[1/30] As promised! #BrupSuiteTips #infoSec #pentesting #bugbountytips
— B1twis3 | Preparing for OSEE (@fasthm00) February 14, 2020
Instead of using many tools to do multiple level of encoding or string manipulation. You can do all of that and MORE using #Hackvertor extension by @garethheyes in just a couple of clicks! pic.twitter.com/40aUCnaIup
[clip-2] pic.twitter.com/wy8dDnF062
— B1twis3 | Preparing for OSEE (@fasthm00) February 15, 2020
[3/30] #BurpSuitetips #BugHunting #pentesting #infosec
— B1twis3 | Preparing for OSEE (@fasthm00) February 16, 2020
Applying session handling & macro to a 3rd party tool (Sqlmap) and excluding a cookie value from the altering. Note that I just used the profile endpoint and the /login RESTful api for testing purposes. pic.twitter.com/G1FYXLV8WC
[4/30] #BurpSuitetips #PenTesting #BugHunting
— B1twis3 | Preparing for OSEE (@fasthm00) February 20, 2020
Deploying Private BurpSuite Collaborator in AWS EC2 Instance (Automated). You could use the AWS console to do it manually as well!
Note that this is the basic implementation of the server.https://t.co/oAtqGgubEu pic.twitter.com/xapBjWNwAa
[5/30] #BurpSuiteTips #Pentesting #bugHuntingtips
— B1twis3 | Preparing for OSEE (@fasthm00) February 24, 2020
Creating sequences of requests/steps using BurpSuite extension #Stepper.
Another #Tip: No need to be an expert in #RegEx to use Stepper, just use BurpSuite Sequencer (Select! Then copy the RegEx) BUT it's good to know RegEx ofc! pic.twitter.com/s7LwoPGGk2
[6/30] #BurpSuiteTips #PenTesting #BugBountyTips
— b1twis3 (@fasthm00) July 13, 2020
A short but valuable tip when it comes to automation!
Generating scripts such as Python, cURL, PowerShell and other scripting languages to reissue a selected HTTP request. pic.twitter.com/3t6ECg0W6U
[7/30] #BurpSuiteTips #PenTesting #BugBountyTips
— b1twis3 (@fasthm00) November 24, 2020
Now you can match responses based on specific conditions and push the matched strings/body to your slack/custom server.
– Customize the push notification
– Timer
– Match all the callbackshttps://t.co/qYA50Ffw1H pic.twitter.com/s7uRuKnTkr
To be continued…