28Şub
How to pentest Blazor Server apps?
I am trying to pentest a blazor server app but its very different to a traditional web app, client communicates to server via SignalR through web-sockets. The messages in web-sockets are MessagePack and in binary format which makes them unreadable and non-editable.
Therefore, I can't intercept the messages and change them, I tried BTP from Burp but that too is very limited.
How can we pentest Blazor server apps for OWASP top 10? Specially for those vulnerabilities that require changes in the request body.
