burp suite pro
play

Burp Suite Pro Real-life tips & tricks Nicolas Grgoire Me - PowerPoint PPT Presentation

Mar 09, 2023 •249 likes •1.3k views

Burp Suite Pro Real-life tips & tricks Nicolas Grgoire Me & Myself Founder & owner of Agarri Lot of Web PenTesting NOT affiliated with PortSwigger Ltd Using Burp Suite for years And others proxies before Yes, I'm that old...

  1. Developers tools Mobile browsers miss some common features Like no built-in developers tools I don't care, except when looking for XSS

  2. Developers tools Let's include Firebug Lite in every response “startOpened=true” is your friend

  3. Developers tools This seems to be a good idea But Firebug itself contains the “</head>” string

  4. Developers tools http://www.agarri.fr/docs/JavaScriptInjector.py Also works with BeEF and autpwn during a MITM!

  5. Developers tools

  6. Overview Data visualization GUI navigation Managing state Common tasks Intruder payloads Mobile applications Extensions Macros

  7. Extensions As an user As a developer

  8. Resources Repositories http://www.burpextensions.com/Extensions/ https://github.com/Meatballs1/burp-extensions Online documentation http://portswigger.net/burp/help/extender.html http://www.burpextensions.com/category/tutorials/ Forum http://forum.portswigger.net/board/2/burp-extensions Blog (+ samples) http://blog.portswigger.net/search/label/burp%20extender

  9. May be useful Format specific JSON, JS, Protobuf, AMF, Serialized Java, WSDL, WCF External tools Google hacks, nmap, sqlmap, w3af, curl Misc Custom Logger, Burp Notes, Proxy Color, Referrer Checker My own JavaScript Injector, HTTP Traceroute, DomXssRegexp

  10. Detect reverse-proxies

  11. Generate from WSDL

  12. Take notes

  13. Takes notes

  14. As a developer Choose your language Quick reload Debugging

  15. Language Java Provides the best integration with Burp internals Python My personal choice But Python != Jython Ruby Same drawbacks than Python

  16. Python vs. Java API Java API ApplyMarkers( IHttpRequestResponse httpRequestResponse, java.util.List<int[]> requestMarkers, java.util.List<int[]> responseMarkers) Python code markers = [] for n in non_overloapping: markers.append(array.array('i', [offset + n[0], offset + n[1]])) marked_message = self._callbacks.applyMarkers(message, None, markers)

  17. Quick reload Use Ctrl-Click to quickly reload an extension

  18. Debugging Custom Logger captures everything http://blog.portswigger.net/2012/12/sample-burp-suite-extension-custom.html

  19. Overview Data visualization GUI navigation Managing state Common tasks Intruder payloads Mobile applications Extensions Macros

  20. Target & Goal Target application requires authentication Sessions are very short-lived You want to work “as usual” Manual tools: Repeater, ... Automated tools: Intruder, Scanner, ...

Recommend

Burp Suite and Beyond Automated Scanning vs Manual Tes;ng

Burp Suite and Beyond Automated Scanning vs Manual Tes;ng

Adding Value to Automated Web Scans Burp Suite and Beyond Automated Scanning vs Manual Tes;ng Manual Tes;ng Tools/Suites At MSU -

837 views • 22 slides
Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite

Htel Splendide Royal Junior Suite Junior Suite Junior Suite Suite Suite Suite Suite Suite 12 spacious Suites Junior Suite: 45m 2 Suite: 65m 2 Apartment Suite: 110m 2 Fine Italian Cuisine Renowned Chef Vito Grippa

498 views • 18 slides
BurpSentinel Burp Extension Dobin Rutishauser Compass Security Schweiz AG bsidesvienna 2014

BurpSentinel Burp Extension Dobin Rutishauser Compass Security Schweiz AG bsidesvienna 2014

BurpSentinel Burp Extension Dobin Rutishauser Compass Security Schweiz AG bsidesvienna 2014 Version 0.4, 2014 Intro Uhm, welcome to bsides i guess? Glad you could make it this early! I hope everyone had his/her coffee Or wine

1.47k views • 128 slides
15+ Years 100+ Countries 60,000+ Businesses Vembu BDR Suite Vembu BDR Suite is a portfolio of

15+ Years 100+ Countries 60,000+ Businesses Vembu BDR Suite Vembu BDR Suite is a portfolio of

15+ Years 100+ Countries 60,000+ Businesses Vembu BDR Suite Vembu BDR Suite is a portfolio of products designed to backup multiple environments from virtual to physical to cloud while addressing diverse and advanced use cases VMware Hyper-V

