And here's a short video demonstrating its usage
xcancel.com/garethheyes/...
1 week ago
0
0
0
0
Posts by Mastering Burp Suite
Just discovered the "Find tag" functionnality of Hackvertor and I already find it very useful ๐ฅ
It can be triggered from Burp's command palette or with the Ctrl-Alt-F keyboard shortcut ๐
1 week ago
2
2
2
0
Last week, Syzik took my course and patched JWT ReAuth as the same time ๐คฏ
Here's his fork github.com/Syzik/jwt-re...
This version supports multiple profiles, per profile scopes, and the ability to fetch access tokens from refresh ones ๐ ๏ธ
2 weeks ago
1
1
0
0
A nice trick by @parsiya.bsky.social: how to share a Burp project with others without sharing tokens and secrets ๐ง
parsiya.io/research/bur...
1 month ago
0
0
0
0
Come to Roma ๐ฎ๐น ๏ฟผin September and attend the only in-person public training session I'll give in 2026! ๐จโ๐ซ
And if you like camping with other hackers (as I do), stay over the weekend for the 3-day long RomHack Camp ๏ฟผ๐๏ธ
romhack.io/training/
1 month ago
3
2
0
0
Since EA 2026.2, there's a a search bar in Proxy History and it doesn't work exactly like the usual display filter. Let me explain...
- the filter searches in requests, responses and notes
- the search bar looks for the keyword in the table of entries itself (including custom and/or hidden columns)
2 months ago
0
0
0
0
Out of curiosity, I counted how many configurable hotkeys exist in Burp Pro ๐
In Early Adopter version 2026.1.1, the answer is 168 ๐ค
2 months ago
0
0
0
0
A bunch of new features in EA 2025.12, including an E2E-encrypted way to share traffic between Pro users portswigger.net/burp/release...
4 months ago
1
0
0
0
I really have to try this new MultiEncoder ๐ฌ
4 months ago
1
0
0
0
Burp Hackvertor has a bunch of new shortcuts and functionality. Try them out in Burp. They are activated from a Burp repeater request.
4 months ago
5
2
0
0
Advertisement
The 2026 online public sessions of my "Mastering Burp Suite Pro" course have been published ๐
- March 24th to 27th, in French ๐ซ๐ท
- April 14th to 17th, in English ๐ฌ๐ง
hackademy.agarri.fr/2026
PS: feel free to ping me if you'd like to temporarily block a seat or are looking for a 10% coupon ๐
4 months ago
8
7
0
1
Burpโs command palette
Burp now has a command palette (similar to the one in VS Code) ๐ฅณ
portswigger.net/cms/images/4...
5 months ago
3
2
1
0
Coming to Hackvertor soon...
Big thanks to CoreyD97 for the suggestion!
5 months ago
3
1
0
0
Burpโs command palette
Burp now has a command palette (similar to the one in VS Code) ๐ฅณ
portswigger.net/cms/images/4...
5 months ago
3
2
1
0
I've just upgraded Turbo Intruder with a shiny new algorithm called HTTP Anomaly Rank, which automatically finds the most unusual responses in your attack! Here's a quick demo, full details in the writeup below: youtu.be/z92GobdN40Y
5 months ago
14
4
2
1
Maybe that the next step will be the possibility to also enable extension-provided checks individually ๐
5 months ago
1
0
1
0
1) BChecks can be enabled individually
2) The configuration screen reflects settings loaded from the library
5 months ago
1
0
1
0
Portswigger changed the way the Scanner configuration looks like (at least in Early Adopter releases) and I really like the new layout ๐
5 months ago
2
0
1
0
If you're looking for a quick tool to copy regex matches from requests AND responses, have a look at github.com/honoki/burp-...
6 months ago
1
1
0
0
Advertisement
I wrote a small utility to copy unique domains, URLs, paths, filenames or directories from a selection on the Target Map in Burp Suite.
The directories is especially useful in combination with something like ffuf, e.g. for /path/to/folder/file.txt will return the list
/path
/path/to
/path/to/folder
6 months ago
4
1
1
0
Great news! When creating a scan configuration, all non-default settings are now saved ๐พ
The ugly UX where only opened panes were saved is gone (since at least EA 2025.9.1) ๐๏ธ
5 months ago
2
0
0
0
A few days ago, @tib3rius.bsky.social published a video where he uses Burp AI features to hack on a vibe-coded web app ๐ช
www.youtube.com/watch?v=lHby...
6 months ago
4
1
0
0
New video, Decrypting TLS traffic in Wireshark. How to extract TLS keys from Burp, ZAP, and curl and then import them into Wireshark to see the raw traffic.
youtu.be/bSt6E48mGuc
6 months ago
9
5
0
0
If you're confused by the amount of resources stored in the JAR, here's a hint ๐
Check out "resources/Scanner/jwt_secrets.txt". It contains over 100k passwords used by the passive scanner to decrypt JWT tokens ๐๏ธ
And it works: that's how @evilpacket.net scored a $1500 bug affecting Cursor ๐ฐ
9 months ago
3
2
1
0
In case you missed it, AWS updated its policy about pentesting, and "Amazon API Gateway" (used by the extension "IP Rotate") isn't allowed anymore
aws.amazon.com/fr/security/...
6 months ago
2
2
1
0
Hackvertor v2.1.25 has been released and fixes the content-length problem!
6 months ago
4
1
0
0
Advertisement
Hackvertor v2.1.24 has a major bug where it doesn't update the content-length. Sorry about that. I've fixed it in v2.1.25. I'll try and get it updated on the BApp store ASAP. Gutted I missed this, sorry I'll try to do better in future.
6 months ago
1
1
0
0
This one-liner shows the details of the most recent EA release of Burp Suite Pro ๐ฌ
curl -s portswigger.net/burp/release... | jq -r '[.ResultSet.Results[] | select(.releaseChannels[0] == "Early Adopter")][:2] | .[] | "=== Version EA v\(.version), \(.releaseDate) ===", "\(.content)"' | html2text
7 months ago
2
0
0
0