Burp Suite Tips and Tricks

• https://twitter.com/jon_bottarini/status/1140700782343278592 - Match and Replace

  • https://twitter.com/intigriti/status/1192103070072741894 - Additonal

  • How was i able to access a disabled/hidden feature with the help of burpsuite match and replace feature #bugbountytip #bugbountyGetting access to disabled/hidden features with the help of Burp Match and ReplaceA few months ago, During my bug bounty hunting, I came across a Company that lets other developers create API documentation similar to…medium.com

• https://twitter.com/Regala_/status/1032563800405360640 - Find Refernces

• Favourite Plugins - https://twitter.com/intigriti/status/1093128957921251328

• https://twitter.com/trimstray/status/1088019484118528000

• Burp Hacks - https://www.youtube.com/watch?v=boHIjDHGmIo

• https://twitter.com/trimstray/status/1068095885026955264

• https://portswigger.net/research/adapting-burp-extensions-for-tailored-pentesting

• https://twitter.com/Gamliel_InfoSec/status/1162126101868679173 -If you see piece of junk information in the Request/Response body, don't forget gonna Proxy > Options tab and "Unpack gzip/deflate in Resp/Req" (by default they aren't marked).

• https://twitter.com/ranjit_pahan/status/1126191087331053568

• Favourite plugins - https://twitter.com/nnwakelam/status/1162453221027307525

• https://twitter.com/gwendallecoguic/status/1138383809106391040 - Burp Collaborator

• https://parsiya.net/blog/2019-10-13-quality-of-life-tips-and-tricks-burp-suite/

• https://twitter.com/Dinosn/status/1212706039553908737

• https://twitter.com/Agarri_FR/status/1217148102366388226

• https://twitter.com/fs0c131y/status/1221717980322631681 - Favourite Extensions

• https://twitter.com/fasthm00/status/1228118057144537088

• https://www.coalfire.com/Solutions/Coalfire-Labs/The-Coalfire-LABS-Blog/june-2018/protips-testing-applications-using-burp-and-more

• https://portswigger.net/blog/burps-new-crawler

• https://twitter.com/jon_bottarini/status/1140700782343278592

• https://twitter.com/Unknownuser1806/status/1225698253867405315 - Extension

• Burp Extensions - https://twitter.com/search?q=Burp%20Extensions%20%23bugbounty&src=typed_query

• https://github.com/elespike/burp-cph

• https://vdalabs.com/2020/05/08/burpsuite-extensions-some-favorites/

• Are you using @Burp_Suite with @firefox and don' want see the http://detectportal.firefox.com requests? Try this steps: https://twitter.com/firefox/status/841843869205598208

• https://portswigger.net/blog/burp-suite-tips-from-power-user-and-hackfluencer-stok

Just released my first@Burp_Suite plugin. If you use multiple browsers through burp, check this out:aurainfosec/burp-multi-browser-highlightingHighlight Burp proxy requests made by different browsers - aurainfosec/burp-multi-browser-highlightinggithub.com

Automating Web Apps Input fuzzing via #Burp Macros http://blog.securelayer7.net/automating-web-apps-input-fuzzing-via-burp-macros/

Blog post: Turbo Intruder: Embracing the billion-request attackTurbo Intruder: Embracing the billion-request attack | PortSwigger Researchportswigger.net

Need to import multiple URL;s in to burp suite - https://twitter.com/search?q=parallell%20bugbountytip&src=typed_query

cat yahoourls.txt| parallel -j 10 curl --proxy http://127.0.0.1:8080 -sk > /dev/null

D Ξ Ξ P Λ K @1m4xx0·Oct 10, 2019One liner to import whole list of subdomains into Burp suite for automated scanning! cat <file-name> | parallel -j 200 curl -L -o /dev/null {} -x 127.0.0.1:8080 -k -s #bugbountytips #bugbounty #bugbountytip

GitHub - Static-Flow/BurpSuite-Team-Extension: This Burpsuite plugin allows for multiple web app testers to share their proxy history with each other in real time. Requests that comes through your Burpsuite instance will be replicated in the history of the other testers and vice-versa!GitHub

• https://github.com/thegsoinfosec/BurpSuite_payloads

• urlgrab --url SITE_HERE.com --ignore-ssl --proxy socks5://127.0.0.1:8080

• https://github.com/allyomalley/BurpParamFlagger/

• https://github.com/JGillam/burp-paramalyzer

• https://github.com/Hxzeroone/quoted-printable-Parser