Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
Signaler
NullHyderabadSuivre
20 Mar 2023•0 j'aime•32 vues
0 j'aime
Soyez le premier à aimer ceci
afficher plus
vues
Nombre de vues
0
Sur Slideshare
0
À partir des intégrations
0
Nombre d'intégrations
0
Check these out next
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
20 Mar 2023•0 j'aime•32 vues
0 j'aime
Soyez le premier à aimer ceci
afficher plus
vues
Nombre de vues
0
Sur Slideshare
0
À partir des intégrations
0
Nombre d'intégrations
0
Télécharger pour lire hors ligne
Signaler
Technologie
Finding vulnerabilities with Burp Suite Custom Scan Profiles from Saqlain
NullHyderabadSuivre
Recommandé
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
Subgraph vega countermeasure2012David Mirza
Subgraph vega countermeasure2012David Mirza
Attacking and Defending Mobile ApplicationsJerod Brennen
Manual JavaScript Analysis Is A BugLewis Ardern
Web Security - IntroductionSQALab
Finding vulnerabilities with Burp Suite Custom Scan Profiles.pdf
- Finding Web Application vulnerabilities with Burp Suite Scan Profiles
- #Whoami MOHAMMAD SAQLAIN (mrroot) Application Security Engineer Bug Bounty Hunter
- Agenda 1. Introduction to Burp Suite Configuration Library 2. Understanding Burp Suite Scan Profiles 3. Creating Burp Suite Custom Scan Profiles 4. Efficiently detecting vulnerabilities with Custom Scan Profiles 5. Using Burp Extensions and Open Source tools to detect vulnerabilities
- Introduction to Burp Suite Configuration Library Burp Suite comes with a range of built-in setting profiles which can help users to quickly fuzz an application's endpoints. Crawl options : control Scanner’s behavior during the crawl phase of the scan. Audit options : control Scanner's behavior during the audit phase of the scan.
- Understanding Burp Suite Scan Profiles https://portswigger.net/burp/documentation/scanner/scan-configurations/burp-scanner-built-in-configs
- Creating Burp Suite Custom Scan Profiles
- Creating Burp Suite Custom Scan Profiles
- Creating Burp Suite Custom Scan Profiles
- Creating Burp Suite Custom Scan Profiles Based on the vulnerability category, we can create as many custom profiles as we require Such as ● Path Traversal ● XML Entity Injection ● Server Side Request Forgery ● Web Cache Poison ● HTTP Request Smuggling ● Cross Origin Resource Sharing These custom profiles are incredibly useful when you need to search for vulnerabilities on specific parameters and endpoints, allowing you to efficiently and effectively detect any potential vulnerabilities.
- Efficiently detecting vulnerabilities with Custom Scan Profiles Demo Time
- Extending Scanning Capabilities : Active Scan++ - https://github.com/PortSwigger/active-scan-plus-plus Backslash Powered Scanner - https://github.com/portswigger/backslash-powered-scanner Authorization checks : Auth Analyzer - https://github.com/PortSwigger/auth-analyzer Upload functionality checks : Upload Scanner - https://github.com/PortSwigger/upload-scanner Applying various Encoding, Hashing, and Encryption Techniques : Hackvertor - https://github.com/portswigger/hackvertor GraphQL technology security auditing InQL Scanner - https://github.com/portswigger/inql Finding Potential Parameters GAP - https://github.com/xnl-h4ck3r/GAP-Burp-Extension Other Extensions - https://github.com/snoopysecurity/awesome-burp-extensions Using Burp Extensions & Open Source tools to detect vulnerabilities
- Any Questions…
- Conclusions ● Don’t spray and pray…. Find the right way ● Be a Pentester not Fun Tester ● Remember Human > Machine ( even ChatGPT ) 😂
- Contact