{"id":26947673,"url":"https://github.com/cyllective/oauth-labs","last_synced_at":"2025-04-02T20:20:14.784Z","repository":{"id":266293583,"uuid":"897280009","full_name":"cyllective/oauth-labs","owner":"cyllective","description":"oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning","archived":false,"fork":false,"pushed_at":"2024-12-05T07:45:52.000Z","size":4127,"stargazers_count":60,"open_issues_count":0,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-03T07:52:57.732Z","etag":null,"topics":["appsec","ctf","hacking","oauth2","pentesting","security","vulnapp","vulnerable"],"latest_commit_sha":null,"homepage":"https://cyllective.com/blog/posts/oauth-labs","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyllective.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-12-02T11:03:58.000Z","updated_at":"2024-12-30T06:21:21.000Z","dependencies_parsed_at":"2024-12-03T15:38:19.706Z","dependency_job_id":null,"html_url":"https://github.com/cyllective/oauth-labs","commit_stats":null,"previous_names":["cyllective/oauth-labs"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyllective%2Foauth-labs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyllective%2Foauth-labs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyllective%2Foauth-labs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyllective%2Foauth-labs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyllective","download_url":"https://codeload.github.com/cyllective/oauth-labs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246884857,"owners_count":20849577,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["appsec","ctf","hacking","oauth2","pentesting","security","vulnapp","vulnerable"],"created_at":"2025-04-02T20:20:14.175Z","updated_at":"2025-04-02T20:20:14.770Z","avatar_url":"https://github.com/cyllective.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![License](https://img.shields.io/github/license/cyllective/oauth-labs?_1)](LICENSE)\n\n# OAuth Labs\n\nThe main goal of OAuth labs is to learn more about OAuth, its defense\nmechanisms and ways to exploit faulty implementations thereof.\n\nThe main theme of the labs is to obtain authorization to access the resources\nof the `admin` user.\n\nThe labs have flags that can be captured once the main vulnerability has been\nexploited. Each lab only contains one (known to us) vulnerability which the\nuser is intended to exploit.\n\nThe labs can be solved in either a blackbox or whitebox approach. If the\nwhitebox approach is chosen, the user should read and analyze the source code\nto locate and exploit the vulnerability. Note however that `*.sql` files should\nnot be read because they contain the flag(s).\n\nFor each lab, you should start out by registering an account on the\nauthorization server first. Once you've set up your account, you can start\ndigging into the lab.\n\n\n## Getting started\n\nTo get started with the labs, you'll need to have the docker daemon running and\nneed to tweak your hosts file a little.\n\n**Note:** The lab uses `172.16.16.0/24` as its subnet, ensure this doesn't\ncollide with your network.\n\nAdd the following hosts entries under `/etc/hosts`:\n\n```\n172.16.16.1 oauth.labs\n172.16.16.1 victim.oauth.labs\n172.16.16.1 server-00.oauth.labs server-00\n172.16.16.1 client-00.oauth.labs client-00\n172.16.16.1 server-01.oauth.labs server-01\n172.16.16.1 client-01.oauth.labs client-01\n172.16.16.1 server-02.oauth.labs server-02\n172.16.16.1 client-02.oauth.labs client-02\n172.16.16.1 server-03.oauth.labs server-03\n172.16.16.1 client-03.oauth.labs client-03\n172.16.16.1 server-04.oauth.labs server-04\n172.16.16.1 client-04.oauth.labs client-04\n172.16.16.1 server-05.oauth.labs server-05\n172.16.16.1 client-05.oauth.labs client-05\n```\n\nOnce your hosts file is updated, go ahead and invoke the following commands to\nclone, build, configure and spawn the labs:\n\n```bash\ngit clone https://github.com/cyllective/oauth-labs \ncd oauth-labs\nmake config\nmake docker\nmake labs\n```\n\nAccess the lab index under [https://oauth.labs/](https://oauth.labs/).\nSome of the labs require user interaction, you can find a simulator under [https://victim.oauth.labs/](https://victim.oauth.labs/).\n\n\n## Commands\n\nBelow you'll find a list of commonly used commands.\n\n```bash\n# Build the docker images\nmake docker\n\n# Generate configuration files\nmake config\n\n# Spawn the labs\nmake labs\n\n# Alternatively, you can spawn individual labs\n# make lab00\n# make lab01\n# make lab02\n# make lab03\n# make lab04\n# make lab05\n\n# Tail docker-compose logs\ndocker compose -f ./docker-compose.yaml logs -f\n\n# Destroy the labs once you're done\nmake labsdown\n```\n\n## Labs\n\n### Lab 00\n\nThis is just a playground, it is used as a base to build new labs by removing\nor altering existing code. It shouldn't contain any flags or known\nvulnerabilities.\n\nIt may be used as a practical way to step through the requests to better\nunderstand the authorization code flow and get a feel for the lab environment.\n\n\n### Lab 01\n\n+ [server-01.oauth.labs](https://server-01.oauth.labs/)\n+ [client-01.oauth.labs](https://client-01.oauth.labs/)\n\nClaims fail; see what happens when a client implementation uses unstable claims\nto establish a user identity.\n\n\n### Lab 02\n\n+ [server-02.oauth.labs](https://server-02.oauth.labs/)\n+ [client-02.oauth.labs](https://client-02.oauth.labs/)\n\nOpen redirect (No restriction)\nSee what happens when the authorization server does not validate the\n`redirect_uri` at all.\n\nFor this lab, [victim.oauth.labs](https://victim.oauth.labs/) can be used to simulate victim interaction.\n\n\n### Lab 03\n\n+ [server-03.oauth.labs](https://server-03.oauth.labs/)\n+ [client-03.oauth.labs](https://client-03.oauth.labs/)\n\nOpen redirect (relative path restriction) See what happens when the\nauthorization server only validates the `redirect_uri` domain.\n\nFor this lab, [victim.oauth.labs](https://victim.oauth.labs/) can be used to simulate victim interaction.\n\n\n### Lab 04\n\n+ [server-04.oauth.labs](https://server-04.oauth.labs/)\n+ [client-04.oauth.labs](https://client-04.oauth.labs/)\n\nJWT signature validations are a must, see what happens when they are not verified.\n\n\n### Lab 05\n\n+ [server-05.oauth.labs](https://server-05.oauth.labs/)\n+ [client-05.oauth.labs](https://client-05.oauth.labs/)\n\nJWT signature validations done wrong, see what happens when `jku` claims are\nnot properly handled.\n\n\n## Help I'm stuck!\n\n### Callbacks\n\nIn case you get stuck on that one callback you just don't receive, ensure\nyou're using the gateway address `172.16.16.1` instead of localhost. Remember,\nthe labs are dockerized.\n\n### Use the source, Luke\n\nReading the source code may help you understand the problem you're having\nbetter, don't shy away from cracking open your code editor and walking through\nthe code.\n\n### Nope, it's broken!\n\nIf all else fails, check back for walkthroughs or reach out. :)\n\n\n## References\n\nDid you write a blog post, article or refer to oauth-labs in some shape or\nform? Add it to our list of [REFERENCES.md](REFERENCES.md) by forking and\nopening a Pull request!\n\n\n## Licensing\n\n[![License](https://img.shields.io/github/license/cyllective/oauth-labs?_1)](LICENSE)\n\nThis program is free software: you can redistribute it and/or modify it under the terms of the [MIT license](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyllective%2Foauth-labs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyllective%2Foauth-labs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyllective%2Foauth-labs/lists"}