How to access React Props from Chrome Extension
TL;DR Version The Long Version I do a fair bit of Chrome Extension development as a part of my job owing to which I come across problems that usually require me to think outside the
Continue reading
[Video] HTTP Request Smuggling Explained: Part 1
In this video, I have tried my best to explain the Request Smuggling attack by first explaining how a server handles HTTP requests based on Content-Length and Transfer-Encoding Headers. I will soon follow up with
Continue reading
Delete IDOR on a Fashion eCommerce Website
This is a story of an IDOR I reported on an Asian fashion eCommerce website’s private program. Like most eCommerce websites, this website provided a feature to store addresses in the customer’s account …
Continue reading
IDOR through MongoDB Object IDs Prediction
Historically, system developers have been assigning auto-incrementing integer identifiers to database rows. This made it trivial to exploit IDORs. Just one vulnerability could allow exfiltration of all objects belonging to any user in the application. Same goes for delete or edit IDORs.
Continue readingBash: Numeric For Loop
To loop through a numeric sequence on bash, use the following syntax
Continue reading
What is “Content-Type: application/x-protobuf”: Protobuf Explained For Hackers
Have you ever come across this header:
Content-Type: application/x-protobuf
Read on to know what it means and what are possible attack scenarios.
Continue readingHow I Reported a DoS Vulnerability to AWS
BadBotHoneypotEndpoint is used by AWS customers who do not want bots, unauthorised spiders and scrapers to scan their site. It works by blacklisting IP addresses of such bots. I discovered a vulnerability with this endpoint that could allow an attacker to blacklist random IPs.
Continue readingHow I discovered an SSRF leading to AWS Metadata Leakage
This is the story of a juvenile SSRF bug who did know it had the potential to look at AWS secrets. 😮
Continue reading
WhatsApp Bug Causes App Crash & Permanent Loss of Group Chat Messages
Check Point Software Technologies Ltd. (Check Point), a leading provider of cybersecurity solutions has found a bug that could let an attacker deliver a specially crafted group chat message that causes a crash of the WhatsApp application for all members of the group chat.
Continue reading
GPS Spoofing, now a reality
Global Positioning System (GPS) is one technology which has never been looked at through a security lens by the wider audience. We have become dependent on the GPS for our day-to-day lives. However, it is no longer reliable.
Continue reading
Hey There, I am Amey Anekar - Web and Mobile Application Security Specialist, Bug Bounty Hunter and Author of TechKranti. I love to write and discuss all things Security.
Feel free to DM me on