What specific OAuth flows does this skill support?

It provides testing methodologies for the Authorization Code flow, Implicit flow, Hybrid flows, and Client Credentials flow.

Can this skill detect account takeover vulnerabilities?

Yes, it contains specific steps to test for account linking flaws, missing email verification, and CSRF in the authentication chain.

Do I need special tools to use this skill effectively?

While it includes curl commands for manual testing, it is designed to be used alongside professional tools like Burp Suite and browser DevTools.

Is this skill suitable for automated security scanning?

This skill focuses on a structured manual testing methodology, providing high-quality guidance for human-led or AI-assisted security assessments.

OAuth Security Assessment

Name: OAuth Security Assessment
Author: micsapp

bymicsapp

0•

보안 및 테스팅

Identifies and tests for OAuth 2.0 and OpenID Connect vulnerabilities including redirect URI manipulation and token leakage.

This skill provides a comprehensive methodology for security professionals to assess OAuth 2.0 and OpenID Connect implementations during authorized penetration tests. It guides users through the entire attack surface, from mapping authorization endpoints and discovery documents to testing for critical flaws like redirect URI validation bypasses, state-less CSRF, and authorization code theft. By following structured workflows for scope escalation and account linking analysis, this skill helps identify high-impact vulnerabilities that could lead to account takeover or unauthorized data access in modern web applications.

주요 기능

010 GitHub stars

02Evaluation of PKCE implementation and state parameter unpredictability

03Structured test cases for redirect URI manipulation and path traversal bypasses

04Methodologies for testing account takeover via unverified email linking

05Comprehensive mapping of OAuth/OIDC discovery endpoints and grant types

06Detection techniques for token leakage via Referer headers and browser history

사용 사례

01Authorized penetration testing of social login implementations like Google or GitHub

02Vulnerability assessment of custom-built OAuth 2.0 authorization servers

03Security auditing of internal Single Sign-On (SSO) and API authorization flows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills exploiting-oauth-misconfiguration

For use in Claude.ai and ChatGPT

주요 기능

010 GitHub stars

02Evaluation of PKCE implementation and state parameter unpredictability

03Structured test cases for redirect URI manipulation and path traversal bypasses

04Methodologies for testing account takeover via unverified email linking

05Comprehensive mapping of OAuth/OIDC discovery endpoints and grant types

06Detection techniques for token leakage via Referer headers and browser history

사용 사례

01Authorized penetration testing of social login implementations like Google or GitHub

02Vulnerability assessment of custom-built OAuth 2.0 authorization servers

03Security auditing of internal Single Sign-On (SSO) and API authorization flows

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills exploiting-oauth-misconfiguration

For use in Claude.ai and ChatGPT