Sept. 18, 2023, 3:40 a.m. | Amin Nasiri

InfoSec Write-ups - Medium

Manipulating gRPC Web Payloads and Finding Hidden Services

How Did It Start?

It started when I faced a web application using gRPC-Web and I could not manipulate the requests in Burp Suite. I searched a lot and there was no good or complete resource for pentesting gRPC-Web, then the research began and I could make a tool and a Burp Suite Extension for manipulating payloads. I also found a hidden gRPC-Web parameter SQLi vulnerability in a travel agency company and …

bug bounty bug-bounty-tips cybersecurity grpc grpc-web

More from / InfoSec Write-ups - Medium

Business Information Security Officer

@ Metrolink | Los Angeles, CA

Senior Security Engineer

@ Freedom of the Press Foundation | Remote, 4 hour time zone overlap with New York City

Security Engineer

@ ChartMogul | Remote, EU

Malware Reverse Engineer

@ Two Six Technologies | Fort Meade, Maryland

SOC Analyst Level 3

@ OpenBet | Bengaluru, India

Course Developer, Network Security

@ Palo Alto Networks | Plano, TX, United States