328 views • 21 slides
1 CONTENTS 1 4 Introduction Room &amp; Suite 7 Deluxe, Premium, Executive 8 M Suite 9 Other

1 CONTENTS 1 4 Introduction Room &amp; Suite 7 Deluxe, Premium, Executive 8 M Suite 9 Other

1 CONTENTS 1 4 Introduction Room &amp; Suite 7 Deluxe, Premium, Executive 8 M Suite 9 Other Suites 10 M Club 2 5 Location Restaurants and Bars 11 Praya Kitchen 1 Hotel Map 12 Yo Restaurant 2 Local Attractions 13 Yo Rooftop Bar

1.48k views • 35 slides
Open House Presentation March 17 and 20, 2018 Overview What is a Garden Suite? The Garden

Open House Presentation March 17 and 20, 2018 Overview What is a Garden Suite? The Garden

Open House Presentation March 17 and 20, 2018 Overview What is a Garden Suite? The Garden Suite Study Timeline Key Issues Public Engagement How to Provide Input What is a Garden Suite? A Garden Suite is a small detached

253 views • 10 slides
Philips Oncology Solution - Onco Suite Onco suite Critical insights for superior care in IO

Philips Oncology Solution - Onco Suite Onco suite Critical insights for superior care in IO

Philips Oncology Solution - Onco Suite Onco suite Critical insights for superior care in IO Onco suite provides tools for successful intervention and removes the barriers to safer, effective, and reproducible treatments with groundbreaking

382 views • 5 slides
Building websites with the KB-Suite Carl Alex Friis Nielsen The Royal Library Presentation

Building websites with the KB-Suite Carl Alex Friis Nielsen The Royal Library Presentation

Building websites with the KB-Suite Carl Alex Friis Nielsen The Royal Library Presentation Overview What is the KB-Suite ? The Component Concept Using Components Other KB suite stuff Questions 2/30 What is the KB-Suite ?

791 views • 30 slides
What are these tools? Google suite and Office 365 suite are both: Integrated suites of secure,

What are these tools? Google suite and Office 365 suite are both: Integrated suites of secure,

What are these tools? Google suite and Office 365 suite are both: Integrated suites of secure, cloud-native collaboration and productivity apps allowing your users to communicate with the public. Huh? Cloud=All data is stored in servers on

229 views • 6 slides
PSAT 8/9 The PSAT 8/9 is part SAT Suite of Assessments of the SAT Suite of Assessments PSAT

PSAT 8/9 The PSAT 8/9 is part SAT Suite of Assessments of the SAT Suite of Assessments PSAT

PSAT 8/9 The PSAT 8/9 is part SAT Suite of Assessments of the SAT Suite of Assessments PSAT 8/9 SAT PSAT/NMSQT PSAT 10 1 Benefits Tests you on content that is proven to be the most important for college &amp; career readiness

511 views • 14 slides
SMS switching and billing suite Break through your data SMS switching and billing suite

SMS switching and billing suite Break through your data SMS switching and billing suite

SMS switching and billing suite Break through your data SMS switching and billing suite components SMS switch - a stable and robust platform fully SMS switch developed by 5g Future 5g Future, no opensource code used. Dynamic or static

126 views • 11 slides
GARDEN SUITE STUDY The purpose of this open house is to introduce the Garden Suite Study and to

GARDEN SUITE STUDY The purpose of this open house is to introduce the Garden Suite Study and to

GARDEN SUITE STUDY The purpose of this open house is to introduce the Garden Suite Study and to give you an opportunity to tell us your thoughts about garden suites in Saanich. How to provide feedback: 1. Write your comments on sticky notes and

404 views • 16 slides
More than just a custody suite Engagement Screening Vaccination Health promotion Education

More than just a custody suite Engagement Screening Vaccination Health promotion Education

D R J E N L O W , N H S G R A M P I A N A hub in action Kittybrewster Custody Suite Community Justice Hub Captive audience Opportunities Health Social care Education More than just a custody suite Engagement Screening

275 views • 11 slides
Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internet Protocol Suite: Transport Internet Protocol Suite: Transport TCP: Transmission Control Protocol Byte stream transfer Internet Protocol Suite Internet Protocol Suite Reliable, connection-oriented service Point-to-point

374 views • 3 slides
Client Presentation What You Need To Know Product Suite Search Engine Optimization: The

Client Presentation What You Need To Know Product Suite Search Engine Optimization: The

