I recently wrote a thread on my top used Bug Bounty Tools. You can find it here :
After publishing the above thread, I got lots of requests to write on my most used / favourite Burp Suite extensions.
So here's a thread on my most used Burp extensions.
After publishing the above thread, I got lots of requests to write on my most used / favourite Burp Suite extensions.
So here's a thread on my most used Burp extensions.
1. Autorize
Autorize is straight up one of my most used and liked extensions. I personally use Autorize to automate testing for IDORs and it's very simple to use.
youtube.com
In the above video I've combined with our favourite @theXSSrat on using Autorize.
Autorize is straight up one of my most used and liked extensions. I personally use Autorize to automate testing for IDORs and it's very simple to use.
youtube.com
In the above video I've combined with our favourite @theXSSrat on using Autorize.
2. Param Miner
Anybody who's into Bug Bounty for quite sometime knows how important it is to identify parameters. Param Miner helps you do this at ease.
I personally use Param Miner to check for web cache poisoning vulnerabilities.
Anybody who's into Bug Bounty for quite sometime knows how important it is to identify parameters. Param Miner helps you do this at ease.
I personally use Param Miner to check for web cache poisoning vulnerabilities.
3. JSON Beautifier
I like to keep my things organized and a lot of times when we test Web Apps we cross paths with JSON. JSON Beautifier helps you to make your JSON content more readable and ultimately makes your entire job of testing a lot easier.
I like to keep my things organized and a lot of times when we test Web Apps we cross paths with JSON. JSON Beautifier helps you to make your JSON content more readable and ultimately makes your entire job of testing a lot easier.
4. Flow
This is one extension that I recently have fell in love with. Flow basically logs everything you send from Burp Suite, even when using Scanner, Extender etc. You can also customize to see a requests from specific set of tools in the filter section. Highly helpful.
This is one extension that I recently have fell in love with. Flow basically logs everything you send from Burp Suite, even when using Scanner, Extender etc. You can also customize to see a requests from specific set of tools in the filter section. Highly helpful.
5. Upload Scanner
Some web apps allows users to upload files. This is an interesting attack vector as you can technically upload a web shell or a dirty payload etc. This extension helps you upload different file types embedded with different forms of payloads such as SSRF & XXE.
Some web apps allows users to upload files. This is an interesting attack vector as you can technically upload a web shell or a dirty payload etc. This extension helps you upload different file types embedded with different forms of payloads such as SSRF & XXE.
Hey ๐, I'm Nithin and I tweet on
๐ฅ๏ธ Security / Tech
๐ Productivity
๐ธ Money
Follow @thebinarybot if either of the above topic interests you.
#bugbountytips #bugbounty #infosec #cybersecurity
๐ฅ๏ธ Security / Tech
๐ Productivity
๐ธ Money
Follow @thebinarybot if either of the above topic interests you.
#bugbountytips #bugbounty #infosec #cybersecurity
Loading suggestions...