2/n
A new window will open up which will show the references and location of those references as well.
Location can be a repeater, scanner, etc.
The reference can be in Request, Response, Headers. Will be highlighted like the one shown in the image.
A new window will open up which will show the references and location of those references as well.
Location can be a repeater, scanner, etc.
The reference can be in Request, Response, Headers. Will be highlighted like the one shown in the image.
3/n
Can be used to discover the request sent by script from the browser and learn it to craft your valid payload request to that endpoint.
More references:
https://portswigger.net/burp/documentation/desktop/functions/search
Can be used to discover the request sent by script from the browser and learn it to craft your valid payload request to that endpoint.
More references:
https://portswigger.net/burp/documentation/desktop/functions/search
portswigger.net
Search
In this section Simple text search Find comments Find scripts Find references (links) to a particular URL Text search You can perform suite-wide searches in ...
🍺🤡 #BurpHacksForBounties - Day 4/30
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Link to stokfredrik blog on Burp Suite:
https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok
A must-read for beginners.
https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok
A must-read for beginners.
red shadow - Lightspin AWS Vulnerability Scanner
https://reconshell.com/red-shadow-lightspin-aws-vulnerability-scanner/
#PrivilegeEscalation #exploit #Exploitation #AWS
#Vulnerability #Scanner
https://reconshell.com/red-shadow-lightspin-aws-vulnerability-scanner/
#PrivilegeEscalation #exploit #Exploitation #AWS
#Vulnerability #Scanner
charlotte – fully undetected shellcode launcher
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
owerHub - post exploitation tool based on a web application
https://reconshell.com/powerhub-post-exploitation-tool-based-on-a-web-application/
#PowerHub #PowerSploit #PowerView #Kerberos #LPE #PowerShell
https://reconshell.com/powerhub-post-exploitation-tool-based-on-a-web-application/
#PowerHub #PowerSploit #PowerView #Kerberos #LPE #PowerShell
#BurpHacksForBounties - Day 5/30
Check intruder, repeater, sequencer, etc response in one shot instead of every time sending the response to browser.
A short but important trick
Check intruder, repeater, sequencer, etc response in one shot instead of every time sending the response to browser.
A short but important trick
VMware Exploitation
A collection of links related to VMware escape exploit
https://github.com/xairy/vmware-exploitation
#vmware
A collection of links related to VMware escape exploit
https://github.com/xairy/vmware-exploitation
#vmware
GitHub
GitHub - xairy/vmware-exploitation: A collection of links related to VMware escape exploits
A collection of links related to VMware escape exploits - xairy/vmware-exploitation
🚨🚨 #BurpHacksForBounties - Day 6/30
Burp Suite and firefox 🔥🦊 match made in heaven.
Read the shortcomings of in-built browser and how to make firefox silent.
Down here 👇🍺
#infosec #appsec #burp #security #bugbounty #bugbountytips
Burp Suite and firefox 🔥🦊 match made in heaven.
Read the shortcomings of in-built browser and how to make firefox silent.
Down here 👇🍺
#infosec #appsec #burp #security #bugbounty #bugbountytips
0/n
First of all, why?
Why use Firefox if Burp Suite has Chromium browser built-in?
This is because :
- Burp inbuilt chromium does not persist settings on each different run.
- Plugin reinstallation each time
- Can't disable local CORS checks
- It's not flexible etc.
First of all, why?
Why use Firefox if Burp Suite has Chromium browser built-in?
This is because :
- Burp inbuilt chromium does not persist settings on each different run.
- Plugin reinstallation each time
- Can't disable local CORS checks
- It's not flexible etc.
1/n
I personally use firefox, and if you have used it as I do, you must have seen a lot of detectportal.firefox.com requests.
They are noisy, you can right-click on that and mark "Do not intercept", but that is not a persistent way either.
in CE you don't have sessions. :(
I personally use firefox, and if you have used it as I do, you must have seen a lot of detectportal.firefox.com requests.
They are noisy, you can right-click on that and mark "Do not intercept", but that is not a persistent way either.
in CE you don't have sessions. :(
2/n
The best approach is to disable this on Firefox, once and for all.
Trust me this is easy and this wil be your great investment.
Go to about:config and disable this completely.
The best approach is to disable this on Firefox, once and for all.
Trust me this is easy and this wil be your great investment.
Go to about:config and disable this completely.