J3bitokjebitok.hashnode.dev·Dec 18, 2024The Advent of Cyber: Day 12: Web timing attacks: If I can't steal their money, I'll steal their joy! (TryHackMe)In this article, we’ll cover Web Timing Attacks Attacks—If you'd like to WPA, press the star key! writeup as the Day 12 challenge of the Advent of Cyber event challenge. This is the second time I’m using Burp Suite, and I am just getting to navigate ...Burpsuite
Satvik Vemulapallianonbash.hashnode.dev·Dec 12, 2024Burpsuite The BasicsTASK 1 - Introduction Welcome to Burp Suite Basics! This particular room aims to understand the basics of the Burp Suite web application security testing framework. Our focus will revolve around the following key aspects: A thorough introduction to ...Burpsuite
Khushi TrivediforKeploy Community Blogkeploy.hashnode.dev·Dec 4, 2024Choosing the right Penetration Testing Tools for your systemOrganizations are in a sheer need to stay up to the minute and be ahead in protecting their systems and data. Penetration testing can prove to be a structured process that can mimic real-world vulnerabilities before it’s prone to any malicious exploi...4 likes·42 readsTesting
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 17, 2024Lab: Broken brute-force protection, multiple credentials per requestLab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...1 likePortSwigger Authentication Labswebsecurity
Bhuwan Bhetwalblog.bhuwanbhetwal.com.np·Nov 16, 2024Connecting android/emulator to your Burp suite via OpenVPNThis is a simple blog for connecting the Genymotion and the Burpsuite for Android Pentesing using OpenVPN. I use Genymotion (Google Pixel 3 — Android Version 9) and Kali Linux Let’s start the configuration. Make sure you save this two scripts. Githu...34 readsBurpsuite
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 8, 2024Lab: Exploiting XXE to perform SSRF attacksLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...1 likePortSwigger XML external entity (XXE) injectionxxe
Bhuwan Bhetwalblog.bhuwanbhetwal.com.np·Nov 7, 2024Adding Knoxnl (KNOXSS) to BurpOpen Burp > Extensions Install Piper Go to Piper > Context menu items Click on Add Button and Enter Name as “knoxnl” In the Add menu item dialog box, enter the Name as knoxnl and change the Can handle... drop down to HTTP requests only. Change b...66 readsKnoxnl
J3bitokjebitok.hashnode.dev·Nov 1, 2024Web Hacking: Burp Suite: The Basics (TryHackMe)In this article, I will write a write-up for Burp Suite: The Basics that covers What is Burp Suite, Features of Burp Community, Installation, The Dashboard, Navigation, Options, Introduction to the Burp Proxy, Connecting through the Proxy (FoxyProxy ...Burpsuite
kurtnettlekurtnettle.hashnode.dev·Oct 24, 2024Admir - The Great Admin Access Heist! - NRF24CTFProblem Statement In the heart of the digital world lies a powerful admin panel known as Admir—an interface that controls the core functionalities and sensitive data of a high-stakes web application. Hidden from the eyes of most, this admin panel is ...EWU NRF24 CTF (Online Preliminary Round)CTF Writeup
Bisola Adedijibeesola.hashnode.dev·Oct 9, 2024Getting Started With Portswigger Web Security AcademyPortSwigger's Web Security Academy is a free, interactive online learning platform that teaches web security through hands-on labs, designed by the creators of Burp Suite. Whether you’re a budding ethical hacker, a developer wanting to secure your co...webhacking
