π₯OSCP Trainingπ₯π‘βοΈπ¨π»βπ» pinned Deleted message
Burp Suite 2023.8+ includes a feature that theoretically makes opening untrusted project files safe. If you find a bypass, you're probably eligible for a bounty - check the full details here:
https://portswigger.net/burp/releases/professional-community-2023-8
https://portswigger.net/burp/releases/professional-community-2023-8
π10
Bug Bounty Tip
GBK Encoding / MultiByte Attack
ε = %E5%98%8A = \u560a β %0A
ε = %E5%98%8D = \u560d β %0D
εΎ = %E5%98%BE = \u563e β %3E (>)
εΌ = %E5%98%BC = \u563c β %3C (<)
ε’ = %E5%98%A2 = \u5622 β %22 (')
ε§ = %E5%98%A7 = \u5627 β %27 (")
For XSS, CRLF, WAF bypass
GBK Encoding / MultiByte Attack
ε = %E5%98%8A = \u560a β %0A
ε = %E5%98%8D = \u560d β %0D
εΎ = %E5%98%BE = \u563e β %3E (>)
εΌ = %E5%98%BC = \u563c β %3C (<)
ε’ = %E5%98%A2 = \u5622 β %22 (')
ε§ = %E5%98%A7 = \u5627 β %27 (")
For XSS, CRLF, WAF bypass
β€6π3
https://portswigger.net/burp/documentation/desktop/settings/network/tls#tls-negotiation
Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
Burp Suite 2023.10 is harder to fingerprint than earlier versions as it now sets 'Accept-Encoding: gzip, deflate, br'. If you're still blocked, you might bypass it by tinkering with your TLS ciphers using "Network->TLS -> Use custom protocols and ciphers"
π3
Bug Bounty Tip
SSTI (Server Side Template Injection) Payload List
πΉ{7*7}
πΉ*{7*7}
πΉ{{7*7}}
πΉ[[7*7]]
πΉ${7*7}
πΉ@(7*7)
πΉ<?=7*7?>
πΉ<%= 7*7 %>
πΉ${= 7*7}
πΉ{{= 7*7}}
πΉ${{7*7}}
πΉ#{7*7}
πΉ[=7*7]
If evaluated as 49 - the target is vulnerable
SSTI (Server Side Template Injection) Payload List
πΉ{7*7}
πΉ*{7*7}
πΉ{{7*7}}
πΉ[[7*7]]
πΉ${7*7}
πΉ@(7*7)
πΉ<?=7*7?>
πΉ<%= 7*7 %>
πΉ${= 7*7}
πΉ{{= 7*7}}
πΉ${{7*7}}
πΉ#{7*7}
πΉ[=7*7]
If evaluated as 49 - the target is vulnerable
π11