Hello fellow ninjas!
I am new to web app sec, and I have submitted all P5s, as these seem to be the only things I can find. Its great for learning, and Im attempting to use no tools other than burp and browser because I want to learn manually. I feel like I spend alot of time getting lost following a focused methodology, like ill poke at a post request, then ill see some interesting url in response then get lost following that pattern. So, I really want to start “specializing” in a few bugs so Im not spending time on p5, sadly, these are the only bugs I can really recoginize as im not familiar yet with I am seeing. Id like to start working with xxe and ive been reading all i can, but im a bit confused on the hands on part in real world app. I guess where im confused is which payloads to try some have different encoding and where to try to try payload. do i try it on a page where xml or json is accepted? switching content types, methods like swapping get to post then pasting a payload. Any advice?