Joel O.joelodey.hashnode.dev·Nov 17, 2024Lab: Broken brute-force protection, multiple credentials per requestLab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...Discuss·1 likePortSwigger Authentication Labswebsecurity
Bhuwan BhetwalforBhuwan Bhetwal's HandBookblog.bhuwanbhetwal.com.np·Nov 16, 2024Connecting android/emulator to your Burp suite via OpenVPNThis is a simple blog for connecting the Genymotion and the Burpsuite for Android Pentesing using OpenVPN. I use Genymotion (Google Pixel 3 — Android Version 9) and Kali Linux Let’s start the configuration. Make sure you save this two scripts. Githu...DiscussBurpsuite
Joel O.joelodey.hashnode.dev·Nov 8, 2024Lab: Exploiting XXE to perform SSRF attacksLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...Discuss·1 likePortSwigger XML external entity (XXE) injectionxxe
Bhuwan BhetwalforBhuwan Bhetwal's HandBookblog.bhuwanbhetwal.com.np·Nov 7, 2024Adding Knoxnl (KNOXSS) to BurpOpen Burp > Extensions Install Piper Go to Piper > Context menu items Click on Add Button and Enter Name as “knoxnl” In the Add menu item dialog box, enter the Name as knoxnl and change the Can handle... drop down to HTTP requests only. Change b...Discuss·58 readsKnoxnl
J3bitokjebitok.hashnode.dev·Nov 1, 2024Web Hacking: Burp Suite: The Basics (TryHackMe)In this article, I will write a write-up for Burp Suite: The Basics that covers What is Burp Suite, Features of Burp Community, Installation, The Dashboard, Navigation, Options, Introduction to the Burp Proxy, Connecting through the Proxy (FoxyProxy ...DiscussBurpsuite
kurtnettlekurtnettle.hashnode.dev·Oct 24, 2024Admir - The Great Admin Access Heist! - NRF24CTFProblem Statement In the heart of the digital world lies a powerful admin panel known as Admir—an interface that controls the core functionalities and sensitive data of a high-stakes web application. Hidden from the eyes of most, this admin panel is ...DiscussEWU NRF24 CTF (Online Preliminary Round)CTF Writeup
Bisola Adedijibeesola.hashnode.dev·Oct 9, 2024Getting Started With Portswigger Web Security AcademyPortSwigger's Web Security Academy is a free, interactive online learning platform that teaches web security through hands-on labs, designed by the creators of Burp Suite. Whether you’re a budding ethical hacker, a developer wanting to secure your co...Discusswebhacking
Aditya Uniyaladityauniyal.hashnode.dev·Oct 5, 2024Information Disclosures Lab (Fast recap)Lab1: Information disclosure in error messages It gives information about the version if we put the input parameter wrong. Lab2: Information disclosure on debug page We can just check the source code there it is mentioned about the path to a php f...Discuss#cybersecurity
Aditya Uniyaladityauniyal.hashnode.dev·Oct 4, 2024Lab: Web shell upload via Content-Type restriction bypassSolved: Method 1: set filter to see image files in burp proxy upload an image file and retrive the POST request and sent it to repeater. now from the browser click to go back to “My Account”. now retrive the GET request and send it to repeater. ...Discussfile-upload-vulnerabilites
Shubham Sutarishubh.hashnode.dev·Sep 23, 2024Burp Suite Cursor displayed offset to the right of text in high DPIWhen I try to type in the textbox of Port swigger Burp (all recent versions, 1.5.20 or latest versions), the cursor shows up at the right place, but things are inserted as if the cursor is somewhere else. It's frustrating to try to edit a payload whe...DiscussError Solution2Articles1Week
