burp-suite – WindowsTechs.com

In Burp Suite, how can I filter traffic by a specific domain and also filter requests initiated by that specific domain?

Posted on February 18, 2025 by pashathree

In Burp Suite, how can I filter traffic by a specific domain, and also include requests initiated by that specific domain? For example, I want to filter:
www.example.com
But www.example.com initiated the request to www.x.com, so I want www… Continue reading In Burp Suite, how can I filter traffic by a specific domain and also filter requests initiated by that specific domain?→

Running zap scan on a web application is not detecting all endpoints

Posted on February 12, 2025 by Anonymous

I want to run ZAP automated scan to a web application. I have the url which is example.com/myapp. When I browse the application in burpsuite, I can see some rest endpoints being called like example.com/authz/rights-administration/.
When ru… Continue reading Running zap scan on a web application is not detecting all endpoints→

Is this database exploitable?

Posted on February 11, 2025 by Red Potato

I’m starting out as a bug bounty hunter and found a website that might have a problem yet I’m unsure if its exploitable or not.
When sending any payload that contains % I get an error:
Invalid query parameters: invalid %-encoding (21%)

An… Continue reading Is this database exploitable?→

Is it possible to run an active scan against a website with Burpsuite, ZAP, or another tool that excludes form submission for a single form? [closed]

Posted on January 29, 2025 by jaredad7

I am trying to run an unauthenticated active scan of a website as part of a penetration test, and there is one form on the website on a contact page that looks like it will send emails to a singular contact. We don’t want to flood this per… Continue reading Is it possible to run an active scan against a website with Burpsuite, ZAP, or another tool that excludes form submission for a single form? [closed]→

To fetch dynamic id from the past request response and use it in the next request

Posted on January 14, 2025 by STRIX

I have a website that needs a 6 digit code to log in. A dynamic ID is sent with the OTP submission request as "recoveryCode":"xxx" in the body. The dynamic ID for the next request is returned in the response of the firs… Continue reading To fetch dynamic id from the past request response and use it in the next request→

How to identify CSRF token vulnerabilities on a login page using burpsuite community edition [closed]

Posted on November 5, 2024 by Aswin Raj

How to gather the csrf token on a login page and analyze the vulnerabilities on csrf token using Burp?

Continue reading How to identify CSRF token vulnerabilities on a login page using burpsuite community edition [closed]→

How to brute force security code or One Time Password

Posted on October 25, 2024 by Transending Life

As part of my project, I am trying to brute force a security code for an app using "Forgot my password" option. I understand that I can brute force username and password using Hydra. However, it looks like I cannot use hydra for … Continue reading How to brute force security code or One Time Password→

Redirect all outgoing http and https requests to Burp using nftables

Posted on October 17, 2024 by Breakfast Serial

I’m working on a very limited client (based on Poky from the Yocto Project), on which I want to redirect all http/https requests to my other machine on the same network. I have nftables available on the target and verified this, by success… Continue reading Redirect all outgoing http and https requests to Burp using nftables→

How to transfer session between Burp browsers on different computers via IM?

Posted on September 3, 2024 by Bitbang3r

Is there an extension for Burp Pro that will allow you to do something like the following?

Alice launches Burp Suite Pro & launches its browser. Bob does the same.

Alice logs in to a website with multiple layers of MFA that neverthel… Continue reading How to transfer session between Burp browsers on different computers via IM?→

cant set cookie from request to another domain, chrome third party cookies phaseout

Posted on August 5, 2024 by SAVEPALASTINE

I am doing the PortSwigger CSRF lab, where the token is tied to a non-session cookie, the solution to this is that we set a cookie to the users’ browser through the search field which sets the search query to set cookie
and then do a POST … Continue reading cant set cookie from request to another domain, chrome third party cookies phaseout→