#BurpHacksForBounties - Day 15/30
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)
https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641
#infosec #appsec #bugbounties #bugbountytips #burp
#BurpHacksForBounties - Tip 16/30
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax
Quick read and How to 👇🏼
#infosec #appsec #burp #bugbounties #bugbountytips
#BurpHacksForBounties - Day 18/30
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
#BurpHacksForBounties - Tip 19/30
Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.
Using a plugin developed by @BurpBounty @egarme
#infosec #appsec #burp #bugbountytips
Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.
Using a plugin developed by @BurpBounty @egarme
#infosec #appsec #burp #bugbountytips
#BurpHacksForBounties - Day 22/30
🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy
#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security
🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy
#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 24/30
This is an amazing writeup which talks about using plugin in Burp that ease the journey for catching IDORs.
Writeup link: https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-idor-insecure-direct-object-reference-2653f9b89fd4
By
@dhanush
#infosec #appsec #bugbountytips #bugbountytip #bugbounty #security
This is an amazing writeup which talks about using plugin in Burp that ease the journey for catching IDORs.
Writeup link: https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-idor-insecure-direct-object-reference-2653f9b89fd4
By
@dhanush
#infosec #appsec #bugbountytips #bugbountytip #bugbounty #security
#BurpHacksForBounties - Day 25/30
Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.
#infosec #appsec #burp #security #bugbountytips #bugbounty
#BurpHacksForBounties - Day 26/30
Красное сердцеUnderstand the different intruder attack types in Burp Suite
With visualizations at code level for better understanding.
Code level understanding in follow up thread 👇
#infosec #appsec #security #cybersecurity #bugbounty #bugbountytips
Красное сердцеUnderstand the different intruder attack types in Burp Suite
With visualizations at code level for better understanding.
Code level understanding in follow up thread 👇
#infosec #appsec #security #cybersecurity #bugbounty #bugbountytips
#BurpHacksForBounties - 27/30
See all different intruder attack types of Burp Suite as codes
- Sniper
- Battering RAM
- Cluster Bomb
- PitchFork
#infosec #appsec #bugbounty #bugbountytips #security #burp
See all different intruder attack types of Burp Suite as codes
- Sniper
- Battering RAM
- Cluster Bomb
- PitchFork
#infosec #appsec #bugbounty #bugbountytips #security #burp
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
#BurpHacksForBounties - Day 29/30
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
Forget Password Vulns
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
Xmind
Common Vulnerabilities on Forget Password Functionality
A Mind Map about Common Vulnerabilities on Forget Password Functionality submitted by Harsh Bothra on Jul 23, 2021. Created with Xmind.
Beginners Guide to 0day/CVE AppSec Research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Boku
Beginners Guide to 0day/CVE AppSec Research
DevSecOps pipelines
— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check
Pipelines:
https://gitlab.com/whitespots-public/pipelines
Security scanners:
https://gitlab.com/whitespots-public/security-images
Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app
#appsec #devsecops #pipelines
— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check
Pipelines:
https://gitlab.com/whitespots-public/pipelines
Security scanners:
https://gitlab.com/whitespots-public/security-images
Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app
#appsec #devsecops #pipelines
🔥3👍2
List of Vulnerable Functions for Different Languages
This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use.
https://rules.sonarsource.com/
https://github.com/wireghoul/graudit
#appsec #vulnerable #function #source
This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use.
https://rules.sonarsource.com/
https://github.com/wireghoul/graudit
#appsec #vulnerable #function #source
🔥4
🎁 Application Security Pipelines
(Now with guides)
Scan your code, infrastructure configs and domains with many open source scanners.
Currently supported: trufflehog, gitleaks, bandit, gosec, spotbugs, terrascan, hadolint, retirejs, eslint, phpcs, sonarqube integration, semgrep, arachni, zap, subfinder, nuclei..
All reports will be passed to defectdojo
Guides:
https://github.com/Whitespots-OU/DevSecOps-Pipelines
Integration examples:
https://gitlab.com/whitespots-public/vulnerable-apps
#appsec #devsecops #pipelines
(Now with guides)
Scan your code, infrastructure configs and domains with many open source scanners.
Currently supported: trufflehog, gitleaks, bandit, gosec, spotbugs, terrascan, hadolint, retirejs, eslint, phpcs, sonarqube integration, semgrep, arachni, zap, subfinder, nuclei..
All reports will be passed to defectdojo
Guides:
https://github.com/Whitespots-OU/DevSecOps-Pipelines
Integration examples:
https://gitlab.com/whitespots-public/vulnerable-apps
#appsec #devsecops #pipelines
👍4🔥2