- Add Burp CA to device
- Bypass cert pinning
- Root the device(required for iptable)
Dport 80 routing - run these commands
- Bypass cert pinning
- Root the device(required for iptable)
Dport 80 routing - run these commands
iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination <BURP_IP>:8080
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE#BurpHacksForBounties - Day 13/30
How to use Burp in most efficient way and bag a bounty.
In Bug bounty methodology by Uncle Rat (@theXSSrat) :
https://thexssrat.iss.onedium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
#infosec #appsec #bugbounty #bugbountytips
How to use Burp in most efficient way and bag a bounty.
In Bug bounty methodology by Uncle Rat (@theXSSrat) :
https://thexssrat.iss.onedium.com/bug-bounty-methodology-v3-0-hunt-like-a-rat-9e030fc54363
#infosec #appsec #bugbounty #bugbountytips
#BurpHacksForBounties - Tip 14/30
Burp Suite Config provides options for handling configurations for User-level and project-level options.
I personally use this configuration :
#appsec #infosec #burp #bugbountytips #bugbountytip
Burp Suite Config provides options for handling configurations for User-level and project-level options.
I personally use this configuration :
#appsec #infosec #burp #bugbountytips #bugbountytip
Port Forwarding & Tunnelling Cheatsheet
https://www.hackingarticles.in/port-forwarding-tunnelling-cheatsheet/
#infosec #ctf #oscp #pentest #cybersecurity
https://www.hackingarticles.in/port-forwarding-tunnelling-cheatsheet/
#infosec #ctf #oscp #pentest #cybersecurity
Hacking Articles
Port Forwarding & Tunnelling Cheatsheet
Comprehensive Port Forwarding and Tunnelling Cheatsheet covering SSH, Metasploit, Socat, and more for secure connections.
Remote Code Execution in cdnjs of CloudFlare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#RCE #cdnjs #cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
#RCE #cdnjs #cloudflare
blog.ryotak.net
Remote code execution in cdnjs of Cloudflare
Preface
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
(日本語版も公開されています。)
Cloudflare, which runs cdnjs, is running a “Vulnerability Disclosure Program” on HackerOne, which allows hackers to perform vulnerability assessments.
This article describes vulnerabilities reported through this program and published…
#BurpHacksForBounties - Day 15/30
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
WiFiDemon
iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
#0day #ios #rce
iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
#0day #ios #rce
Jamf
Jamf Threat Labs | Blog
Nim on the Attack
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Process Injection Using Nim and the Windows API
https://huskyhacks.dev/2021/07/17/nim-exploit-dev/
#redteam #winapi #injection #nim
Reconflow
This is all in one tool for gathering reconnaissance information about a target without the hassle of installing multiple tools and their dependencies & also presents you the results to your telegram chat.
https://github.com/adarshshetty18/reconflow
#recon #bugbounty #telegram
This is all in one tool for gathering reconnaissance information about a target without the hassle of installing multiple tools and their dependencies & also presents you the results to your telegram chat.
https://github.com/adarshshetty18/reconflow
#recon #bugbounty #telegram
GitHub
GitHub - adarshshetty18/reconflow: Reconflow is all in one tool for gathering reconnaissance information about a target in a penetration…
Reconflow is all in one tool for gathering reconnaissance information about a target in a penetration test - adarshshetty18/reconflow
#BurpHacksForBounties - Tip 16/30
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Let see this for blogspot.com, this is a reverse proxy setting that checks subdomains and routes them accordingly, now let's change the host for it.
IMG 1 : Target = Host
IMG 2 : Target != Host, but still the request is routed through the host.
IMG 1 : Target = Host
IMG 2 : Target != Host, but still the request is routed through the host.
PetitPotam
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#pentest #PetitPotam #rcp
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.
https://github.com/topotam/PetitPotam
#pentest #PetitPotam #rcp
GitHub
GitHub - topotam/PetitPotam: PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw…
PoC tool to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw or other functions. - topotam/PetitPotam
#BurpHacksForBounties - Day 18/30
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp