type-confusion-testing
OfficialTest and exploit web app type confusion flaws.
Software Engineering#input validation#security testing#penetration testing#web security#vulnerability testing#type confusion#auth bypass
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Web applications often fail to validate the data type of incoming parameters, leading to authentication bypasses, authorization failures, unexpected query behavior, and information leaks when attackers send inputs in unexpected formats.
Core Features & Use Cases
- Structured Type Testing Methodology: Step-by-step workflow to identify target parameters, send type variants, analyze responses, and craft exploitation payloads.
- Multi-Language Technique Library: Detailed exploitation guidance for PHP, Ruby, JavaScript, Python, Java, and Go, including magic hash bypasses, array injection, and NoSQL operator injection.
- Source Code Detection Patterns: Pre-built grep commands to find vulnerable loose comparisons and type-unsafe logic in application codebases.
Quick Start
Use the type-confusion-testing skill to test your application's login endpoint by sending the email parameter as an array instead of a string to check for authentication bypass vulnerabilities.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: type-confusion-testing Download link: https://github.com/dreadnode/capabilities/archive/main.zip#type-confusion-testing Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.