Request Forgery)
  • How To Install OWASP Juice Shop
• 7 Minute Security Podcast (🧃v2.x)
  • Episode #234: 7MS #234: Pentesting OWASP Juice Shop - Part 5 (Youtube)
  • Episode #233: 7MS #233: Pentesting OWASP Juice Shop - Part 4 (Youtube)
  • Episode #232: 7MS #232: Pentesting OWASP Juice Shop - Part 3 (Youtube)
  • Episode #231: 7MS #231: Pentesting OWASP Juice Shop - Part 2 (Youtube)
  • Episode #230: 7MS #230: Pentesting OWASP Juice Shop - Part 1 (Youtube)
  • Episode #229: 7MS #229: Intro to Docker for Pentesters (Youtube)

Walkthroughs

• Blog post (:myanmar:) on LOL Security: Juice Shop Walkthrough (🧃v2.x)
• Blog post on IncognitJoe: Hacking(and automating!) the OWASP Juice Shop (🧃v2.x)

Scripts & Tools

• Session management script for OWASP Juice Shop distributed as a scripting template with OWASP ZAP since version 2.9.0 (🧃v10.x)
• Automated solving script for the OWASP Juice Shop written in Python by @incognitjoe (🧃v2.x)