Slam The Door Shut On Burp Suite’s Perfunctory Proxy
Burp Suite has some really cool features that make it useful as an HTTP Swiss Army Knife. It’s great for debugging and acting as a middle translation layer to duct […]
application pentesting
Burp Suite: Session Timeout Vulnerabilities & Session Extension
Penetration Testing is often an exercise of observing the behavior of the target, and then finding creative ways to subvert its expectations to trigger an unusual (security-impacting) behavior. Sometimes the […]
AddToTLSPassThrough 1.0.1 Version Burp Extension Release Notes
Following our initial release of the addToTLSPassThrough Burp Suite Extension, we are pleased to announce publication of version 1.0.1! AddToTLSPassThrough 1.0.1 Significant improvements to the extension have been added to […]
Sculpting Burp Extension Output With Burp Suite Reshaper Plugin
One of the reasons that Burp Suite has become a standard tool for Web Application Penetration Testing is the ecosystem of Extensions that enable it to support new functionality. Sometimes […]
Automating Authorization Testing: AuthMatrix – Part 2
In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
Dockerizing A Web Testing Environment: Part 3
In the previous posts, part 1 and part 2, for this blog series we created an environment where we can test directory enumeration tools and adjust rate limiting. Let’s continue […]
Modifying Java By Editing Bytecode
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
Server-Side Request Forgery Attack & Fix
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
Automating Authorization Testing: AuthMatrix – Part 1
This White Oak series covers what is authorization testing & AuthMatrix’s basic setup of roles, users, & requests for a simple application that only uses cookies.
Unauthenticated: XXE Edition
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]