Burp Suite 2022.9.1 released to the Early Adopter channel. Includes an upgrade to Burp's browser and various bug fixes.
portswigger.net/burp/releases/…
Last week I published a number of novel CL.0 desync techniques, alongside advice on tuning your research to outwit the competition.
Next week, a way to turn a 'medium' severity flaw into a crit with a $12k case study. And no it's not XSS :)
portswigger.net/research/how-t…
Hope you enjoyed the talk, thanks for coming! Always a pleasure to present to a @defcon crowd. Time for a couple drinks, then on to the next research for me. You can find the sides&whitepaper here: portswigger.net/research/brows…
Burp Suite 2022.8.1 released to the Stable channel, with new scan checks based on the Browser-Powered Desync Attacks presented by @albinowax at Black Hat 2022, as well as new Repeater capabilities that let you test for these vulnerabilities manually.
portswigger.net/burp/releases/…
We've prototyped a new feature in repeater where we are diffing the last response with the current and showing different colours depending on what changes. Please check it out we'd love your feedback!
portswigger.net/bappstore/902e…
We've prototyped a new feature in repeater where we are diffing the last response with the current and showing different colours depending on what changes. Please check it out we'd love your feedback!
portswigger.net/bappstore/902e…
Burp Suite 2022.7.1 released to the Stable channel. You can now configure tab-specific options for Repeater and automatically detect client-side prototype pollution sources using Burp Scanner.
portswigger.net/burp/releases/…
It's worth knowing @Burp_Suite project files are memory mapped. This means they reduce RAM consumption, but don't support garbage collection (yet) so deleting requests frees up RAM for Burp, but doesn't reduce file size. For long-term storage, use 'Project->Save copy' then zip.
How we tune @Burp_Suite's performance:
- "Proxy->Options->Misc->Don't send items to Proxy history or live tasks, if out of scope"
- Enable "Project Options->HTTP->{keep-alive,HTTP/2}"
- Disable live-tasks & extensions
Hey, Folks! Check this weekly series with Zachary Stashis called "There's a BApp for that". It shows a technical how-to-use of certain Burp Suite Plugins to help with Penetration Testing and Bug hunting.
hackredcon.com/there-s-a-bapp…#cybersecurity#pentesting#HackRedCon
54K Followers 611 FollowingGrzegorz Niedziela - a hacker who documents his hacking journey by creating and curating the best content about bug bounty and offensive security.
0 Followers 43 FollowingIt’s like solving puzzles every day
Every system is a challenge. Every vulnerability is a mystery. If you enjoy problem solving, this field never gets boring.
0 Followers 21 FollowingI'm Scott Imnott. I write under the brand Resonance of Growth because that's the only way I know how to describe what my life has been — taking the hardest, raw
3K Followers 331 FollowingCybersecurity Enthusiast | Ethical Hacker | Red Team Member at @SynackRedTeam | Exploring the digital frontier, one vulnerability at a time.
16K Followers 0 FollowingTips and tricks for Burp Suite Pro
Managed by @Agarri_FR | Not affiliated with @Portswigger
More free resources at https://t.co/MWqXmV66lr
28K Followers 628 FollowingWeb hacker and Burp Suite Pro trainer
Refer to https://t.co/D5tRH7U2hg for trainings
Follow @MasteringBurp for free tips and tricks
939 Followers 0 FollowingThis account is inactive, use the following instead:
- https://t.co/V1HC4hS2oJ
- https://t.co/8xth5l1Rn8
- https://t.co/BPuGer3Owz
7K Followers 77 FollowingFounder and Chief Swig at @PortSwigger. Creator of @Burp_Suite and @WebSecAcademy. Author of The Web Application Hacker's Handbook.
2K Followers 1K FollowingBuilding https://t.co/WAgycrQ6cK & @gethardenly
I help startups prevent cloud security breaches — without building an internal security team.