#BurpHacksForBounties - Hack 11/30
We mostly use PortSwigger 's Burp Suite pro for corporate pentesting, & we should not capture and store corporate credentials.
Steps that I use and why is it important: 👇
#infosec #appsec #burp #Burpsuite
We mostly use PortSwigger 's Burp Suite pro for corporate pentesting, & we should not capture and store corporate credentials.
Steps that I use and why is it important: 👇
#infosec #appsec #burp #Burpsuite
Steps :
1. Temporary project/session.
2. Login to the application, like normal.
3. Identify which requests to which domains contain credentials.
4. Start the main project in Burp.
5. Add those Domains to SSL passthrough. Proxy > Options > TLS Pass-Through
1. Temporary project/session.
2. Login to the application, like normal.
3. Identify which requests to which domains contain credentials.
4. Start the main project in Burp.
5. Add those Domains to SSL passthrough. Proxy > Options > TLS Pass-Through
Why I do this: I save sessions, and burp will store those credentials and sessions. I personally don't want credentials to be stored in files.
Another important point is we are not testing SSO, rather we are testing App behind SSO.
Another important point is we are not testing SSO, rather we are testing App behind SSO.
#BurpHacksForBounties - Day 12/30
IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.
#burp #bugbountytips #infosec #security #appsec #bugbountytip
IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.
#burp #bugbountytips #infosec #security #appsec #bugbountytip
- Add Burp CA to device
- Bypass cert pinning
- Root the device(required for iptable)
Dport 80 routing - run these commands
- Bypass cert pinning
- Root the device(required for iptable)
Dport 80 routing - run these commands
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <BURP_IP>:8080
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE#BurpHacksForBounties - Day 13/30
How to use Burp in most efficient way and bag a bounty.
In Bug bounty methodology by Uncle Rat (@theXSSrat) :
https://thexssrat.iss.onedium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
#infosec #appsec #bugbounty #bugbountytips
How to use Burp in most efficient way and bag a bounty.
In Bug bounty methodology by Uncle Rat (@theXSSrat) :
https://thexssrat.iss.onedium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
#infosec #appsec #bugbounty #bugbountytips
#BurpHacksForBounties - Tip 14/30
Burp Suite Config provides options for handling configurations for User-level and project-level options.
I personally use this configuration :
#appsec #infosec #burp #bugbountytips #bugbountytip
Burp Suite Config provides options for handling configurations for User-level and project-level options.
I personally use this configuration :
#appsec #infosec #burp #bugbountytips #bugbountytip
Port Forwarding & Tunnelling Cheatsheet
https://www.hackingarticles.in/port-forwarding-tunnelling-cheatsheet/
#infosec #ctf #oscp #pentest #cybersecurity
https://www.hackingarticles.in/port-forwarding-tunnelling-cheatsheet/
#infosec #ctf #oscp #pentest #cybersecurity
Hacking Articles
Port Forwarding & Tunnelling Cheatsheet
Comprehensive Port Forwarding and Tunnelling Cheatsheet covering SSH, Metasploit, Socat, and more for secure connections.
Remote Code Execution in cdnjs of CloudFlare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#RCE #cdnjs #cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#RCE #cdnjs #cloudflare
blog.ryotak.net
Remote code execution in cdnjs of Cloudflare
Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
#BurpHacksForBounties - Day 15/30
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
WiFiDemon
iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
#0day #ios #rce
iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
#0day #ios #rce
Jamf
Jamf Threat Labs | Blog
Nim on the Attack
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Reconflow
This is all in one tool for gathering reconnaissance information about a target without the hassle of installing multiple tools and their dependencies & also presents you the results to your telegram chat.
https://github.com/adarshshetty18/reconflow
#recon #bugbounty #telegram
This is all in one tool for gathering reconnaissance information about a target without the hassle of installing multiple tools and their dependencies & also presents you the results to your telegram chat.
https://github.com/adarshshetty18/reconflow
#recon #bugbounty #telegram
GitHub
GitHub - adarshshetty18/reconflow: Reconflow is all in one tool for gathering reconnaissance information about a target in a penetration…
Reconflow is all in one tool for gathering reconnaissance information about a target in a penetration test - adarshshetty18/reconflow
#BurpHacksForBounties - Tip 16/30
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Let see this for blogspot.com, this is a reverse proxy setting that checks subdomains and routes them accordingly, now let's change the host for it.
IMG 1 : Target = Host
IMG 2 : Target != Host, but still the request is routed through the host.
IMG 1 : Target = Host
IMG 2 : Target != Host, but still the request is routed through the host.