Client Presentation What You Need To Know Product Suite Search Engine Optimization: The Targeted Banner Advertising: C process of getting traffic from the Suite Targeting Display solutions are designed specifically to target

388 views • 15 slides
M/Y CHRISTINA O 99.06m, Canadian Vickers Jacuzzi Onassis Suite Onassis Suite Beauty Room &amp;

M/Y CHRISTINA O 99.06m, Canadian Vickers Jacuzzi Onassis Suite Onassis Suite Beauty Room &amp;

M/Y CHRISTINA O 99.06m, Canadian Vickers Jacuzzi Onassis Suite Onassis Suite Beauty Room &amp; Gym Staircase Lapis Lounge Show Lounge Aris Bar Dining Table Piano Lounge

312 views • 13 slides
VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite

VoIP switching and billing suite Break through your data VoIP switching and billing suite components VoIP switch - SIP softswitch based on VoIP switch Opensips significantly re-developed by 5g 5g Future. Future Dynamic or static routing - a

156 views • 11 slides
Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite Word processor - Writer Spreadsheet - Calc Presentation - Impress Page 2 OpenOffice.org A complete office suite www.openoffice.org

239 views • 19 slides
A Sweet Test Suite DrupalCamp Atlanta | A Sweet Test Suite | Dan Gurin | @dgurin | @CIVICACTIONS

A Sweet Test Suite DrupalCamp Atlanta | A Sweet Test Suite | Dan Gurin | @dgurin | @CIVICACTIONS

A Sweet Test Suite DrupalCamp Atlanta | A Sweet Test Suite | Dan Gurin | @dgurin | @CIVICACTIONS A Sweet Test Sweet Dan Gurin Engineer @CivicActions Drupal Camp Asheville Organizer Twitter @dgurin dangur on github, LinkedIn, www, Slack...

757 views • 52 slides
Leveraging IPDAEs Matrix Instructional Suite to Improve Outcomes www.floridaipdae.org This

Leveraging IPDAEs Matrix Instructional Suite to Improve Outcomes www.floridaipdae.org This

Session IX: Matrix Suite Presentation 2019 ACE Summer Symposium INSTITUTE FOR THE PROFESSIONAL DEVELOPMENT OF ADULT EDUCATORS Leveraging IPDAEs Matrix Instructional Suite to Improve Outcomes www.floridaipdae.org This training event is

431 views • 24 slides
Retail Condo Suite For Sale or Lease Culebra Square Shopping Center 9262 Culebra Rd. , Suite 104

Retail Condo Suite For Sale or Lease Culebra Square Shopping Center 9262 Culebra Rd. , Suite 104

Retail Condo Suite For Sale or Lease Culebra Square Shopping Center 9262 Culebra Rd. , Suite 104 San Antonio, Texas 78251 Location: Located in NW San Antonio on Culebra Rd. near the Culebra Rd./Tezel Rd./Grissom Rd. intersection in the Culebra

209 views • 5 slides
First Things First Presentation of results January 10, 2013 www.EMCresearch.com Tom Patras,

First Things First Presentation of results January 10, 2013 www.EMCresearch.com Tom Patras,

Arizona Statewide Survey Conducted for: First Things First Presentation of results January 10, 2013 www.EMCresearch.com Tom Patras, Ruth Bernstein 436 14 th Street, Suite 820 4041 N. High Street, Suite 300M 720 Third Avenue, Suite 1110

728 views • 28 slides
The 39 th Quarterly C-Suite Survey: Infrastructure &amp; The Future for Canadas Industrial

The 39 th Quarterly C-Suite Survey: Infrastructure &amp; The Future for Canadas Industrial

The 39 th Quarterly C-Suite Survey: Infrastructure &amp; The Future for Canadas Industrial Sectors June 22, 2015 Sponsored by: Published and broadcast by: Introduction This is the 39 th edition of the C-Suite Quarterly Survey The

619 views • 38 slides
Findings From A Nationwide Survey of 800 Likely Voters 1726 M St., NW 201 N. Union Street Suite

Findings From A Nationwide Survey of 800 Likely Voters 1726 M St., NW 201 N. Union Street Suite

Findings From A Nationwide Survey of 800 Likely Voters 1726 M St., NW 201 N. Union Street Suite 500 Suite 410 Washington, DC 20036 Alexandria, VA 22314 Phone: 202-776-9066 Phone: 703-684-6688 Fax: 202-776-9074 Fax: 703-836-8256 A

278 views • 16 slides

More recommend