Sept. 18, 2023, 3:40 a.m. | Amin Nasiri

InfoSec Write-ups - Medium

Manipulating gRPC Web Payloads and Finding Hidden Services

How Did It Start?

It started when I faced a web application using gRPC-Web and I could not manipulate the requests in Burp Suite. I searched a lot and there was no good or complete resource for pentesting gRPC-Web, then the research began and I could make a tool and a Burp Suite Extension for manipulating payloads. I also found a hidden gRPC-Web parameter SQLi vulnerability in a travel agency …

bug bounty bug-bounty-tips cybersecurity grpc

Product Management Director - Application Security

@ Salesforce | India - Hyderabad

Security Leader - Ambulatory Monitoring & Diagnostics

@ Philips | Malvern - B1

Senior Security Analyst

@ NVIDIA | US, CA, Santa Clara

Cyber Risk & Reg - Control Testing Manager - BLR

@ PwC | Kolkata (AC) - Bengaluru Quay - Bagmane Tech Park (KSDC)

Security Engineer

@ Salesforce | California - San Francisco

Senior Security Engineer

@ Remitly | Tel Aviv, Israel