#BurpHacksForBounties - Day 2/30
Effective usage of Match and Replace feature of Burp Suite
False2True Trick & Injecting all fields with polyglot payloads 😉😉
How to thread 🧵👇
#infosec #security #appsec #burp #bugbounty #bugbountytips
Effective usage of Match and Replace feature of Burp Suite
False2True Trick & Injecting all fields with polyglot payloads 😉😉
How to thread 🧵👇
#infosec #security #appsec #burp #bugbounty #bugbountytips
1/n False2True trick, when access to a resource for the user is unauthorized.
By changing server response body from F to T in burp response body match and replace, there are great chances it can un-hide client-side controls.
1. Add Match and replace.
2. Add shown replacement.
By changing server response body from F to T in burp response body match and replace, there are great chances it can un-hide client-side controls.
1. Add Match and replace.
2. Add shown replacement.
3/n
The above match and replace rule will replace all KKK in the request body to SQLi and XSS polyglot.
Say I use this :
And put KKK in all fields. All fields will be replaced with this payload.
It will find trivial XSS and SQLi.
The above match and replace rule will replace all KKK in the request body to SQLi and XSS polyglot.
Say I use this :
'"><script src="somesrc"></script><h1>testAnd put KKK in all fields. All fields will be replaced with this payload.
It will find trivial XSS and SQLi.
♥️ #BurpHacksForBounties - Day 3/30 ♥️
🔍🔎
Find References: The most underrated and underused feature of Burp Suite
Pro Only & Can find references for URIs across the entire Burp.
A short thread : 🧵👇
#infosec #appsec #security #burp #bugbountytip #bugbountytips
🔍🔎
Find References: The most underrated and underused feature of Burp Suite
Pro Only & Can find references for URIs across the entire Burp.
A short thread : 🧵👇
#infosec #appsec #security #burp #bugbountytip #bugbountytips
2/n
A new window will open up which will show the references and location of those references as well.
Location can be a repeater, scanner, etc.
The reference can be in Request, Response, Headers. Will be highlighted like the one shown in the image.
A new window will open up which will show the references and location of those references as well.
Location can be a repeater, scanner, etc.
The reference can be in Request, Response, Headers. Will be highlighted like the one shown in the image.
3/n
Can be used to discover the request sent by script from the browser and learn it to craft your valid payload request to that endpoint.
More references:
https://portswigger.net/burp/documentation/desktop/functions/search
Can be used to discover the request sent by script from the browser and learn it to craft your valid payload request to that endpoint.
More references:
https://portswigger.net/burp/documentation/desktop/functions/search
portswigger.net
Search
In this section Simple text search Find comments Find scripts Find references (links) to a particular URL Text search You can perform suite-wide searches in ...
🍺🤡 #BurpHacksForBounties - Day 4/30
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Link to stokfredrik blog on Burp Suite:
https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok
A must-read for beginners.
https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok
A must-read for beginners.
red shadow - Lightspin AWS Vulnerability Scanner
https://reconshell.com/red-shadow-lightspin-aws-vulnerability-scanner/
#PrivilegeEscalation #exploit #Exploitation #AWS
#Vulnerability #Scanner
https://reconshell.com/red-shadow-lightspin-aws-vulnerability-scanner/
#PrivilegeEscalation #exploit #Exploitation #AWS
#Vulnerability #Scanner
charlotte – fully undetected shellcode launcher
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
owerHub - post exploitation tool based on a web application
https://reconshell.com/powerhub-post-exploitation-tool-based-on-a-web-application/
#PowerHub #PowerSploit #PowerView #Kerberos #LPE #PowerShell
https://reconshell.com/powerhub-post-exploitation-tool-based-on-a-web-application/
#PowerHub #PowerSploit #PowerView #Kerberos #LPE #PowerShell
#BurpHacksForBounties - Day 5/30
Check intruder, repeater, sequencer, etc response in one shot instead of every time sending the response to browser.
A short but important trick
Check intruder, repeater, sequencer, etc response in one shot instead of every time sending the response to browser.
A short but important trick