How to identify CSRF token vulnerabilities on a login page using burpsuite community edition [closed]
How to gather the csrf token on a login page and analyze the vulnerabilities on csrf token using Burp?
Category Archives: burp-suite
How to brute force security code or One Time Password
As part of my project, I am trying to brute force a security code for an app using "Forgot my password" option. I understand that I can brute force username and password using Hydra. However, it looks like I cannot use hydra for … Continue reading How to brute force security code or One Time Password
Redirect all outgoing http and https requests to Burp using nftables
I’m working on a very limited client (based on Poky from the Yocto Project), on which I want to redirect all http/https requests to my other machine on the same network. I have nftables available on the target and verified this, by success… Continue reading Redirect all outgoing http and https requests to Burp using nftables
How to transfer session between Burp browsers on different computers via IM?
Is there an extension for Burp Pro that will allow you to do something like the following?
Alice launches Burp Suite Pro & launches its browser. Bob does the same.
Alice logs in to a website with multiple layers of MFA that neverthel… Continue reading How to transfer session between Burp browsers on different computers via IM?
cant set cookie from request to another domain, chrome third party cookies phaseout
I am doing the PortSwigger CSRF lab, where the token is tied to a non-session cookie, the solution to this is that we set a cookie to the users’ browser through the search field which sets the search query to set cookie
and then do a POST … Continue reading cant set cookie from request to another domain, chrome third party cookies phaseout
Burp’s collaborator v. private collaborator for bug bounty hunting
A question for bug bounty hunters – what is the current stance on using Burp’s collaborator v. your own private one? Is there any benefit to having your own collaborator server compared to the time/effort/security in maintaining it? For an… Continue reading Burp’s collaborator v. private collaborator for bug bounty hunting
PortSwigger Scores Hefty $112 Million Investment
The British company behind the popular Burp Suite pen-test utilities has banked a massive $112 million investment from Brighton Park Capital.
The post PortSwigger Scores Hefty $112 Million Investment appeared first on SecurityWeek.
Continue reading PortSwigger Scores Hefty $112 Million Investment
Edge browser + Docker: proxy settings for Burp Suite
This is my case:
I’m trying DVWA in a Docker container localhost:4280.
I want to test this webapp with Burp Suite (which listen to port 8080) and Microsoft Edge browser. I’m on Windows 11
The way to set the proxy on Windows is Network &… Continue reading Edge browser + Docker: proxy settings for Burp Suite
export burp certificate to wireshark for inspection
I am trying to figure out if i can take the burpsuite certificate and export it to wireshark to be able to inspect the traffic going through it. My main goal here is to test a website i own to see what kind of data is being set out.
I have… Continue reading export burp certificate to wireshark for inspection
Which tool to use to automate REST API pentest
I want to run an automated REST API pentest, and I want to integrate my test into CI/CD pipeline. Note: I have the openapi specification of the APIs that I want to test.
My automated test will be divided into 2 parts:
Anti-regression test… Continue reading Which tool to use to automate REST API pentest