2/n
The best approach is to disable this on Firefox, once and for all.
Trust me this is easy and this wil be your great investment.
Go to about:config and disable this completely.
The best approach is to disable this on Firefox, once and for all.
Trust me this is easy and this wil be your great investment.
Go to about:config and disable this completely.
Got a S3 bucket but don't know who is the owner?
Use the below command to check the bucket owner
#bugbountytip #bugbountytips #infosec #AWS
Use the below command to check the bucket owner
aws s3api get-bucket-acl --bucket bucket-name#bugbountytip #bugbountytips #infosec #AWS
#BurpHacksForBounties - Day 7/30
Macro: A recorded session in Burp Suite
Part 1: What, How & Why?
Part 2: How to use to automate testing?
#infosec #ppsec #bugbounty #bugbountytips #security #burp
Macro: A recorded session in Burp Suite
Part 1: What, How & Why?
Part 2: How to use to automate testing?
#infosec #ppsec #bugbounty #bugbountytips #security #burp
2/n
Click Add and proxy tab will open.
Send the requests you want to record.
Click OK.
Macro will be recorded give it a fancy name.
Click Add and proxy tab will open.
Send the requests you want to record.
Click OK.
Macro will be recorded give it a fancy name.
3/n
Use Macro with sessions.
For all in-scope URLs now, this macro under sessions will run prior to each request.
Use Macro with sessions.
For all in-scope URLs now, this macro under sessions will run prior to each request.
n/n
Use cases
- Sites having custom login.
- Useful in writing extender plugins.
- IDOR testing.
Tomorrow we will see how we can automate testing with Macro and burp.
Use cases
- Sites having custom login.
- Useful in writing extender plugins.
- IDOR testing.
Tomorrow we will see how we can automate testing with Macro and burp.
#BurpHacksForBounties - Day 8/30
Burp Suite Automation through Macros and Using macros in creating sessions for APIs and protected resources.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Burp Suite Automation through Macros and Using macros in creating sessions for APIs and protected resources.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Create Macros for burp as discussed in previous tweet.
#BurpHacksForBounties - Day 7
Once created, add it as session and set the scope. For demo, I am adding all URLs as Scope.
Now all the requests mentioned in Tools scope will be Macro processed.
Use Tracer to debug macro
#BurpHacksForBounties - Day 7
Once created, add it as session and set the scope. For demo, I am adding all URLs as Scope.
Now all the requests mentioned in Tools scope will be Macro processed.
Use Tracer to debug macro
🚨🚨🤓 #BurpHacksForBounties - Day 9/30
Following parameter in Burp Suite repeater's response.
A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_
👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip
Following parameter in Burp Suite repeater's response.
A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_
👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip
When you are playing with a parameter in the repeater tab and its value gets reflected in the response, you can enable this toggle when you have to scroll to see what has changed...a true time-saver!
How to? See the image below.
How to? See the image below.
Zero-day / CVE-2021-35211
SolarWinds 2.0: Serv-U Remote Memory Escape Vulnerability. The said vulnerability was reported to SolarWinds by Microsoft security team and is under active exploitation.
This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
SolarWinds 2.0: Serv-U Remote Memory Escape Vulnerability. The said vulnerability was reported to SolarWinds by Microsoft security team and is under active exploitation.
This security vulnerability only affects Serv-U Managed File Transfer and Serv-U Secure FTP and does not affect any other SolarWinds or N-able (formerly SolarWinds MSP) products.
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Labs for Web application Pentesting Practice
SQLi: https://github.com/Audi-1/sqli-labs
Oauth 2.0: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications
GraphQL: https://github.com/david3107/graphql-security-labs
JWT Authentication: https://github.com/Sjord/jwtdemo
SAML Authentication: https://github.com/yogisec/VulnerableSAMLApp
XSS: https://portswigger.net/web-security/cross-site-scripting
#bugbounty
SQLi: https://github.com/Audi-1/sqli-labs
Oauth 2.0: https://github.com/koenbuyens/Vulnerable-OAuth-2.0-Applications
GraphQL: https://github.com/david3107/graphql-security-labs
JWT Authentication: https://github.com/Sjord/jwtdemo
SAML Authentication: https://github.com/yogisec/VulnerableSAMLApp
XSS: https://portswigger.net/web-security/cross-site-scripting
#bugbounty
GitHub
GitHub - Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
SQLI labs to test error based, Blind boolean based, Time based. - Audi-1/sqli-labs