Slam The Door Shut On Burp Suite’s Perfunctory Proxy
Burp Suite has some really cool features that make it useful as an HTTP Swiss Army Knife. It’s great for debugging and acting as a middle translation layer to duct […]
Burp Suite has some really cool features that make it useful as an HTTP Swiss Army Knife. It’s great for debugging and acting as a middle translation layer to duct […]
Penetration Testing is often an exercise of observing the behavior of the target, and then finding creative ways to subvert its expectations to trigger an unusual (security-impacting) behavior. Sometimes the […]
Following our initial release of the addToTLSPassThrough Burp Suite Extension, we are pleased to announce publication of version 1.0.1! AddToTLSPassThrough 1.0.1 Significant improvements to the extension have been added to […]
One of the reasons that Burp Suite has become a standard tool for Web Application Penetration Testing is the ecosystem of Extensions that enable it to support new functionality. Sometimes […]
Password Cracking has its own large methodology when it comes to targeted methods of cracking passwords. You can consider English and other language models, passphrases, 1337sp34k translations, case MoDiFCaTiOn, distributed […]
I was recently combing through GitHub for a tool that I tend to use on mobile application penetration tests when I came across APKLeaks. I currently make use of Mobile […]
White Oak Security discovered a “Zip Slip” Authenticated Remote Code Execution vulnerability in Frevvo Live Forms. Frevvo Live Forms is a workflow automation software used to automate processes and forms. […]
In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
In the previous posts, part 1 and part 2, for this blog series we created an environment where we can test directory enumeration tools and adjust rate limiting. Let’s continue […]
Chances are if you’re reading this article, you are in the middle of a penetration test against a fairly large enterprise with some legacy equipment hanging off the network. You’ve […]