I’ve generally been under the impression that my modern wasn’t worth worrying about, since it’s impossible to access via IP. Guess I have another thing to keep me awake at night.

One of the things I’ll never understand was why the attacker was replaying my traffic? They were clearly in my network and could access everything without being detected, why replay all the HTTP requests? So odd.

Was hoping to get an answer to this.

My Wifi AP is a Huawei EchoLife piece of shit that came with the apartment and I’ve been too lazy to get a better one because it sort of works (I have to reboot it at least once a day if I want my bandwidth to be over ~1MiB/s…), and I’m fairly sure it’s easily hackable and that there’s a nontrivial chance that it’s been owned already. This article reminded me that I’ll probably want to get to buying a better one sooner rather than later, but I honestly don’t even know which ones are good nowadays. I’d love something that runs an open firmware like OpenWRT or Tomato or whatever

To fuzz this, I simply used Burp’s intruder to enumerate from %00 to %FF at the end of the URL.

I like to think about what normal people would think when they read something like this. It sounds like a line from a cyberpunk wizard.

We had confirmed that we could bypass authorization for the API endpoints by simply replaying the HTTP request multiple times

Not really replaying, since his initial request worked. Feels like it’s going through a load balancer and one from that group of servers didn’t have authentication enabled (accidentally included a test/dev server, maybe).