Burp Suite

Burp Scanner

Active scan

Right-click on a request and select "Do active scan", Burp Scanner will use its default configuration to audit only this request.

Scan selected insertion point

Highlight the insertion point, right-click, and select "Scan selected insertion point" to focus on the input of interest and avoid unnecessary content.

Scan manual insertion point extension

Highlight a character sequence, usually a parameter value, and select Extensions > "Scan manual insertion point".

Broken Access Control

  • Multi-Account Containers (extension) It create a separate browser environment for each account you are testing

  • Autorize (burp extension)

    • Automatically repeats every request with the session of the low privileged user

PwnFox

PwnFox provide useful tools for your security audit

  • Single click BurpProxy

  • Containers Profiles (it will automatically add a X-PwnFox-Color header to hightlight the query in Burp)

  • Other: https://github.com/yeswehack/PwnFox

Out of band vulnerabilities

Many companies filtering and block outbound traffic to the default collaborator domain.

  • webhook.site Webhook.site generates a free, unique URL and e-mail address and lets you see everything that’s sent there instantly.

Logger ++ filters: Top 25 Parameters

  • Vulnerabilities (Cross-Site Scripting, Server-Side Request Forgery, Local File Inclusion, SQL Injection, Remote Code Execution, Open Redirect)

  • https://owasp.org/www-project-top-25-parameters/

  • https://github.com/lutfumertceylan/top25-parameter/tree/master

Last updated