Burp Extensions 二次创作

Modifying and Building Burp Extensions 一文以 collaborator-everywhere 为例, 讲述了如何修改现成的 burp extension 来满足自身需要.…

Burp Plugin - Autorize

Autorize is an automatic authorization enforcement detection extension for Burp Suite. Ref: Github…

Brida: Advanced Mobile Application Penetration Testing with Frida

Watch on YouTUbe NIN: 讲座是意大利文, 基本上是读 PPT,无 Demo, 可忽略. Slide: PDF (Mirror) 分析 traffic时的各种难度系数: Level 1: 完全没加密. 此时连 certificate 也不用安装 Level 2: HTTPs. 安装 Burp certificate Level 3: SSL + Certitifcate Pinning. 此时需要 SSL KillSwitch 2等的帮助 Level 4: SSL + Certitifcate Pinning + POST data被AES加密. 此时需要知道加密的 Key Level 5: SSL + Certitifcate Pinning…

Static JS Analysis with Burp

Static JavaScript analysis with Burp 一文介绍了如何利用 Burp 做静态代码分析. 基本思路就是在本地创建个 web server, 然后利用 Burp 的 static analysis 功能, passive scanning 通过的 traffic. Ref Static JavaScript analysis with Burp…

BurpSmartBuster

Watch on YouTube Slide Github - BurpSmartBuster - A Burp Suite content discovery plugin that add the smart into the Buster!…

Burp Collaborator

Burp Collaborator使用 在 Burp 打开 Burp - Burp Collaborator Client 点击 Copy to clipboard, 你会获得一个如 xxxx.burpcollaborator.net 的 URL 在 Xss页面 将URL填入payload Example https://liveoverflow.com/php/angularjs/angular1.5.8.php 是一个测试 Angular 1.5.8的 xss 的页面. Payload {{a=toString().constructor.prototype;a.charAt=a.trim;$eval(…

SAML Security

1. Sprint Security SAML Demo Tutorial: Spring Security SAML | Okta Developer 1.1 Install Tomcat brew install tomcat vim /usr/local/Cellar/tomcat/<version>/libexec/conf/tomcat-users.xml <role rolename="manager-gui"/> <user username="tomcat" password="password" roles="manager-gui&…