Pentesting Blazor Server Apps

Najam ul Saqib 340 Reputation points
2024-02-27T13:50:50.58+00:00

Hi, I came across a web app that is using Blazor Server, all the communication is happening through SignalR. Now in traditional web apps, pentesters use ZAP/Burp to intercept the traffic and manipulate with it. i.e. test access controls by toggling the IDs, etc but here the communication is happening via websockets first, and second it is in binary format which is not readable. What's the best way to pentest our blazor server apps to make sure they're battle hardened and secure?

ASP.NET Core
ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
4,618 questions
Blazor
Blazor
A free and open-source web framework that enables developers to create web apps using C# and HTML being developed by Microsoft.
1,595 questions
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.