Burp Suite Bug Bounty

  1. Burp Suite Bug Bounty Web Hacking From Scratch
  2. Burp-suite A Master Of Bug Bounty Hunter Free Download
  3. Burp Suite Bug Bounty Hunter
  4. Bugcrowd
  5. Burp-suite A Master Of Bug Bounty Hunter
  6. Burp Suite Bug Bounty Pack
  7. Burp Suite Bug Bounty Box

Hello ethical hackers and bug bounty hunters. Today, you will learn the top 10 Burp Suite extensions I found myself using over and over again. They assist me in different areas, such as pretty-printing data, actively testing for specific vulnerability classes, parsing API definitions and brute-forcing.

When it comes to bug bounty software, Burp Suite is head and shoulders above anything else. Voted the tool that 'helps you most when you're hacking' by 89% of users on HackerOne. Nothing else comes close. Burp Suite Professional's specially-designed tools will help you hit large bounties more often. Burp Suite Bug Bounty Web Hacking from Scratch Udemy Free download. Become highly paid Bug Bounty hunter and Earn Money Ethically, Web Hacking and Security. This course is written by Udemy’s very popular author Hackers Cloud Security. It was last updated on October 25, 2020. Apr 14, 2021 BUG BOUNTY HUNTING WITH BURP SUITE Masoom Malik April 14, 2021 0 comment. Why you need Burpsuite.

Wsdler is your burp extension for SOAP

During your penetration testing or bug bounty hunting, you might encounter SOAP-based APIs. They are web services that you can consume according to a file which describes the actions they expose and how to call them. This file is based on the Web Services Description Language (WSDL).

Whenever you find one, you can parse it using Wsdler. Additionally, this Burp extension constructs the HTTP requests as the API expects them.

JSON Beautifier

Before Burp Suite rolled its Pretty button feature, this was the first extension I needed to install after any fresh Burp Suite setup. Nowadays, the majority of web application use RESTful APIs which generally use JSON objects to transfer data between the client and the server. JSON Beautifier prettifies the inline JSON data to make your life easier.

This Burp extension is free and can be used in either Burp Suite Community Edition or Professional.

J2EEScan is a great burp extension for Java EE applications

In my penetration testing assignments, I usually test J2EE web applications, which are Java web applications that support enterprise-level requirements, such as scalability and availability. Therefore, I use J2EEScan to assist me in finding vulnerabilities for the most common CVEs that target J2EE technologies.

The extension adds test cases to the BurpSuite Scanner. Therefore, there no additional configuration after you install it. All you have to do is run a scan and wait for vulnerabilities in the Issue Activity panel in the Burp’s Dashboard tab.

Burp Suite Bug Bounty Web Hacking From Scratch

JSON WEB Tokens, the Burp extension, not the standard

According to jwt.io, JSON Web Token is:

[…] an open standard […] that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

When you do bug bounty hunting or web application penetration testing, it is a pain to manually copy the tokens from Burp Suite and paste them into your favourite parsing tool, such as jwt.io. This extension allows you to parse the token within Burp, the same way JSON Beautifier prettifies inline JSON objects.

Burp-suite A Master Of Bug Bounty Hunter Free Download

SAML Raider

For those of you who don’t know what SAML, it’s a standard used in Single Sign-On (SSO) for authentication. Here is a brief definition from Wikipedia:

Bounty

Security Assertion Markup Language (SAML) […] is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions.

Burp Suite Bug Bounty Hunter

Since SAML requests contain long base64 encoded XML data, it is impractical to manually parse them. SAML Raider automatically performs the parsing within Burp Suite. Additionally, you can use it to perform known attacks against your target web application. In fact, it comes with pre-configured exploitation techniques, such as signature wrapping, that you can easily run to test for weaknesses in SAML implementations.

AuthMatrix burp extension for broken access control

I’ve already covered this great extension in a Youtube video. It allows you to test for broken access control vulnerabilities, such as IDOR, unprotected endpoints, etc. The flow is fairly simple. Firstly, you browse your target application and send any interesting requests to this extension. Then, you create the target users, such as the attacker and the victim. Then, for each user, you configure the session cookies, and any HTTP headers containing tokens such as JWT or API keys. Lastly, you hit the run button and let AuthMatrix highlight the suspicious requests in red.

HTTP request smuggler

This is the go-to Burp extension when you want to easily detect and exploit a web application through HTTP Request Smuggling.

It detects whether you have a CL.TE or TE.CL condition and reports it directly into Burp Suite’s Dashboard tab, under the Issue Activity menu where all the issues get listed.

If you have no clue about what do CL.TE and TE.CL means, I invite you to read this article from the authors of Burp Suite.

Turbo Intruder

This extension allows you to send large numbers of HTTP requests to a target web application. If you have Burp Community, you know that you can only work with a limited version of the Intruder which does not support multiple threads. Instead, you can use Turbo Intruder.

Since this Burp extension uses a Python snippet that you can edit, I recommend you get familiar with the basics of the Python programming language. That way, you can customize Turbo Intruder to bring more flexibility when you brute force.

Upload Scanner

Whenever you encounter a file upload feature that uses the multipart mime type, I encourage you to give this Burp extension a try. In fact, you can use it to probe the upload features for many security issues.

