Collaborate Disseminate
I am passing the Cookie header of a valid authenticated, high privileged user to the unauthenticated or low privileged user using Autorize (Burp Extension).
So ideally, the Autorize says the requests are bypassed because the Cookie header … Continue reading Passing the session ID of an unauthenticated user to a valid session using Burp
I am analyzing the HTTPS traffic from a particular Android app using the Burp proxy. So every 5 minutes, the app hits an endpoint and sends an encrypted/encoded text in its HTTPS request. I tried decoding it using CyberChef Base-64 and rep… Continue reading Encrypted/Encoded text in the Burp HTTPS request – Android [duplicate]
I am intercepting the android app’s traffic and there is this weird content seen on the HTTP request and response body. The request is actually sending an image file(.jpg) and this weird content is seen below in the request body. The respo… Continue reading Non readable text values in the Burp http requests and responses
starting with Burp Suite and trying to breach DVWA, I am bugged with this error: "Invalid Target".
Damn Vulnerable Web App is actually hosted on the private net as Burp shows:
Where am I mistaken?
Hey so am new to pentesting and I learnt that using https makes the traffic encrypted so hackers cannot decipher credentials passed in a body for example in a login page or read the traffic properly. So I was practicing with both GET and P… Continue reading Credentials in a POST body over https are visible
The following code demonstrates the source code of this challenge and basically, I need to send a post request with arbitrary code to execute on the server. However, after multiple attempts Im unable to run any bash with the http request? … Continue reading How to perform php post request attack with javascript sanitization?
I’m conducting an external penetration test. I have several Cisco VPNs and a Citrix Netscaler Gateway VPN. I’m trying to configure Portsigger’s Burp to connect to my testing platform (Digital Ocean Ubuntu box with Squid) and then to the cl… Continue reading Help with Successfully Accessing Citrix Netscaler Login Interface with Burp via squid proxy
i have a VPN based mobile application and i am not able to intercept it with Burp…When VPN is off in mobile then application is not running (opening)…..when i am setting manual proxy in iphone wifi with VPN ON, then traffic is not gett… Continue reading VPN Based Mobile Traffic Interception using Burp
I noticed more and more times that some mobile apps are able to block requests, and they don’t forward those requests to the server if they’re going to be intercepted with a proxy like BurpSuite. This not happens for all installed apps on … Continue reading How some mobile apps prevent http traffic from being intercepted through a proxy like BurpSuite?
There is an application which is interacting with the server using command prompt only. Also,There is no inbuilt function to apply proxy on it. I tried changing the host file details with the ip 127.0.0.1 and using invisible proxy from Bur… Continue reading Intercepting non http or https traffic using Burp suite? [duplicate]