Loading
svg
Open

All posts tagged in Burpsuite

  • June 21, 2024By Prapattimynk

    Most web application firewalls (WAFs) have limitations for how much data they can process when a request body is sent. This means for HTTP requests that contain a request body (i.e. POST, PUT, PATCH etc), it is usually possible to bypass the WAF by simply prepending junk data. When the request is padded with this

  • June 14, 2024By Prapattimynk

    SQL – Structured Query Language ¶‣ Advanced SQL Injection for AWAE Goal is to master SQL Injection Discovery, Detection and Exploitation Footnotes: Advanced SQL Injection Cheatsheet Rigorous Google Dorking Reddit Dorking Web Security Academy – SQL Injection My Brain + My Experience + My Logic Table of Content - Learning a lil' bit of SQL

  • January 14, 2024By Prapattimynk

    https://github.com/Quitten/Autorize Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert. Autorize was designed to help security testers by performing automatic authorization tests. With the last release now Autorize also perform automatic authentication tests. Installation User Guide – How to use? Authorization

  • January 14, 2024By Prapattimynk

    https://github.com/doyensec/inql InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. 🌟 Features The InQL user interface is equipped with two primary components: the Scanner and the Attacker. 🔎 Scanner The Scanner is the core of InQL v5.0, where you can analyze a GraphQL endpoint or a local

  • January 14, 2024By Prapattimynk

    https://github.com/d0ge/sessionless Sessionless is a Burp Suite extension for editing, signing, verifying, attacking signed tokens: Django TimestampSigner, ItsDangerous Signer, Express cookie-session middleware, OAuth2 Proxy and Tornado’s signed cookies. It provides automatic detection and in-line editing of token within HTTP requests/responses and WebSocket messages, signing of tokens and automation of brute force attacks against signed tokens implementations. It was inspired by Fraser Winterborn

svg