Welcome! 😊🎉

OAuthOrNot is a pentesting environment (e.g. box) that simulates a real admin application which uses OAuth 2.0 for authentication and authorization. The environment is built using the latest technologies in web development, but some faulty configurations can occur 😉. To learn more, please keep on reading!

<aside> ⏰ Check out the pitch presentation held in March 2023!

Pitch presentation

</aside>

Scenario

Once upon a time in Helsingborg…

Setup instructions

How to manually setup OAuthOrNot

The OAuth 2.0 flow step-by-step

To see all HTTP requests that are made during a typical sign-in on T&T Admin, check out this page:

A typical sign-in flow in terms of requests

Solution step-by-step

The whole solution can be found here:

Solution step-by-step

Source code

https://github.com/sakerhetspolisen/oauthornot

https://github.com/sakerhetspolisen/oauthornot-admin-bot

Current release

0.1.0.a