#BurpHacksForBounties - Tip 19/30
Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.
Using a plugin developed by @BurpBounty @egarme
#infosec #appsec #burp #bugbountytips
Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.
Using a plugin developed by @BurpBounty @egarme
#infosec #appsec #burp #bugbountytips
#BurpHacksForBounties - Day 22/30
🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy
#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security
🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy
#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 24/30
This is an amazing writeup which talks about using plugin in Burp that ease the journey for catching IDORs.
Writeup link: https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-idor-insecure-direct-object-reference-2653f9b89fd4
By
@dhanush
#infosec #appsec #bugbountytips #bugbountytip #bugbounty #security
This is an amazing writeup which talks about using plugin in Burp that ease the journey for catching IDORs.
Writeup link: https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-idor-insecure-direct-object-reference-2653f9b89fd4
By
@dhanush
#infosec #appsec #bugbountytips #bugbountytip #bugbounty #security
#BurpHacksForBounties - Day 25/30
Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.
#infosec #appsec #burp #security #bugbountytips #bugbounty
#BurpHacksForBounties - Day 26/30
Красное сердцеUnderstand the different intruder attack types in Burp Suite
With visualizations at code level for better understanding.
Code level understanding in follow up thread 👇
#infosec #appsec #security #cybersecurity #bugbounty #bugbountytips
Красное сердцеUnderstand the different intruder attack types in Burp Suite
With visualizations at code level for better understanding.
Code level understanding in follow up thread 👇
#infosec #appsec #security #cybersecurity #bugbounty #bugbountytips
#BurpHacksForBounties - 27/30
See all different intruder attack types of Burp Suite as codes
- Sniper
- Battering RAM
- Cluster Bomb
- PitchFork
#infosec #appsec #bugbounty #bugbountytips #security #burp
See all different intruder attack types of Burp Suite as codes
- Sniper
- Battering RAM
- Cluster Bomb
- PitchFork
#infosec #appsec #bugbounty #bugbountytips #security #burp
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
#BurpHacksForBounties - Day 29/30
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
Git-Secret
Go scripts for finding an API key / some keywords in a github repository
https://github.com/daffainfo/Git-Secret
#bugbounty #bugbountytips #pentest #api #infosec
Go scripts for finding an API key / some keywords in a github repository
https://github.com/daffainfo/Git-Secret
#bugbounty #bugbountytips #pentest #api #infosec
Search JS using Gau
#bugbounty #bugbountytips
gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt#bugbounty #bugbountytips
Forget Password Vulns
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
Xmind
Common Vulnerabilities on Forget Password Functionality
A Mind Map about Common Vulnerabilities on Forget Password Functionality submitted by Harsh Bothra on Jul 23, 2021. Created with Xmind.
Search Subdomains using Jldc
#bugbounty #bugbountytips
curl -s "jldc.me/anubis/subdomains/example.com" | grep -Po '(?<=")[\w*.-]*(?=")'
#bugbounty #bugbountytips
Search JS using Gau
gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt
#bugbounty #bugbountytips