View profile

A lot has happened in the Burp-verse - Issue #5 📰

A lot has happened in the Burp-verse - Issue #5 📰
By Burp Suite Guide • Issue #5 • View online
Hello 👋,
A lot has happened in the Burp-verse recently. A new Burp version release (with massive updates to Intruder), excellent blog posts, etc. But before we continue, I have some huge news for you.
You made it possible for this newsletter to reach a new milestone - 100+ subscribers. Thank you for all your love ❀, support ✊, and feedback đŸ€. 
If you got this newsletter for the first time, welcome onboard!!! Signing up for the newsletter was your first step in becoming the up-to-date hero of Burp Suite.
Follow Burp Suite Guide on Twitter or LinkedIn to get instant updates on Burp Suite - like answers to frequent questions, security fixes for Burp Suite, and more. 
Now let’s continue.

New Releases
Burp 2021.5 released for early adopters!
Say hello to some massive updates to Intruder.
You can now save the Intruder attack payloads and their corresponding responses to Burp project files. This setting does not default (as saving all intruder results will exponentially increase project file size) and needs to be configured for each Intruder scan.
Save attack to project file option
Save attack to project file option
Don’t worry if you haven’t configured that option before starting Intruder attacks. Burp prompts you to save the attack whenever you try to close an attack window.
Prompt to save Intruder attack
Prompt to save Intruder attack
If you want to save all Intruder attacks to the Burp project file, click on “Remember my choice” in the prompt and then click the “Save in project file” button.
Also, Intruder attacks are now visible on the dashboard. This addition makes the dashboard more robust and allows you to see all active tasks (crawling, scanning, and intruding) at a 10,000 level view.
Burp dashboard showing Intruder attacks
Burp dashboard showing Intruder attacks
These features are not all. Check out the release notes to see all the updates to Intruder.
Blog Posts
Recorded logins in Burp Scanner
Login is the gateway to more attack surfaces. Automating the login process allows security scanners to test the features available for authenticated users.
From a user’s perspective, the login process in a website is intuitive. Look for the username and password fields in a fully rendered website, fill in the credentials, answer basic questions (if any, like 5+3=, What is your mother’s maiden name? etc.), and finally click Login. 
On the other hand, it is often tricky and not straightforward from a security scanner’s perspective. Some decisions that scanners need to take to log in are:
  • how to differentiate registration page and login page (even though both has username and password fields)
  • how to log in when a website uses client-side JS frameworks to render the page dynamically
  • how to log in if the username field is on the first page and the password field is on the second
  • many more

Burp Suite has introduced a “recorded login” feature that tackles some of the above scenarios. This blog post walks you through the internal logic that Burp used to determine the login fields and how the new recorded login feature does the job even better (along with its limitations).
Remember, this feature is available in the Burp Professional edition only.
Recorded logins in Burp Scanner | Blog - PortSwigger
Recorded logins in Burp Scanner | Blog - PortSwigger
Here’s a deep dive on Burp Scanner’s new Recorded logins feature, which lets it authenticate itself on all manner of web applications.
portswigger.net  •  Share
How-To: Learn how to write a Burp Suite extension in Kotlin – Setting up
Yet another blog post series from YesWeHack. 
(Check out YesWeHack’s other blog post series on Burp extensions. I’m sure you will love it).
In this new series, the first blog post teaches you how to develop a Burp extension in Kotlin. It is a beginner-friendly blog post and starts with the basics like setting up IntelliJ IDEA, sample extension code, creating a JAR file and testing it on Burp Suite.
How-To: Learn how to write a Burp Suite extension in Kotlin - Setting up - Global Bug Bounty Platform
How-To: Learn how to write a Burp Suite extension in Kotlin - Setting up - Global Bug Bounty Platform
Welcome to the first post in our tutorial series “How-To” dedicated to Burp Suite. In this tutorial, we will create a modern burp extension using Kotlin.
blog.yeswehack.com  •  Share
Password reset code brute-force vulnerability in AWS Cognito
This blog post by Tobias Ospelt (from Pentagrid) explains how he was able to exploit password reset code brute-force in AWS Cognito with the help of Turbo Intruder. Consider this as a “how-to” article to test/exploit race conditions using Turbo Intruder (along with well explained technical details and preconditions). 
Tweets
James Kettle on Twitter
James Kettle on Twitter
“Param Miner can now breakthrough & poison aggressive caching configurations by placing a cache-buster in the path. Please note this technique upsets some servers. You can use Burp’s shiny new Logger to check it’s working correctly. https://t.co/wFbqgN9Xzx”
twitter.com  •  Share
Others
RCE in ‘Copy as Node Request’ BApp fixed
Due to improper sanitization of cookies by the “Copy as Node Request” Burp extension, it was possible to inject malicious Node.js code in copied text. This led to remote code execution with a significant amount of user interaction.
This issue is now fixed. If you are using the “Copy as Node Request” extension, ensure it’s the latest version.
Copy as Node Request is a burp suite extension that allows users to copy requests as Node.js code. Due to improper sanitization of cookie, it’s possible to inject arbitrary Node.js code in copied text, which may lead remote code execution with a significant amount of user interaction.
hackerone.com  •  Share
Detecting and annoying Burp users
A fantastic article by Julien Voisin on how to detect and break Burp đŸ˜± đŸ˜± đŸ˜± - from the defender’s point of view. I liked his idea of “Confusing Burp’s active scan,” but I hope such countermeasures are not present on the websites/apps I pentest.
Personal blog of Julien (jvoisin) Voisin
dustri.org  •  Share
Burp Bounty Profiles
BurpBounty extension allows you to add custom rules to detect issues that Burp Suite doesn’t usually find. For example, API tokens, private keys, etc. The Burp Bounty Profiles repository contains active and passive rules for the BurpBounty extension that beefs up Burp’s scanner checks.
Burp Bounty profiles compilation, feel free to contribute! - six2dez/burp-bounty-profiles
github.com  •  Share
Finally
If you learned something new about Burp Suite using this newsletter, please share it with your friends, hackers & pentester colleagues. Tweet about it.
If you liked the newsletter, click the 👍 button below. If you have any specific feedback, shoot an email to [email protected].
Many thanks for considering my request.
Until next time 👋
Did you enjoy this issue?
Burp Suite Guide

Your guide to all things Burp Suite !

Tweet     Share
If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue