年夜飯吃太飽... #burp 🐸

Me, pretty much every week using Burp Suite for years: It would be great to have a Burp internal task manager to figure out what is burning a full CPU while no requests are going through it.
Meanwhile Burp devs: AI! AI! AI! AI!

#burp #burpsuite

It was a burp of such magnitude! The burp that launched a thousand laughs! The burp heard around the world!

#burp #laugh

Пентест сетевых протоколов и Wi-Fi и защита. 3 полезных совета.

#pentest #scan #waybackMachine #burp

- Обнаружить скрытые эндпоинты и параметры через Wayback Machine + автокраулинг: найти старые версии страниц, API-эндпоинты, бэкапы и забытые параметры.

```sh
waybackurls https://target.example.com | grep "?" | sort -u | tee params.txt
gf xss params.txt | anew potential_xss.txt # httpx + nuclei для проверки
```

- Автопроверка IDOR/BOLA с заменой параметров в Burp Suite: перехват запросов, смена ID/токенов на значения из других аккаунтов и проверка доступа.

- Burp: Send to Intruder → Positions на ID/user_id → Payloads: список ID из reconnaissance → Attack (Sniper) → Сортировка по Length/Status - поиск различий.

- Поиск уязвимостей в JS-файлах + извлечение секретов: парсинг JavaScript на эндпоинты, секреты (API-ключи, токены) и потенциальные XSS/SSTI.

```sh
cat app.js | jsluice urls | sort -u
cat app.js | secretfinder -reg "AKIA[0-9A-Z]{16}" # LinkFinder + grep
```

JS Analyzer : a powerful #Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering.
https://github.com/jenish-sojitra/JSAnalyzer

JS Analyzer : a powerful #Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering.
https://github.com/jenish-sojitra/JSAnalyzer

JS Analyzer : a powerful #Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering.
https://github.com/jenish-sojitra/JSAnalyzer

Burp....

#burp

"And just like that, the mood changed, for the man had burped. He had burped his last burp. He had burped it so loud that the entire universe resonated at the sound of it."

#burp

Looking for a Christmas gift for yourself? #burp #training #2026 There’s 9 seats left for the English-speaking session, and 5 for the French-speaking one

RE: https://bsky.app/profile/did:plc:d7poh4tbrcxpfhouwkemcelp/post/3m6elrqmexc2s

Хватит страдать в токсичных отношениях с Burp Suite. Пора быть счастливым с Caido

Burp Suite убедил вас, что настоящий инструмент должен быть тяжёлым, капризным и заставлять подстраиваться под себя. Caido доказал обратное: тот же уровень функциональности, но без боли, без ожидания и без лишних гигабайт. Всё просто работает - быстро, стабильно и без нервов. Страдать было необязательно. Пора наконец выдохнуть и работать с удовольствием. Узнать, как жить счастливо без Burp Suite

https://habr.com/ru/articles/967644/

#Caido #багхантинг #bugbounty #burp #slonser

My phone burped! :madjoy:

I think it was notifying me that my bf had sent me a message on Signal. As it was starting to play the notification's sound, it realized I had seen all the messages on my desktop instance of Signal, and decided to stop playing. So I heard only the first note of the notification.

#CellPhone #burp #notifications #Signal

this is your reminder that if you're using Burp for web app testing, you should be using an extension that lets you use variables in your outgoing requests. variables functionality gives you a single place to update credential, token, and identifier values which improves productivity and reduces false positives. there are a few extensions that provide this functionality and I recommend my extension, Burp Variables, which is purpose-built for it: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking