Good to know 👍 But regular inbound pentesting is still allowed for API Gateway, only outbound pentesting is prohibited to prevent abuse of their infra

#BurpSuite Installing BApp files and refreshing the available extensions in Burp Suite, slightly hidden

TIL: When you update your hostname in Linux, always update your /etc/hosts file as well and add an entry with 127.0.0.1. Otherwise, you may encounter a delay when running sudo, which will perform DNS lookups for your hostname 🤡

New blog post: Long-term Kali Linux usage in VirtualBox. Make sure to always manually install the latest guest additions after each kernel update

soffensive.github.io/posts/variou...

If you also missed the new button like me, quickly see your Burp AI credits in the Burp UI at the bottom right:

New blog post: Long-term Kali Linux Usage in VirtualBox: Disk Resizing Issues, Systemd, and Swap Space

soffensive.github.io/posts/variou...

New blog post: Long-term usage of Kali Linux in a VM and optimizations. Part 1: Disk Usage

soffensive.github.io/posts/variou...

Wondered why my system occupied so much space and it turned out Go consumed a lot for caching over the years...

go clean -modcache
go clean -cache
go clean -testcache
go clean -fuzzcache
Thanks for 30 gigs of space!
scripter.co/cleaning-up-...

If you want to use Bruno (www.usebruno.com) with Burp, try this:
export NODE_TLS_REJECT_UNAUTHORIZED=0; bruno
or to allow a specific CA only:
export NODE_EXTRA_CA_CERTS=~/burpca.pem; bruno

The current Bruno UI settings for certificate validation don't work (v2.0.1)

Interesting: this webb app uses the "X-Forwarded-Host" header with the requested URL to built the final URL. The XFH header can include path and parameters, not just the host, and everything is combined.

This gave me an easy 403 bypass at the proxy level, but I wonder what else can be done...