🚨🚨 #BurpHacksForBounties - Day 6/30

Burp Suite and firefox 🔥🦊 match made in heaven.

Read the shortcomings of in-built browser and how to make firefox silent.
Down here 👇🍺

#infosec #appsec #burp #security #bugbounty #bugbountytips

#BurpHacksForBounties - Day 7/30

Macro: A recorded session in Burp Suite

Part 1: What, How & Why?
Part 2: How to use to automate testing?

#infosec #ppsec #bugbounty #bugbountytips #security #burp

#BurpHacksForBounties - Day 8/30

Burp Suite Automation through Macros and Using macros in creating sessions for APIs and protected resources.

#infosec #appsec #burp #security #bugbountytips #bugbounty

🚨🚨🤓 #BurpHacksForBounties - Day 9/30

Following parameter in Burp Suite repeater's response.

A time-saver tip that I read from @sw33tLie reply in the thread by @codingo_

👇🔽⬇️
#security #appsec #burp #bugbountytips #bugbountytip

#BurpHacksForBounties - Hack 11/30

We mostly use PortSwigger 's Burp Suite pro for corporate pentesting, & we should not capture and store corporate credentials.

Steps that I use and why is it important: 👇

#infosec #appsec #burp #Burpsuite

#BurpHacksForBounties - Day 12/30

IPtables + Burp Suite + Android Applications. 😍🤓🤫😀
Tricky and length but worth setting up.

#burp #bugbountytips #infosec #security #appsec #bugbountytip

#BurpHacksForBounties - Tip 14/30

Burp Suite Config provides options for handling configurations for User-level and project-level options.

I personally use this configuration :

#appsec #infosec #burp #bugbountytips #bugbountytip

#BurpHacksForBounties - Day 15/30

Macros in Burp Suite by akshita_infosec. I could not have explained it better than she did. Nice work :)

https://akshita-infosec.medium.com/burp-macros-what-why-how-151df8901641

#infosec #appsec #bugbounties #bugbountytips #burp

#BurpHacksForBounties - Tip 16/30

Host Header Hacks with Burp Suite's repeater. For webserver, serving requests through reverse proxy, don't forget to try this technique out. Learnt from @lbinowax

Quick read and How to 👇🏼


#infosec #appsec #burp #bugbounties #bugbountytips

#BurpHacksForBounties - Day 18/30

Do you want to filter the responses in Burp Suite Intruder? And only show the ones which have specific pattern present in response?

If yes try this 👇🏻 🧵

#appsec #infosec #bugbountytips #bugbountytip #burp

Burp Suite - ninja tricks

https://owasp.org/www-chapter-norway/assets/files/Burp%20suite%20ninja%20moves.pdf

#burp #tricks #BugBounty

#BurpHacksForBounties - Tip 19/30

Adding your own scan rules to Burp Suite active/passive scanner. Include custom checks in scanner for #bugbounties without writing a single line of code.

Using a plugin developed by @BurpBounty @egarme

#infosec #appsec #burp #bugbountytips

#BurpHacksForBounties - Day 22/30

🤓🤓 Create your own Burp Extender Plugin in 3 tweets with Java.
Thank you Burp Suite for making it easy

#infosec #appsec #burp @BurpSuiteGuide #bugbountytips #bugbountytip #security

#BurpHacksForBounties - Day 23/30

❤️ Productivity Hacks ❤️

#infosec #security #burp

#BurpHacksForBounties - Day 25/30

Optimizing Burp Suite for better performance, these 4 simple steps and you would notice a big difference in performance.

#infosec #appsec #burp #security #bugbountytips #bugbounty

#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.


CSRF POC generator is only available in Burp Suite pro, but not anymore.

Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken


#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity

Burp Suite RCE

http://noahblog.360.cn/burp-suite-rce

#rce #burp

Malicious PDF Generator

Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator.

https://github.com/pussycat0x/malicious-pdf

#pdf #payload #burp #collaborator