Turbo intruder is a great addition to Burp. I wrote more about it here . Unlike the normal intruder, you control it using Python code. Turns out that from this code, you have access to Burp’s plugin API. Thus, you can also add new requests to the intruder queue from...
#30
Web3 learning corner #5 – more CTFs and some real smart contracts
In the last two issues, there was no web3 learning corner. It’s simply because last weeks I was working on BBRE Premium, the new website, marketing and so on. There were a lot of boring tasks which I usually do outside my normal working schedule. I don’t do things...
Confluence Blind OGNL Injection
The CVE 2022-26134 is all over my Twitter feed. Here’s the best analysis that I’ve seen, by HTTPVoid https://twitter.com/httpvoid0x2f/status/1532924231054499840
How do I deal with the impostor syndrome?
I understand the impostor syndrome as the feeling that you are not good enough to be where you are and if people around wound find that out, you would be in trouble. It’s one of the regular questions asked by NahamSec in his live recon interviews. The vast majority of...
NahamSec talks are on YouTube
Talks from NahamCon were published on YouTube. Here’s the whole playlist: https://www.youtube.com/playlist?list=PLKAaMVNxvLmAcY4n3an_SPwpfseHzZ6Yo Here’s my talk. You can watch it to understand debugging - my favourite methodology for testing open-source targets...
CSRFs and preflight requests
For me, client-side bugs were harder to understand than server-side bugs. For example, if you are exploiting an SQL injection, the case is simple. There’s: your burp/terminal the server that you are attacking. With client-side bugs, there’s: your burp/terminal your...
Exploiting XSS without Content-Type header
Last week, on a private bug bounty program, I stumbled upon a server that responded with something like this: However, no alert popped up. The reason is that there’s no text/html Content-Type header. In fact, there’s no Content-Type header at all. It was an API...
How to actually find a DNS rebinding SSRF?
DNS rebinding is an SSRF technique that I’ve known for a long time. My very first YouTube video covers it. It’s not that complicated… in theory. But a few weeks ago I was finally able to exploit SSRF via DNS rebinding on a private bug bounty program. There were some...