https://research.checkpoint.com/black-hat-2019-whatsapp-protocol-decryption-for-chat-manipulation-and-more/
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
https://github.com/romanzaikin/BurpExtension-WhatsApp-Decryption-CheckPoint
Check Point Research
Black Hat 2019 – WhatsApp Protocol Decryption for Chat Manipulation and More - Check Point Research
Research By: Dikla Barda, Roman Zaikin and Oded Vanunu According to sources, WhatsApp, the Facebook-owned messaging application has over 1.5 billion users in over 180 countries. The average user checks WhatsApp more than 23 times per day. And, the number…
Bypassing IP based blocking with AWS API Gateway
https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/
https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/
Rhino Security Labs
Bypassing IP Based Blocking with AWS API Gateway
In order to bypass IP based blocking, we at Rhino Security Labs created a Burp Suite extension that uses AWS API Gateway to change your IP on every request.
burpsuite_pro_v2.1.zip
279.3 MB
pass: 311138
java -jar burpsuite_pro_v2.1_BurpHelper.jar
java -jar burpsuite_pro_v2.1_BurpHelper.jar
really HelpFull For Bounty Hunters :)
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
portswigger.net
Cross-Site Scripting (XSS) Cheat Sheet - 2024 Edition | Web Security Academy
Interactive cross-site scripting (XSS) cheat sheet for 2024, brought to you by PortSwigger. Actively maintained, and regularly updated with new vectors.
burpsuite_pro_v2.1.04.zip
285.1 MB
pass: 311138
The keygen was published for burpsuite 2.1.04 pro.
To run it, java 1.8.0_221 is required, because of which TLS 1.3 interception will not be available, otherwise the keygen is working fine.
run:
or from keygen itself
The keygen was published for burpsuite 2.1.04 pro.
To run it, java 1.8.0_221 is required, because of which TLS 1.3 interception will not be available, otherwise the keygen is working fine.
run:
java -noverify -Xbootclasspath/p:burp-loader-keygen-2_1_04.jar -jar burpsuite_pro_v2.1.04.jar
or from keygen itself
Burp Suite extension to discover assets from HTTP response using passive scanning.
https://github.com/redhuntlabs/BurpSuite-Asset_Discover
https://github.com/redhuntlabs/BurpSuite-Asset_Discover
GitHub
GitHub - redhuntlabs/BurpSuite-Asset_Discover: Burp Suite extension to discover assets from HTTP response.
Burp Suite extension to discover assets from HTTP response. - redhuntlabs/BurpSuite-Asset_Discover
#Tips
In #Burp Suite you can mark which parameter (or path, title) you need to scan.
To do it, open Intruder tool, mark the most interesting parts of the HTTP request, and then send it to scan.
https://t.me/webpwn/255
In #Burp Suite you can mark which parameter (or path, title) you need to scan.
To do it, open Intruder tool, mark the most interesting parts of the HTTP request, and then send it to scan.
https://t.me/webpwn/255