Burp Suite
Burp version to 1.7.36 or higher.
Professional / Community 1.7.36 | Releases (portswigger.net)
Attacks Types
Free Extensions to use
Software Vulnerability
→ [ CVE’s ]Retire.js
→ [ JQuery Flaws]JSON Web Tokensor JWT editor
→ [JWT pentest]param miner
→ [Web Cache Poisoning]Decoder Improved
→ https://portswigger.net/bappstore/0a05afd37da44adca514acef1cdde3b9Autorize
- [AC Bugs] ●Backslash Powered Scanner
- Advanced payloads while active scanner ●Google Authenticator
- Automation in 2FA ●Java Serial Killer
- payload generation tool for Java object deserialization ●Handy Collaborator
- OOB requests while manual test using Repeater ●HUNT Suite
- Identify common parameters for known vulnerabilities ●J2EEScan
- Scanner for Java based application ●Logger++
- Keeps logs of everything ●SAML Editor/SAML Encoder-Decoder/SAML Raider
- SAML requests ● `WSDLER/WSDL Wizard ``- Web service automatio
Burp Collaborator
● A network service which helps to discover Blind vulnerabilities such as SQL Injection, XML Injection, Cross-Site Scripting etc. ● Uses a specially crafted dedicated domain name and reports as an issue such as External Service Interaction, SQL Injection etc.
Scope
Set scope to advanced control & use string of target name (not a normal FQDN)
Goal: Show only links that have tesla in the URL in the Site map Click yes for to _"…stop sending out of scope items to the history…"_Show only in scope items in the Target / Site map
Last updated