Web Applications

Web application attack techniques.

Subdirectories

Directory	Technique
burpsuite/	Burp Suite proxy — Match & Replace rules, intercept, Repeater
cookies/	Cookie analysis, predictable value enumeration, and brute-forcing
curl/	HTTP interaction, header/cookie manipulation, and path traversal via cURL
firebase/	Firebase / Firestore enumeration and client-side admin bypass
jwt/	JSON Web Token Attacks
prototype-pollution/	JavaScript prototype pollution → RCE via EJS gadget
xss/	Cross-Site Scripting (XSS) vulnerability
sqli/	SQL Injection — blind, time-based, boolean-based
ssti/	Server-Side Template Injection
rce/	Remote Code Execution via web vulnerabilities

References

• HackTricks - Pentesting Web Methodology