Burp

Turbo intruder is a great addition to Burp. I wrote more about it here . Unlike the normal intruder, you control it using Python code. Turns out that from this code, you have access to Burp’s plugin API. Thus, you can also add new requests to the intruder queue from...

Have you ever thought about writing a Burp Suite extension? I certainly have but never really got to do that. Parsia Hakimian, a senior security engineer from Electronic Arts, whose $15k bug was also featured on the channel ($15,000 Playstation Now RCE via insecure...

Since I saw someone using Burp macros, I've felt like it's a powerful feature that I've only used once or twice during my work. Thankfully, Akshita Gupta has written a whole article about it from which you can learn: what are burp macros how you can use it...

I've prepared for you 10 tricks you can use in Burp's repeater tool. Those cover only built-in functionalities. Extensions will be covered sometime in the future. Let's get to it! CTRL+space First and foremost, don't use the bloody mouse to send the...

If during the passive scan you mark learn observed words setting, you will have the observedWords wordlist available to you in the Turbo Intruder. It's a dynamic list of words that Burp sees in your target. You can access it by wordlists.observedWords....

Burp Collaborator is an awesome tool and I probably don’t need to tell you that. However, there are a few problems with using the Portswigger’s server: Disclosing sensitive information to 3rd party company. Depending on what you hack, it may or may not be a problem....

I don’t know since when there is the feature in Burp of comparing sitemaps but I only heard about it recently. You can compare the sitemap from your between Burp’s projects. I think for this purpose, it would be good to save Burp’s project in a separate file once in a...