Turbo intruder is a great addition to Burp. I wrote more about it here . Unlike the normal intruder, you control it using Python code. Turns out that from this code, you have access to Burp’s plugin API. Thus, you can also add new requests to the intruder queue from...
Articles by Issue
Web3 learning corner #5 – more CTFs and some real smart contracts
In the last two issues, there was no web3 learning corner. It’s simply because last weeks I was working on BBRE Premium, the new website, marketing and so on. There were a lot of boring tasks which I usually do outside my normal working schedule. I don’t do things...
Confluence Blind OGNL Injection
The CVE 2022-26134 is all over my Twitter feed. Here’s the best analysis that I’ve seen, by HTTPVoid https://twitter.com/httpvoid0x2f/status/1532924231054499840
How do I deal with the impostor syndrome?
I understand the impostor syndrome as the feeling that you are not good enough to be where you are and if people around wound find that out, you would be in trouble. It’s one of the regular questions asked by NahamSec in his live recon interviews. The vast majority of...
NahamSec talks are on YouTube
Talks from NahamCon were published on YouTube. Here’s the whole playlist: https://www.youtube.com/playlist?list=PLKAaMVNxvLmAcY4n3an_SPwpfseHzZ6Yo Here’s my talk. You can watch it to understand debugging - my favourite methodology for testing open-source targets...
CSRFs and preflight requests
For me, client-side bugs were harder to understand than server-side bugs. For example, if you are exploiting an SQL injection, the case is simple. There’s: your burp/terminal the server that you are attacking. With client-side bugs, there’s: your burp/terminal your...
Exploiting XSS without Content-Type header
Last week, on a private bug bounty program, I stumbled upon a server that responded with something like this: However, no alert popped up. The reason is that there’s no text/html Content-Type header. In fact, there’s no Content-Type header at all. It was an API...
How to actually find a DNS rebinding SSRF?
DNS rebinding is an SSRF technique that I’ve known for a long time. My very first YouTube video covers it. It’s not that complicated… in theory. But a few weeks ago I was finally able to exploit SSRF via DNS rebinding on a private bug bounty program. There were some...
A tool to find bugs in WordPress plugins
As many of you already know, recently, I migrated BBRE Premium to a new platform that runs on WordPress. The way problems are solved here is by installing more plugins. And then even more. And I am very interested in their security. One day, I just took a quick look...
Java’s fantastic URL class
Do you think these URLs are equal to each other? I also would say they are not but Java has a different opinion on it. Turns out that for Java’s URL class, two URLs are equal if they are resolved to the same IP addresses. This just sounds soo bad. As per replies under...