Collaborate Disseminate
I am working on some portswigger labs to get good at web security.
I was doing this lab at the following link: https://portswigger.net/web-security/ssrf/lab-basic-ssrf-against-localhost
Spoiler, you press the "check stock" button… Continue reading Portswigger SSRF basic lab question
I am currently conducting vulnerability assessment and penetration testing for an OTC platform that facilitates energy import and export. The platform caters to two types of users: 1) Admin and 2) DISCOM, a normal user.
I am utilizing Burp… Continue reading Seeking Advice on Configurations for Vulnerability Assessment Scans in BurpSuite Professional [closed]
I recently encountered a scenario where Mobile Application is generating CSR request, call a POST API request and in response, Ask Server for certificate. Server will respond with the temporary certificate and Mobile Application will use t… Continue reading How to Capture Mobile API Requests in burp when Server side pinning is implemented
A typical usage pattern for me in application testing is that I will write python scripts to automate various attacks against endpoints &c. What I want to do is add a header each request of the form "Script-Name: sys.argv[0]"… Continue reading Using Burp Bambdas to filter proxy logs based on unmodified requests
I am trying to analyze HTTP traffic of our application.
Application has two accessible portals, one accessible by admin.localhost:3002 and the other accessible by localhost:3002
I have Burp Suite proxy on 127.0.0.1:8080, certs configured i… Continue reading Unknown host on Burp Suite when trying to access *.localhost
I was recently doing bug bounty on a website and found it also has an app so i tried to pentest on it using burpsuite via MITM and intercepting it through burp proxy
Though my request got blocked by the app and it showed me error even afte… Continue reading Intercepting Android App: Google detects burp proxy and block the request to app
I want to solve an apprentice-level lab on PortSwigger.com focused on file upload vulnerabilities; the lab is called Remote code execution via web shell upload. The labs on PortSwigger.com encourage the use of Burp. However, while Burp is … Continue reading Issue uploading a file with cURL to WebSecurityAcademy Lab on PortSwigger.com
I have to scan 2 API requests and for the second API request to be successful, the first API request must be successful and vice versa. Each time Burp Scanner sends a request, it should go in this order:
Request 1
Request 2
Request 1
Requ… Continue reading How can I run Burp Scanner so that a request two requests are sent one after the other in that order?
A few days ago I found a vulnerability in a site of scope using the Burp suite scanner with the command nslookup xxx.burpcolaborator.com exploit with the following feature:
Issue: OS command injection
Severity: High
Confidence: Certain
… Continue reading out-of-band data exfiltration Command Injection
I am running a Audit and Scan Deep Scan of a website using Burp Suite Professional v2023.10.3.7. I have entered the Settings for the scan and went to Application Login, entering credentials for the login screen.
While the scan is occurring… Continue reading What are the steps necessary to configure Burp Suite Crawler/Scan for maintaining login sessions?