kuketzblog, 10 days ago to android German

Meine Beobachtungen zeigen, dass Certificate-Pinning bei Apps nicht immer als Schutzmechanismus eingesetzt wird, sondern häufig dazu dient, rechtlich fragwürdige Praktiken und (kalkulierte) Datenschutzverstöße zu verschleiern. Auszug aus dem demnächst erscheinenden Artikel »In den Datenstrom eintauchen: Ein Werkzeugkasten für Tester von Android-Apps«.

#android #apps #daten #dsgvo #ttdsg #datenmitschnitt #mitm #mitmproxy #burpsuite #frida #objection

nono2357, 4 months ago to web

FlowMate: #BurpSuite #extension that brings #taint #analysis to #web applications
https://securityonline.info/flowmate-burpsuite-extension-that-brings-taint-analysis-to-web-applications/

hnsec, 5 months ago to Blog

As we wrap up 2023, let's take a look back at the different topics we covered in our technical #blog this year.

Our #VulnerabilityResearch series expanded with some new writeups and coordinated disclosure advisories. We also provided practical advice and tooling to aid security researchers in effective #CodeReview using #Semgrep. There’s more in store on this topic: stay tuned for the latest updates.

Exploring various aspects of #OffensiveSecurity, we shared tools and methodologies for #RedTeaming, #WebPentesting, and #MobilePentesting. Don’t miss our popular series on customizing the #Sliver adversary emulation framework and extending #BurpSuite.

As we look forward to another year of research and community sharing, we wish you all happy holidays... and happy hacking!

https://security.humanativaspa.it/

silentsignal, 7 months ago to random

Burp Git Version allows you to fingerprint the exact versions of open-source components of your target webapps by comparing the Git repository with some of the deployed static artifacts.

We now added a README to support wider adoption :)

https://github.com/silentsignal/burp-git-version

#Burp #BurpSuite

doyensec, 8 months ago to security

Announcing the release of ProtoBurp++ (our fork of ProtoBurp)! ProtoBurp++ is a #burpsuite extension that enables #security researchers to encode/decode and fuzz custom Protobuf messages. It allows for fuzzing inputs using Burp's Repeater, Intruder tools and Active Scanner, as well as proxying traffic from other tools (e.g., sqlmap). Check it out today!

#doyensec #appsec #websecurity #bugbountytips

https://github.com/doyensec/protoburp

floyd, 8 months ago to random

holy moly, certain API methods just vanished from the #burpsuite Montoya API and trying to compile my extension now throws errors (it compiled fine a couple of days ago)...

One of them is the one I complained about on https://chaos.social/@floyd/110910807891222550

doyensec, 9 months ago to Kotlin

Announcing the launch of InQL 5.x! Our open source #burpsuite extension for pentesting #graphql applications has just gotten even better! We've added several new features to streamline your testing workflows, that we think you'll find useful.

To improve stability and performance, we've started a complete re-write in #kotlin and welcome contributions from the #opensource software community.

Learn more about it in our latest blog post and check it out today!

https://blog.doyensec.com/2023/08/17/inql-v5.html

#doyensec #appsec #opensourcesoftware #pentesting

raptor, 10 months ago to random

We just published on the @hnsec blog the first 2 articles of a new series on creating #extensions for #burpsuite named "Extending Burp Suite for fun and profit - The Montoya way", by @apps3c.

Topics: setting up the environment, Hello World, and inspecting/tampering HTTP requests.

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-1/

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-2/

hnsec, 10 months ago to random

We just published on the @hnsec blog the first 2 articles of a new series on creating #extensions for #burpsuite named "Extending Burp Suite for fun and profit - The Montoya way", by @apps3c.

Topics: setting up the environment, Hello World, and inspecting/tampering HTTP requests.

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-1/

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-2/

We hope you'll enjoy them, there's more to come in the future!

raptor, 10 months ago to random

Announcing a new upcoming series by @apps3c on the @hnsec blog!

This one is about creating #burpsuite extensions with the new API.

Stay tuned to https://security.humanativaspa.it

kpwn, 11 months ago to infosec

🚨 Web App Pentesters 🚨

PortSwigger has just released Burp Suite Professional v2023.6 (Early Adopter).

A completely new feature are so-called #BChecks!

These are custom checks that Burp Scanner runs in addition to its built-in scanning routine.

Here is an official repository with examples: https://github.com/PortSwigger/BChecks/tree/main

This will greatly increase your efficiency!

Edit: Forgot hashtags for reach due to excitement LOL

#Pentesting #InfoSec #CyberSec #BugBounty #BurpSuite

taeluralexis, 1 year ago to infosec

#100DaysOfHacking I'm going over the SSRF challenges again on Portswigger so I can screenshot for my next blog post on SSRF and I feel so much more confident going over them. It helps that I take notes for sure lol

#infosec #burpsuite #ssrf #cybersecurity #learning #study