It fuzzes all the parameters using a set of organized categories that you can choose from. If the application retrieves the uploads, you can configure Upload Scanner to fetch the files to verify cases like XSS.

There are plenty of other features in this awesome Burp extension. I encourage you to learn more about it. Additionally, I prepared this Youtube video to show you how it works.

Java Deserialization Scanner

This Burp extension checks for insecure deserialization issues in Java applications. It uses pre-built serialized java objects to probe the application for a callback. You can configure this feedback to be either a time delay or a callback. If the application sleeps for some time before responding, or if you receive a hit as a callback, the extension highlights exactly what payload has triggered it. Therefore, you can prepare your own payload using tools such as ysoserial.

If you want to learn how insecure deserialization works and how to exploit it with real examples, I invite you to read this article.

Bugcrowd

Conclusion

There are so many tools, extensions and methodologies available a few clicks away. However, I should mention that you don’t have to use them all. Take some time to discover how they work, then pick the ones that suit your taste and your needs.

Burp-suite A Master Of Bug Bounty Hunter

Hopefully, this episode has shown you some new Burp extensions that might help you in your next assignment.

Burp Suite Bug Bounty Pack

Until the next episode, stay curious, keep learning and go find some bugs!

Burp Suite Bug Bounty Box

Bug bounty tools

Burp ProxySite mapBurp ScannerContent discoveryBurp RepeaterBurp IntruderBurp Extender APIManual power tools
  • Burp Proxy

    Burp proxy is the foundation the rest of Burp Suite is built on. It's an intercepting proxy that allows you to see all HTTP communications sent between your browser and a target server. Crucially, it then allows you to edit the requests you send, or intercept and edit responses before they're sent to the browser. As you can imagine, it's a very useful bug bounty tool.

    Of course, most of the internet now uses the encrypted HTTPS standard, rather than unencrypted HTTP. Fortunately, Burp Proxy is able to see through HTTPS encryption by using a self-signed CA certificate.

    Read more
  • Site map

    The site map tool is one of Burp Suite's most widely used functions. You can generate a site map by manually navigating/proxying an app using Burp Scanner, and/or by using the content discovery function. Advanced crawling logic means Burp Scanner is capable of this even where a web app uses a lot of dynamic content.

    Burp Suite also includes a target scope configuration. By setting this, you can exclude out-of-scope content at a suite-wide level. This helps to keep you on track and out of trouble. You won't suddenly find that Burp Suite has run an active scan against out-of-scope web content, for instance.

    Read more
  • Burp Scanner

    Burp Scanner is Burp Suite Pro's most highly automated component. It protects many of the world's largest businesses and is used by the majority of pro pentesters. Our scanner covers the whole OWASP Top 10 - in addition to many other bugs - and you'll also have access to regular updates from our Research Team.

    Perhaps most importantly, Burp Scanner is customizable. This allows you to stay ahead of the crowd, by augmenting scans with your own routines. Once you've got it set up to your liking, Burp Scanner is like bug bounty hunting in easy mode.

    Read more
  • Content discovery

    Burp Suite Pro's content discovery function can expose attack surface that would otherwise be hidden to you. This generally means content and functionality not linked to from an app's visible areas. This can then be added to a site map.

    The content discovery function is fully adjustable and can use a variety of methods to discover hidden areas. These include word lists, web crawling, and extrapolation from previous successful guesses.

    Read more
  • Burp Repeater

    There are situations in manual bug bounty hunting where it's helpful to send similar (but subtly different) HTTP requests a number of times. You might be trying to determine a value for a certain parameter that will produce a desired effect, for example.

    Burp Repeater is designed to make these situations as easy as possible. As its name suggests, it allows you to take a single HTTP request, alter it as much (or as little) as you like, and send it at the touch of a button. In manual testing, this can save you a lot of time.

    Read more
  • Burp Intruder

    Burp Intruder allows you to orchestrate and direct customized attacks against a target. It's one of the killer automated features that make Burp Suite Pro such a powerful package. If you want to check a lot of different input variables across a web app for any particular reason (e.g. fuzzing, or another form of brute force attack), then this is your tool.

    For testing even larger numbers of payloads, there's a free extension called Turbo Intruder. Configured using Python for flexibility, Turbo Intruder is easily capable of exceeding 30,000 requests per second (RPS). To put this in perspective, many similar tools struggle to hit 1,000 RPS.

    Read more
  • Burp Extender API

    One of Burp Suite's real strengths is that anyone can write extensions using its Burp Extender API. You can then submit these to PortSwigger's free BApp store. So if you can think of a bug bounty tool or function you'd like to see in Burp Suite, you can more or less make it happen.

    This is how popular manual extensions like SAML Raider, Logger++, and Software Version Reporter came to be. Many of these extensions (like SAML Raider) are aimed at specific technologies - allowing you to customize Burp Suite to suit your own bug bounty interests.

    Read more
  • Manual power tools

    Burp Suite simplifies hacking by putting major bug hunting tools in front of you. But in addition to these better-known functions, it includes a whole host of smaller tools to make your life as a bug bounty hunter easier.

    A prime example is the cross-site request forgery (CSRF) proof of concept generator. Manually crafting HTML to trigger a CSRF exploit can be cumbersome - so this tool can do it for you. Burp Suite also includes tools to make encoding and decoding data simple - which means no more digging around for a Base64 or hex encoder.