March 23

Webinar takeaway – Tactical BurpSuite

Security

0  comments

My key takeaways

  • AWS doesn't allow to test from a workspace
    • Testing inside seems to not violate the TOS
  • Always create a "new project on disk" instead of a "temporary project" in Burp
  • In the "Target" tab under sitemaps
    • black text : Burp has seen request and response
    • gray text: Burp has seen a link to this in a request
  • during mapping spend most time in the proxy tab
    • requests are in order of the request made
  • if you search in intruder and click through the requests back and forward, you get it highlighted when something juicy appears
  • you can have multiple tabs open in Burp. It's Java...
    • and you can rename them to find them also later on
  • Decoder is nice to check encoded strings fast
  • Use extensions depending on the project
    • to many extensions active will slow down Burp significantly

Env

additional links

User comments

  • NASec — heute um 18:08 Uhr ZAP is the way to go if you don't have the Pro version of Burp and need to Fuzz. Intruder just too slow

  • JohnnyRocket — heute um 18:52 Uhr like color coding the proxy results after initial review of site - all manually found URLs are a different color

Tags

penetration test, pentest, webapp, websec

You may also like

Event takeaway: Layer8 Conference

My key takeaways HUMINT phrases to identify background characteristics an interesting OSINT aspect in conversation is special prononciation of certain words identifying the persons origin List of words of identifiers per language The great casino heist: key takeaways from my first big social engineering engagement "get out of jail"-cards must be signed to work career

Read More
Leave a Comment