#Tips
In #Burp Suite you can mark which parameter (or path, noscript) you need to scan.
To do it, open Intruder tool, mark the most interesting parts of the HTTP request, and then send it to scan.
https://news.1rj.ru/str/webpwn/255
In #Burp Suite you can mark which parameter (or path, noscript) you need to scan.
To do it, open Intruder tool, mark the most interesting parts of the HTTP request, and then send it to scan.
https://news.1rj.ru/str/webpwn/255
bs-pro_2020.4.zip
336.5 MB
pass: 311138
README.txt inside, plz read it before run BS.
Happy Hacking!
README.txt inside, plz read it before run BS.
Happy Hacking!
Another useful stuff for bug hunters: SQL Injection cheat sheet
https://portswigger.net/web-security/sql-injection/cheat-sheet
https://portswigger.net/web-security/sql-injection/cheat-sheet
portswigger.net
SQL injection cheat sheet | Web Security Academy
This SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL ...
Burp Suite extension to discover apikeys/accesstokens and sensitive data from HTTP response.
https://github.com/m4ll0k/BurpSuite-Secret_Finder
https://github.com/m4ll0k/BurpSuite-Secret_Finder
Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)
https://www.youtube.com/watch?v=3K1-a7dnA60
https://www.youtube.com/watch?v=3K1-a7dnA60
YouTube
Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)
Have you ever wondered how hackers find and exploit IDOR (Insecure Direct Object Reference)?
In this video STÖK get schooled by Fisher who shows him how to setup and hunt for IDORS using BURP Suite & plugins like Autorize and AutoRepeter.
Fisher:
https:…
In this video STÖK get schooled by Fisher who shows him how to setup and hunt for IDORS using BURP Suite & plugins like Autorize and AutoRepeter.
Fisher:
https:…
🔥1
Watch Burp Suite creator @DafyddStuttard describe how you can “shift left” and embrace DevSecOps, using Burp Suite Enterprise Edition.
https://www.youtube.com/watch?v=KLa528vsFPI
https://www.youtube.com/watch?v=KLa528vsFPI
YouTube
Evolving your organization's security maturity towards DevSecOps
Learn from industry pioneer and PortSwigger founder Dafydd Stuttard on how you can scale up your application security and automated testing on your journey to DevSecOps.
Get in touch with us to talk about your organization’s security maturity journey, and…
Get in touch with us to talk about your organization’s security maturity journey, and…
Small #tip to import subdomains OR urls to BurpSuite with bash:
$
xargs-burp-subdoms(){
FILE_SUBDOMS="$1"
xargs -n1 -P 10 -i bash -c 'curl http://{} > /dev/null -x 127.0.0.1:8080 -skL --no-keepalive --connect-timeout 2' < $FILE_SUBDOMS
xargs -n1 -P 10 -i bash -c 'curl https://{} > /dev/null -x 127.0.0.1:8080 -skL --no-keepalive --connect-timeout 2' < $FILE_SUBDOMS
}
xargs-burp-urls(){
xargs -n1 -P 10 -i bash -c 'curl {} > /dev/null -x 127.0.0.1:8080 -skL --no-keepalive --connect-timeout 2' < $1
}
use: $
xargs-burp-subdoms /tmp/subdomainslistNo more noise in your logs!
BurpSuite SSL Pass Trough Config. Filter out the noise unwanted request capture on burpsuite
FoxyProxy Firefox
https://gist.github.com/0xatul/71737250fc77b73ec8a681ccd003c949
FoxyProxy Chrome
https://gist.github.com/FlameOfIgnis/92b01a9969368000d042e6a296441355
And we have a simple way:
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
BurpSuite SSL Pass Trough Config. Filter out the noise unwanted request capture on burpsuite
FoxyProxy Firefox
https://gist.github.com/0xatul/71737250fc77b73ec8a681ccd003c949
FoxyProxy Chrome
https://gist.github.com/FlameOfIgnis/92b01a9969368000d042e6a296441355
And we have a simple way:
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
.*\.google\.comthx: https://gist.github.com/vsec7/d5518a432b70714bedad79e4963ff320
.*\.gstatic\.com
.*\.mozilla\.com
.*\.googleapis\.com
.*\.pki\.goog