Getting a Full-time Subscription or Membership is Very costly and unfavorable in these days. These subscriptions can be from Media watching sites, Shopping sites or any other real-world Dealership sites.
Today I am going to tell you how hackers get the free membership of any sites by their skills of hacking. For Today's Experiment, We will use Juice Website named OWASP JUICE SHOP
Let's create an account on OWASP with my normal credentials
Go to OWASP
Click on Account-> Login -> Not yet a member
Enter your Credentials and these credentials can be fake.
After Login, it should look like the image given below
Do I have Deluxe Membership? Let's Check
Go to the menu located at the top right corner.
Menu -> Delux Membership
As you can see, I do not have any Subscription to this Account.
Let's Get the Deluxe Membership without Paying Anything
- On the Delux Membership option, click on the "Become a member" button
For the Next Step, We need a Storage inspector
For Google Chrome User/ Firefox Users -> Ctrl+shift+i
Click on the Storage Inspector given after inspector and console
You will See your Token in the Filter list
Copy the Token Value and Visit this Json Web Toekn
Paste your Token Value in Encoded Section
From the Image Given Above, one can see that Our login status is "Success" and our role is "Customer" which means we are not a Delux Member. if we were a Delux Member then it should show Delux there instead of Customer.
First thing First, We need a Security Testing Software. In my case, I will use Burpsuite and you can download it from the official Site for your respective OS.
Install the .sh Script using Below Commands
chmod +x /path/to/yourscript.sh
./yourscript.sh
Install the Extension Named FoxyProxy from the Web store
- Open Burpsuite and click on the temporary project and then next button -> start Burp
- Click on the Proxy->Turn on the inspector and connect it to your browser
Open OWASP Site where we left Earlier on registration
Register your Account with fake credentials and you will get the following information
Right-click on the screen of your data and click on Senf to receiver
Now go to the Reciever option which is given after proxy on burp suite
Now write the role after the security question
"role": "deluxe"
Click on the Send button
You will get a prompt of status "success"
Let's Login with my Credential and check, do i have now a Delux membership or not?
I do have Membership
Great, Now I have become a Delux Member of OWASP Juice.
This blog was for educational purposes. Don't try to do anything illegal or unethical
That's All for today, See you in the next one. Bye, bye