Burp Extensions 二次创作
Modifying and Building Burp Extensions 一文以 collaborator-everywhere 为例, 讲述了如何修改现成的 burp extension 来满足自身需要.…
Burp Plugin - Autorize
Autorize is an automatic authorization enforcement detection extension for Burp Suite. Ref: Github…
Brida: Advanced Mobile Application Penetration Testing with Frida
Watch on YouTUbe NIN: 讲座是意大利文, 基本上是读 PPT,无 Demo, 可忽略. Slide: PDF (Mirror) 分析 traffic时的各种难度系数: Level 1: 完全没加密. 此时连 certificate 也不用安装 Level 2: HTTPs. 安装 Burp certificate Level 3: SSL + Certitifcate Pinning. 此时需要 SSL KillSwitch 2等的帮助 Level 4: SSL + Certitifcate Pinning + POST data被AES加密. 此时需要知道加密的 Key Level 5: SSL + Certitifcate Pinning…
Static JS Analysis with Burp
Static JavaScript analysis with Burp 一文介绍了如何利用 Burp 做静态代码分析. 基本思路就是在本地创建个 web server, 然后利用 Burp 的 static analysis 功能, passive scanning 通过的 traffic. Ref Static JavaScript analysis with Burp…
Path Traversal with Burp
下载 FuzzDB Payload Go to Intruder - Add from list Go to Intruder - Payload Processing…
Better manual web application testing through automation Brian Mead
基本上整个演讲就看Burp Macro Demo那部分就足够了。 YouTube不清楚,联系作者拿了清晰版Slide。 Watch on [YouTube](https://youtu.be/itvfFybNAcg) Ref Automating Web Apps Input fuzzing via Burp Macros - SecureLayer7 - 有图有步骤…
BurpSmartBuster
Watch on YouTube Slide Github - BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!…
Burp Collaborator
Burp Collaborator使用 在 Burp 打开 Burp - Burp Collaborator Client 点击 Copy to clipboard, 你会获得一个如 xxxx.burpcollaborator.net 的 URL 在 Xss页面 将URL填入payload Example https://liveoverflow.com/php/angularjs/angular1.5.8.php 是一个测试 Angular 1.5.8的 xss 的页面. Payload {{a=toString().constructor.prototype;a.charAt=a.trim;$eval(…
SAML Security
1. Sprint Security SAML Demo Tutorial: Spring Security SAML | Okta Developer 1.1 Install Tomcat brew install tomcat vim /usr/local/Cellar/tomcat/<version>/libexec/conf/tomcat-users.xml <role rolename="manager-gui"/> <user username="tomcat" password="password" roles="manager-gui&…