1/n False2True trick, when access to a resource for the user is unauthorized.
By changing server response body from F to T in burp response body match and replace, there are great chances it can un-hide client-side controls.
1. Add Match and replace.
2. Add shown replacement.
By changing server response body from F to T in burp response body match and replace, there are great chances it can un-hide client-side controls.
1. Add Match and replace.
2. Add shown replacement.
♥️ #BurpHacksForBounties - Day 3/30 ♥️
🔍🔎
Find References: The most underrated and underused feature of Burp Suite
Pro Only & Can find references for URIs across the entire Burp.
A short thread : 🧵👇
#infosec #appsec #security #burp #bugbountytip #bugbountytips
🔍🔎
Find References: The most underrated and underused feature of Burp Suite
Pro Only & Can find references for URIs across the entire Burp.
A short thread : 🧵👇
#infosec #appsec #security #burp #bugbountytip #bugbountytips
2/n
A new window will open up which will show the references and location of those references as well.
Location can be a repeater, scanner, etc.
The reference can be in Request, Response, Headers. Will be highlighted like the one shown in the image.
A new window will open up which will show the references and location of those references as well.
Location can be a repeater, scanner, etc.
The reference can be in Request, Response, Headers. Will be highlighted like the one shown in the image.
3/n
Can be used to discover the request sent by script from the browser and learn it to craft your valid payload request to that endpoint.
More references:
https://portswigger.net/burp/documentation/desktop/functions/search
Can be used to discover the request sent by script from the browser and learn it to craft your valid payload request to that endpoint.
More references:
https://portswigger.net/burp/documentation/desktop/functions/search
portswigger.net
Search
In this section Simple text search Find comments Find scripts Find references (links) to a particular URL Text search You can perform suite-wide searches in ...
🍺🤡 #BurpHacksForBounties - Day 4/30
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Link to stokfredrik blog on Burp Suite:
https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok
A must-read for beginners.
https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok
A must-read for beginners.
red shadow - Lightspin AWS Vulnerability Scanner
https://reconshell.com/red-shadow-lightspin-aws-vulnerability-scanner/
#PrivilegeEscalation #exploit #Exploitation #AWS
#Vulnerability #Scanner
https://reconshell.com/red-shadow-lightspin-aws-vulnerability-scanner/
#PrivilegeEscalation #exploit #Exploitation #AWS
#Vulnerability #Scanner
charlotte – fully undetected shellcode launcher
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
#shellcode #msfvenom #XOR #ShellcodeLauncher #CobaltStrike #Payload
https://reconshell.com/charlotte-fully-undetected-shellcode-launcher/
owerHub - post exploitation tool based on a web application
https://reconshell.com/powerhub-post-exploitation-tool-based-on-a-web-application/
#PowerHub #PowerSploit #PowerView #Kerberos #LPE #PowerShell
https://reconshell.com/powerhub-post-exploitation-tool-based-on-a-web-application/
#PowerHub #PowerSploit #PowerView #Kerberos #LPE #PowerShell
#BurpHacksForBounties - Day 5/30
Check intruder, repeater, sequencer, etc response in one shot instead of every time sending the response to browser.
A short but important trick
Check intruder, repeater, sequencer, etc response in one shot instead of every time sending the response to browser.
A short but important trick
VMware Exploitation
A collection of links related to VMware escape exploit
https://github.com/xairy/vmware-exploitation
#vmware
A collection of links related to VMware escape exploit
https://github.com/xairy/vmware-exploitation
#vmware
GitHub
GitHub - xairy/vmware-exploitation: A collection of links related to VMware escape exploits
A collection of links related to VMware escape exploits - xairy/vmware-exploitation
🚨🚨 #BurpHacksForBounties - Day 6/30
Burp Suite and firefox 🔥🦊 match made in heaven.
Read the shortcomings of in-built browser and how to make firefox silent.
Down here 👇🍺
#infosec #appsec #burp #security #bugbounty #bugbountytips
Burp Suite and firefox 🔥🦊 match made in heaven.
Read the shortcomings of in-built browser and how to make firefox silent.
Down here 👇🍺
#infosec #appsec #burp #security #bugbounty #bugbountytips
0/n
First of all, why?
Why use Firefox if Burp Suite has Chromium browser built-in?
This is because :
- Burp inbuilt chromium does not persist settings on each different run.
- Plugin reinstallation each time
- Can't disable local CORS checks
- It's not flexible etc.
First of all, why?
Why use Firefox if Burp Suite has Chromium browser built-in?
This is because :
- Burp inbuilt chromium does not persist settings on each different run.
- Plugin reinstallation each time
- Can't disable local CORS checks
- It's not flexible etc.
1/n
I personally use firefox, and if you have used it as I do, you must have seen a lot of detectportal.firefox.com requests.
They are noisy, you can right-click on that and mark "Do not intercept", but that is not a persistent way either.
in CE you don't have sessions. :(
I personally use firefox, and if you have used it as I do, you must have seen a lot of detectportal.firefox.com requests.
They are noisy, you can right-click on that and mark "Do not intercept", but that is not a persistent way either.
in CE you don't have sessions. :(