#burpsuite hashtag - Bluesky

Top 10 web hacking techniques of 2025 Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year

2 months ago

Originally from PortSwigger: Top 10 web hacking techniques of 2025 ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

2 months ago

Guía Burp Suite Pro: Domina el Pentesting Web Profesional Domina el pentesting web con nuestra guía de Burp Suite Pro. Aprende a usar Proxy, Scanner, Intruder y Repeater. ¡Audita como un profesional!

AI-Assisted Web and Cloud Penetration Testing with Cursor + MCP HexStrike and Burp Suite MCP. A Complete Guide to Modern AI-Powered Security Testing. From One Prompt to Full Attack Surface Coverage...

#cybersecurity #hexstrike #burpsuite #cloud-computing #ai

Origin | Interest | Match

0 0 0 0

EsGeeks

@esgeeks.bsky.social

2 months ago

¿Listo para llevar tu pentesting al siguiente nivel? Nuestra guía de Burp Suite Pro te enseña a dominar Scanner, Intruder y más. ¡Audita como un profesional! #BurpSuite #PentestingWeb #Ciberseguridad

0 0 0 0

Top 10 web hacking techniques of 2025: call for nominations Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te

3 months ago

Originally from PortSwigger: Top 10 web hacking techniques of 2025: call for nominations ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

1 0 0 0

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

3 months ago

DOM XSS Using Web Messages and Javascript URL (window.postMessage → innerHTML Sink) DOM XSS via Web Messages: Exploits unsafe postMessage handling and innerHTML injection to execute arbitrary Jav...

#burpsuite #cross-site-scripting #ctf #xs #cybersecurity

Origin | Interest | Match

0 0 0 0

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

3 months ago

Original post on infosecwriteups.com

DAST Automation Using BurpSuite MCP Recently Portswigger team introduced Burp MCP, which help to automate the Dynamic security assessment with one prompt. Recently MCP is booming, which is really ...

#artificial-intelligence #application-security #cybersecurity #penetration-testing #burpsuite […]

0 0 0 0

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

3 months ago

DOM XSS in jQuery href Attribute Sink (location.search → jQuery.attr) DOM XSS in jQuery anchor href attribute sink using location.search source Continue reading on System Weakness »

#cybersecurity #burpsuite #xs #dom-xss #cross-site-scripting

Origin | Interest | Match

0 0 0 0

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

3 months ago

@hnsec.infosec.exchange.ap.brid.gy

DOM XSS in jQuery href Attribute Sink (location.search → jQuery.attr) DOM XSS in jQuery anchor href attribute sink using location.search source Continue reading on System Weakness »

#cybersecurity #burpsuite #xs #dom-xss #cross-site-scripting

Origin | Interest | Match

0 0 0 0

The Daily Tech Feed

@thedailytechfeed.com

3 months ago

Burp Suite's ActiveScan++ now detects critical React2Shell vulnerabilities, enhancing web app security. Stay protected! #CyberSecurity #BurpSuite #React2Shell #WebSecurity Link: thedailytechfeed.com/burp-suite-u...

0 0 0 0

HN Security

3 months ago

Original post on infosec.exchange

In this latest article in our long-running series on #BurpSuite #Extension #Development, Federico Dotta illustrates how to extend the Active and Passive Scanner in your favorite #WebApplication #PenetrationTesting tool with Custom Scan Checks […]

1 1 0 0

The Fragile Lock: Novel Bypasses For SAML Authentication TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

3 months ago

Originally from PortSwigger: The Fragile Lock: Novel Bypasses For SAML Authentication ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

Introducing HTTP Anomaly Rank HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,

4 months ago

Originally from PortSwigger: Introducing HTTP Anomaly Rank ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

HN Security

@hnsec.infosec.exchange.ap.brid.gy

5 months ago

Original post on infosec.exchange

#Brida 0.6 is here! The bridge between #BurpSuite and #Frida is now fully compatible with Frida 17+.

As of this release, Brida 0.6 supports only Frida 17 and later. For users who still rely on older Frida versions, Brida 0.6pre remains available on GitHub.

Get the latest release here […]

0 1 0 0

FUNBIRD LLC

@funbirdllc.bsky.social

5 months ago

Free Tools for Cybersecurity Enthusiasts 🛠️🧠
#CyberSecurityTools #FreeTools #InfoSec #Wireshark #Nmap #BurpSuite #Metasploit #SecurityOnion #EthicalHacking #CyberSecTraining #TechTools #NetworkSecurity #OpenSourceSecurity

0 0 0 0

PostgreSQL

@postgresql.activitypub.awakari.com.ap.brid.gy

5 months ago

SQL Injection UNION Attack — Oracle Database Version SQL Injection UNION Attack — Oracle Database Version Lab Objective Use UNION-based SQL injection to retrieve and display the Oracle...

#cybersecurity #pentesting #web-security #sql-injection #burpsuite

Origin | Interest | Match

0 0 0 0

HTTP/1.1 must die: the desync endgame Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p

6 months ago

Originally from: PortSwigger: HTTP/1.1 must die: the desync endgame ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real

6 months ago

Originally from: PortSwigger: Beware the false false-positive: how to distinguish HTTP pipelining from request smuggling ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

Inline Style Exfiltration: leaking data with chained CSS conditionals I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: Someone asked if you c

6 months ago

Originally from: PortSwigger: Inline Style Exfiltration: leaking data with chained CSS conditionals ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

1 0 0 0

Cookie Chaos: How to bypass __Host and __Secure cookie prefixes Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve

6 months ago

Originally from: PortSwigger: Cookie Chaos: How to bypass __Host and __Secure cookie prefixes ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine Many testers and tools give up the moment a protocol upgrade to WebSocket occurs, or only perform shallow analysis. This is a huge blind spot, leaving many bugs like Broken Access Controls, Race condi

6 months ago

Originally from: PortSwigger: WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch

0 0 0 0

Hasamba

@hasamba72.bsky.social

6 months ago

ISP IPTV boxes exposed accounts where username = device MAC and password = admin@123; combined with ADB access and SSL‑pin bypass (apk‑mitm) this enables account takeover and broad enumeration. #IPTV #SSLpinning #BurpSuite https://bit.ly/41Wx55N

0 0 0 0

Pentest-Tools.com

@pentest-tools.com

6 months ago

Pentest-Tools.com Burp Suite extension

🟠 Burp findings → report-ready in seconds with Pentest-Tools.com 🔵

Our new Burp Suite extension lets you send Audit Issues straight into Pentest-Tools.com with a single right-click.

#pentesting #burpsuite #appsec #cybersecurity #infosec

1 0 1 0

Compass Security

@compass-security.com

6 months ago

We use @jameskettle.com Burp extension Collaborator Everywhere daily. Now our upgrades are in v2: customizable payloads, storage, visibility. Perfect for OOB bugs like SSRF.

Find out more here: blog.compass-security.com/2025/09/coll...

#AppSec #BurpSuite #Pentesting

8 6 0 0