View profile

A lot has happened in the Burp-verse - Issue #5 📰

A lot has happened in the Burp-verse - Issue #5 📰
By Burp Suite Guide • Issue #5 • View online
Hello 👋,
A lot has happened in the Burp-verse recently. A new Burp version release (with massive updates to Intruder), excellent blog posts, etc. But before we continue, I have some huge news for you.
You made it possible for this newsletter to reach a new milestone - 100+ subscribers. Thank you for all your love ❤️, support ✊, and feedback 🤝. 
If you got this newsletter for the first time, welcome onboard!!! Signing up for the newsletter was your first step in becoming the up-to-date hero of Burp Suite.
Follow Burp Suite Guide on Twitter or LinkedIn to get instant updates on Burp Suite - like answers to frequent questions, security fixes for Burp Suite, and more. 
Now let’s continue.

New Releases
Say hello to some massive updates to Intruder.
You can now save the Intruder attack payloads and their corresponding responses to Burp project files. This setting does not default (as saving all intruder results will exponentially increase project file size) and needs to be configured for each Intruder scan.
Save attack to project file option
Save attack to project file option
Don’t worry if you haven’t configured that option before starting Intruder attacks. Burp prompts you to save the attack whenever you try to close an attack window.
Prompt to save Intruder attack
Prompt to save Intruder attack
If you want to save all Intruder attacks to the Burp project file, click on “Remember my choice” in the prompt and then click the “Save in project file” button.
Also, Intruder attacks are now visible on the dashboard. This addition makes the dashboard more robust and allows you to see all active tasks (crawling, scanning, and intruding) at a 10,000 level view.
Burp dashboard showing Intruder attacks
Burp dashboard showing Intruder attacks
These features are not all. Check out the release notes to see all the updates to Intruder.
Blog Posts
Recorded logins in Burp Scanner
Login is the gateway to more attack surfaces. Automating the login process allows security scanners to test the features available for authenticated users.
From a user’s perspective, the login process in a website is intuitive. Look for the username and password fields in a fully rendered website, fill in the credentials, answer basic questions (if any, like 5+3=, What is your mother’s maiden name? etc.), and finally click Login. 
On the other hand, it is often tricky and not straightforward from a security scanner’s perspective. Some decisions that scanners need to take to log in are:
  • how to differentiate registration page and login page (even though both has username and password fields)
  • how to log in when a website uses client-side JS frameworks to render the page dynamically
  • how to log in if the username field is on the first page and the password field is on the second
  • many more…
Burp Suite has introduced a “recorded login” feature that tackles some of the above scenarios. This blog post walks you through the internal logic that Burp used to determine the login fields and how the new recorded login feature does the job even better (along with its limitations).
Remember, this feature is available in the Burp Professional edition only.
Recorded logins in Burp Scanner | Blog - PortSwigger
How-To: Learn how to write a Burp Suite extension in Kotlin – Setting up
Yet another blog post series from YesWeHack
(Check out YesWeHack’s other blog post series on Burp extensions. I’m sure you will love it).
In this new series, the first blog post teaches you how to develop a Burp extension in Kotlin. It is a beginner-friendly blog post and starts with the basics like setting up IntelliJ IDEA, sample extension code, creating a JAR file and testing it on Burp Suite.
How-To: Learn how to write a Burp Suite extension in Kotlin - Setting up - Global Bug Bounty Platform
Password reset code brute-force vulnerability in AWS Cognito
This blog post by Tobias Ospelt (from Pentagrid) explains how he was able to exploit password reset code brute-force in AWS Cognito with the help of Turbo Intruder. Consider this as a “how-to” article to test/exploit race conditions using Turbo Intruder (along with well explained technical details and preconditions). 
Tweets
James Kettle on Twitter
Others
RCE in ‘Copy as Node Request’ BApp fixed
Due to improper sanitization of cookies by the “Copy as Node Request” Burp extension, it was possible to inject malicious Node.js code in copied text. This led to remote code execution with a significant amount of user interaction.
This issue is now fixed. If you are using the “Copy as Node Request” extension, ensure it’s the latest version.
Detecting and annoying Burp users
A fantastic article by Julien Voisin on how to detect and break Burp 😱 😱 😱 - from the defender’s point of view. I liked his idea of “Confusing Burp’s active scan,” but I hope such countermeasures are not present on the websites/apps I pentest.
Burp Bounty Profiles
BurpBounty extension allows you to add custom rules to detect issues that Burp Suite doesn’t usually find. For example, API tokens, private keys, etc. The Burp Bounty Profiles repository contains active and passive rules for the BurpBounty extension that beefs up Burp’s scanner checks.
Finally
If you learned something new about Burp Suite using this newsletter, please share it with your friends, hackers & pentester colleagues. Tweet about it.
If you liked the newsletter, click the 👍 button below. If you have any specific feedback, shoot an email to [email protected].
Many thanks for considering my request.
Until next time 👋
Did you enjoy this issue?
Burp Suite Guide

Your guide to all things Burp Suite !

If you don't want these updates anymore, please unsubscribe here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue