Sometimes, you want to test a functionality but it is too complex to automate it with Burp. For example, it requires a few requests or some specific transformation. Maybe, some people can do magic on Burp’s macros but I am not one of them. That’s why in these specific...
Articles by Issue
Prototype pollution in an XML-based format
Guilherme Keerok found a very interesting attack vector - prototype pollution inside an XML-based plist file. I don’t know how about you but I probably wouldn’t come up with this. When I’m thinking about prototype pollution, things that come to my mind are request...
Finding web2 bugs on NFT websites
When I think about hacking NFTs, hacking smart contracts is what comes to my mind. But it’s not necessarily the case. Zseano doesn’t know how to hack smart contracts yet but he has decided to test a few NFT websites and approach them with his extensive knowledge about...
Several critical vulnerabilities in GitHub Actions
A few issues ago, in BBRE Premium #22, in the article “Hacking GitHub actions ” I wrote “I think it’s quite a good niche to test GitHub Actions these days.” I’m happy to report that apparently I was right because in March, Cycode published an article about finding...
Burp’s Turbo Intruder
Burp’s intruder is great. But you know what is better? The Turbo intruder. If: you would like to send more requests in the same time than with the built-in intruder you are annoyed by the throttling of the community version or you simply prefer to have more control...
Burp plugin for scanning SSO authentication
OAUTHScan is a Burp extension to verify the security of OAUTHv2 and OpenID flows. It has checks for the following scenarios: Open Redirect issues on Redirect_Uri parameter Authorization Code Replay issues Leakage of secrets (i.e. Tokens, Codes) PKCE misconfigurations...
BigQuery SQL Injection Cheat Sheet
We are used to databases like MySQL, MSSQL or PostgreSQL. Probably, most of us would use sqlmap or the good-old pentestmonkey cheat sheet . But what if your target would use Google BigQuery? Then, you can check out this article from Ozgur Alp with a cheat sheet for...
Approaching small scope programs
I saw a few people on Twitter appreciating videos by GodFather Orwa about bug bounties. So I decided to take a look at the video about approaching small scope programs and I see a lot of potential in this methodology. Of course, I also created notes for you. Here they...
Blockchain learning corner #1
As a bug hunter, I can’t ignore huge bounties that are advertised for blockchain-related technologies. There are two programs paying up to $10,000,000! Of course, the reality will show if any of these actually get paid or not. Nagli said it well in this tweet : I also...
How much bounties Google paid in 2021?
Google has published the review of 2021 on its security blog. You can read how much bounties they paid out in the past year and what were the trends. The good news for us is that bug bounty keeps growing and Google’s payouts in 2021 were significantly higher than in...