Burp Suite

Burp Scanner

Active scan

Right-click on a request and select "Do active scan", Burp Scanner will use its default configuration to audit only this request.

---

Scan selected insertion point

Highlight the insertion point, right-click, and select "Scan selected insertion point" to focus on the input of interest and avoid unnecessary content.

---

Scan manual insertion point extension

Highlight a character sequence, usually a parameter value, and select Extensions > "Scan manual insertion point".

Broken Access Control

• Multi-Account Containers (extension) It create a separate browser environment for each account you are testing

• Autorize (burp extension)

  • Automatically repeats every request with the session of the low privileged user

PwnFox

PwnFox provide useful tools for your security audit

• Single click BurpProxy

• Containers Profiles (it will automatically add a X-PwnFox-Color header to hightlight the query in Burp)

• Other: https://github.com/yeswehack/PwnFox

Out of band vulnerabilities

Many companies filtering and block outbound traffic to the default collaborator domain.

• webhook.site Webhook.site generates a free, unique URL and e-mail address and lets you see everything that’s sent there instantly.

Logger ++ filters: Top 25 Parameters

• Vulnerabilities (Cross-Site Scripting, Server-Side Request Forgery, Local File Inclusion, SQL Injection, Remote Code Execution, Open Redirect)

• https://owasp.org/www-project-top-25-parameters/

• https://github.com/lutfumertceylan/top25-parameter/tree/master