Interesting @Burp_Suite extension (by @julianpentest) working with the collaborator to add from 200 to thousands payloads to find OS command injection. Even reading the readme is very instructive ! https://twitter.com/binitamshah/status/1011528746367504384
https://github.com/portswigger/burp-smart-buster
Burp Suite extensions I recommend (in no specific order): AutoRepeater, Content Type Converter, Param Miner, Request Minimizer, Backslash Powered Scanner, ActiveScan++, Taborator, Paramalyzer, Upload Scanner, Hackvertor, Piper, Request Timer, Logger++, Add Custom Header
Do you have any problem with creating a new account in some application due to requirement of business email (corp)? Solution is here: #Burp Collaborator. Create an account with blabla@burpcollaborato.net and look after SMTP request at your client. #Security #bugbountytip #webapp
Need a quick way to request 1000's of URLs in burp without crashing your browser?
cat yahoourls.txt| parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null
Last updated 4 years ago
