Using Burp Suite to bypass anti-CSRF protections with the built-in Session Handling and Macro recorder.…
All posts in burpsuite
Quick blog post to offer instructions on how to add a Burp Suite CA certificate to the Kali Linux CA Store.…
My thoughts on eLearnSecurity's Web App Penetration Testing course.…
Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including A new crawler, able to automatically handle sessions, detect changes in application state, crawl with multiple logins, and deal with volatile content.…
Utilizing an unrestricted file upload vulnerability with Microsoft Docx files to exploit web applications with Cross-Site Scripting (XSS).…
In today's post we will be talking about the Juice Shop walkthrough part two, and walking through the two star challenges. The screenshot below is from the scoreboard we found in part one. The first challenge is to access someone else's basket. The first step is to access our own basket to under more clearly how the authorization process is handled. For this challenge fire up your BurpSuite interception proxy, and set it to intercept before clicking on Your Basket. The screenshot below shows the request being caught by BurpSuite. Before forwarding the request try simply changing the /rest/basket/…
This post will contain screenshots for all of the 1 star challenges of the OWASP Juice Shop which was covered in a previous post. Just as a reminder the Juice Shop web application relies upon HTML5 web storage to store a cookie with current progress. If you attempt to access the Juice Shop from a different host machine or different browser you might not have your progress saved. However, if you were to restart the host machine or restart the remote server hosting the application your stored cookie will refresh your progress. The first real (albeit easier challenge) is really…
Intro to connecting BurpSuite with ELK stack.…