if you're using Burp for web app testing, you can benefit from the added productivity provided by the Burp Variables extension. this extension lets you reference reusable variables in your requests, similar to environment variables in Postman and Insomnia

additionally, new with v1.2.0, Burp Variables now supports auto-updating variable values from response content via a regex with a capture group, allowing you to automatically update tokens, session data, and other dynamic values

https://github.com/0xceba/burp_variables

#cybersecurity #infosec #hacking #bugbounty #pentest #pentesting

Mozilla has a new CEO and he just announced that Firefox will evolve into a modern AI browser. This is a good example of how management doesn’t understand its own user base and why they go out of their way to install Firefox on Windows, Android, iOS and other devices.

Full blog post https://blog.mozilla.org/en/mozilla/leadership/mozillas-next-chapter-anthony-enzor-demeo-new-ceo/

🎉 Tor Browser 15.0 is now available! Our first stable release based on Firefox ESR 140, incorporating a year's worth of changes. Download now from the Tor Browser download page: https://blog.torproject.org/new-release-tor-browser-150/

this is your reminder that if you're using Burp for web app testing, you should be using an extension that lets you use variables in your outgoing requests. variables functionality gives you a single place to update credential, token, and identifier values which improves productivity and reduces false positives. there are a few extensions that provide this functionality and I recommend my extension, Burp Variables, which is purpose-built for it: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking

UNIX includes a command to deal with your cat walking on your keyboard. When your cat is coming, you just type "cat" and press enter, and your cat's input won't mess anything up.

@0xceba Thank you, this extension is awesome and is a huge time saver when testing APIs

@floyd yep, hackvertor globals can also be used to store and reference values in requests. hackvertor is a powerful extension, but there's a few reasons you might consider using Burp Variables if variable support is the functionality you're looking for:
- hackvertor globals are ... global. the globals will persist between your projects so you'll have a single shared list of variables. this may not be your desired behavior since many users use variables to reference identifiers, tokens, and credentials that are unique to a single application
- the hackvertor globals UI is clunky. it takes a lot of clicks to add, modify, or delete a global which is counterproductive for a productivity feature
- Burp Variables is a lightweight extension that does a single thing well. it has a minimal performance impact because it registers only 1 HTTP handler and limits slower API calls to startup and shutdown

after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:
- install the extension from the BApp Store
- see more details at the BApp Store page: https://portswigger.net/bappstore/27f89b068a3045649d4df77a863209c1
- review the source code at the extension's source repo: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking #cybersecurity #infosec

I'm excited to announce Burp Variables v.1.1.6. this version has an updated UI which streamlines how variables are added: they can now be added through the dedicated panel on the Variables tab or via the context menu for requests that come from the message editor. the latter option is convenient when working with new variable names that haven't been memorized yet. download the new release at: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking

Burp Variables v1.1.5 has been released. this version features an optimized storage mechanism and import/export functionality to conveniently populate the variables table from disk. download the release at https://github.com/0xceba/burp_variables

#burp #burp_suite #burpsuite #pentesting #pentest #bugbounty #bugbountytips #hacking

if you do a lot web app testing of APIs that use JSON data, you should considering using the extension Prettify JSON Then Send to Comparer. this is a productivity extension that adds a context menu action to pretty print format JSON data before sending it to the Comparer tool. this greatly increases readability of JSON data in Comparer because you're no longer comparing long single lines with the dreaded 💀 horizontal scrollbar 💀. github repo: https://github.com/0xceba/burp_prettify_json_then_send_to_comparer

#burp_suite #burp #burpsuite #pentesting #pentest #bugbounty #bugbountytips #hacking

@cR0w big wildcard fan here

how many explicit import statements from the same subpackage do you include before you switch to a wildcard import? what's your limit? :blobthinking:

Pro-tip if you are searching for anything HTML, CSS or JavaScript related: add "mdn" to your query. This Mozilla project really is a work of love, maintained by hundreds of volunteers @openwebdocs and @MDN staff and contractors. https://developer.mozilla.org/en-US/docs/Learn

I really appreciate public DNS servers that respond to ICMP messages because it helps me to troubleshoot DNS issues. and I doubly appreciate those that respond AND have convenient IP addresses

Submitted another bug report to PortSwigger for a bug that inserts Intruder markers at the wrong character positions when the request is sent from the new GraphQL message editor tab: https://forum.portswigger.net/thread/send-to-intruder-inserts-character-markers-at-incorrect-positions-when-executed-from-the-graphql-message-editor-tab-07398bc6

#burpsuite #burp

Submitted a bug report to PortSwigger for a bug that prevents us from importing project data when it includes Repeater tab groups: https://forum.portswigger.net/thread/burp-suite-s-import-project-file-feature-fails-for-projects-with-repeater-tab-groups-0863225e

#burpsuite #burp

Upgrade your SSRF, CORS & Open Redirect testing with our new URL Validation Bypass cheat sheet, containing all known techniques! https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet

if you do a lot of work from Burp Suite, you must look into my productivity extension Burp Variables: https://github.com/0xceba/burp_variables. Burp Variables extends Burp to support variables, à la other web API testing clients like Postman/Insomnia. being able to store and reuse values in requests is a huge productivity boon during API testing because it:
- gives you a single location to update ephemeral credential and token values which can be referenced across Repeater tabs.
- helps you to keep track of your identifiers and credentials which minimizes false positive findings.

#burpsuite #burp #pentesting #pentest #bugbounty #hacking

Tired of using your own tongue to test 9V batteries???
👅👅👅🔋🔋🔋 ouch!

Honored and humbled to announce my latest product: