Extending fuzzing with BurpSuite by FAST
https://lab.wallarm.com/extending-fuzzing-with-burp-by-fast-f67d8b5d63e7
https://lab.wallarm.com/extending-fuzzing-with-burp-by-fast-f67d8b5d63e7
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
https://github.com/portswigger/turbo-intruder
https://github.com/portswigger/turbo-intruder
GitHub
GitHub - PortSwigger/turbo-intruder: Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing…
Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. - PortSwigger/turbo-intruder
Freddy the Serial(isation) Killer - Deserialization Bug Finder
https://github.com/portswigger/freddy-deserialization-bug-finder
https://github.com/portswigger/freddy-deserialization-bug-finder
GitHub
GitHub - PortSwigger/freddy-deserialization-bug-finder
Contribute to PortSwigger/freddy-deserialization-bug-finder development by creating an account on GitHub.
👍1
Vulners Burp Suite Software vulnerability plugin update released
Vulners have updated Vulners Scanner plugin!
Vulners have updated Vulners Scanner plugin!
burpsuite (not official)
https://blog.fabiopires.pt/running-your-instance-of-burp-collaborator-server/
Deploy a private Burp Collaborator Server in Azure
https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70
https://medium.com/bugbountywriteup/deploy-a-private-burp-collaborator-server-in-azure-f0d932ae1d70
Medium
Deploy a private Burp Collaborator Server in Azure
A short time ago, I had to set up a private Burp Collaborator Server to avoid possible leaks of my client´s sensitive information. I want…
Using UTF8 for right edit/view different languages in requests and responses
https://github.com/pajswigger/utf8-message-editor
https://github.com/pajswigger/utf8-message-editor
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.
https://github.com/RhinoSecurityLabs/SleuthQL
https://github.com/RhinoSecurityLabs/SleuthQL
GitHub
GitHub - RhinoSecurityLabs/SleuthQL: Python3 Burp History parsing tool to discover potential SQL injection points. To be used in…
Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap. - RhinoSecurityLabs/SleuthQL
Intercepting traffic from Android Flutter applications
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
https://blog.nviso.be/2019/08/13/intercepting-traffic-from-android-flutter-applications/
NVISO Labs
Intercepting traffic from Android Flutter applications
Update: The explanation below explains the step for ARMv7. For ARMv8 (64bit), see this blogpost. ⚠️ Update August 2022 ⚠️An update to this blog post was written and can be found here. It …
👏1
Cryptography in Python Burp Extensions
https://parsiya.net/blog/2018-12-24-cryptography-in-python-burp-extensions/
https://parsiya.net/blog/2018-12-24-cryptography-in-python-burp-extensions/
parsiya.net
Cryptography in Python Burp Extensions
In this post, I will discuss a few tricks for creating Burp extensions in Python that deal with cryptography. Our example is a Burp extension that adds a new tab to decode and decrypt an application's traffic. This allows us to modify payloads on the fly…
https://research.checkpoint.com/black-hat-2019-whatsapp-protocol-decryption-for-chat-manipulation-and-more/
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Check Point Research
Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More - Check Point Research
Research By: Dikla Barda, Roman Zaikin and Oded Vanunu According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries. The average user checks WhatsApp more than 23 times per day. And, the number…
Bypassing IP based blocking with AWS API Gateway
https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/
https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/
Rhino Security Labs
Bypassing IP Based Blocking with AWS API Gateway
In order to bypass IP based blocking, we at Rhino Security Labs created a Burp Suite extension that uses AWS API Gateway to change your IP on every request.
burpsuite_pro_v2.1.zip
279.3 MB
pass: 311138
java -jar burpsuite_pro_v2.1_BurpHelper.jar
java -jar burpsuite_pro_v2.1_BurpHelper.jar