Slam The Door Shut On Burp Suite’s Perfunctory Proxy
Burp Suite has some really cool features that make it useful as an HTTP Swiss Army Knife. It’s great for debugging and acting as a middle translation layer to duct […]
Burp Suite has some really cool features that make it useful as an HTTP Swiss Army Knife. It’s great for debugging and acting as a middle translation layer to duct […]
Penetration Testing is often an exercise of observing the behavior of the target, and then finding creative ways to subvert its expectations to trigger an unusual (security-impacting) behavior. Sometimes the […]
Following our initial release of the addToTLSPassThrough Burp Suite Extension, we are pleased to announce publication of version 1.0.1! AddToTLSPassThrough 1.0.1 Significant improvements to the extension have been added to […]
One of the reasons that Burp Suite has become a standard tool for Web Application Penetration Testing is the ecosystem of Extensions that enable it to support new functionality. Sometimes […]
In my previous blog post, part 1, I covered the basic configuration of the AuthMatrix Burp Suite extension, so we will now move on to some more advanced setups. The […]
In the previous posts, part 1 and part 2, for this blog series we created an environment where we can test directory enumeration tools and adjust rate limiting. Let’s continue […]
Modifying Compiled Java Executables By Editing Bytecode This post will cover the basics of Java Bytecode editing, which allows you to take a compiled Java Executable and make modifications to […]
SSRF Attack We recently came across a privilege escalation attack avenue during a web application / thick client penetration test. In this blog post, I will be talking about a […]
This White Oak series covers what is authorization testing & AuthMatrix’s basic setup of roles, users, & requests for a simple application that only uses cookies.
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]