View profile

What's happening in the Burp-verse - Issue #9 šŸ“°

What's happening in the Burp-verse - Issue #9 šŸ“°
By Burp Suite Guide • Issue #9 • View online
Hi šŸ‘‹,
I hope this newsletter finds you with a smile on your face. šŸ˜Š
In this newsletter issue, we will walk through the latest blog posts, extensions, and a security certification from PortSwigger.
If you got this newsletter for the first time, welcome onboard!!! Signing up for the newsletter was your first step in becoming the up-to-date hero of Burp Suite.
Follow Burp Suite Guide on Twitter or LinkedIn to get instant updates on Burp Suite and more.Ā 
Now letā€™s continue.

Releases
Professional / Community 2021.7.2 (Early Adopter)
There hasnā€™t been a stable release since the last newsletter issue. The early adopter release 2021.7.2 has DOM Invader improvements and embedded browser update.
Blog Posts
How to configure BurpelFish
Have you ever tested an app in a different language - Spanish, Bahasa, Arabic, etc.?
If yes, you will know the hard part about it. I am not talking about finding bugs but rather translating what the functionality is.Ā 
BurpelFish is a Burp extension that helps translate text using Google Translate. This article by Alex Rodriguez shows how to configure the BurpelFish extension.Ā 
Check out the article.
Step by Step. Automating multi-pass attacks in Burp Suite
This article shows how to automate a multi-step login using three methods: using Burp macros, Stepper and Turbo Intruder, and then describing each methodā€™s pros and cons. A very informative blog post.
Check out the article.
Extensions
_blank by Dajne Win
A simple Burp extension that helps find tabnabbing. It detects links with target=ā€_blankā€ and rel="opener" attributes. In case the links are user-controllable, then itā€™s a valid issue.
Source: https://cptwin.lolnet.co.nz/post/2021-07-24-_blank-burp-plugin/
Source: https://cptwin.lolnet.co.nz/post/2021-07-24-_blank-burp-plugin/
5GC API Parse by PentHertz
A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks.
Source: https://github.com/PentHertz/5GC_API_parse
Source: https://github.com/PentHertz/5GC_API_parse
Tweets
Reduce noise in your proxy logs!
Muhammad Noman
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
.*\.google\.com
.*\.gstatic\.com
.*\.mozilla\.com
.*\.googleapis\.com
.*\.pki\.goog
No more noise in your logs! #bugbountytips #Bugbounty #CyberSecurity
DirectoryImporter extension supports ffuf
Tanner Barnes
Thanks to a co-worker DirectoryImporter now supports Fuff! Bapp store update soon! https://t.co/QT6bL2Ij7P
One disadvantage of creating Burp extensions in Jython: the code will be stuck with Python 2.7. Jython doesnā€™t support Python 3 yet.
Cat
So I guess BurpSuite python plug-ins are stuck on 2.7 for a while. Doesnā€™t seem to be much development on Jython and canā€™t tell if the Jython 3 roadmap has been updated since 2015.
Others
Burp Suite Certified Practitioner Certification!
A security certification from Portswigger. This certification focuses on detecting and exploiting web-based vulnerabilities (XSS, SQLi, OOB attacks, etc.) using Burp Suite Pro.Ā 
Completing modules in Web Security Academy is mandatory before taking the exam.Ā 
Does it mean PortSwigger will silently add premium modules to Web Security Academy or start charging for the labs?
PortSwigger says that access to Web Security Academy will remain free. The certification fee covers the exam proctoring and infrastructure costs.
Talking about the certification fee, unlike many popular (and costly) security certifications, itā€™s $99 only.
Check out the certification page for more details.
Automate Burp Suite Pro using SimpleAutoBurp
SimpleAutoBurp by Adan Ɓlvarez, as the name suggests, is a simple Python script to run Burp Suite scans from CLI. It utilizes Burp REST API and doesnā€™t allow authenticated Burp scans yet. Itā€™s like the stripped-down version of Seltzer.
Finally
Did you learn something new from this newsletter? šŸ„ŗ
If yes, please share this newsletter with your friends, hackers & pentesters. Tweet about it, post about it on social media, or even forward this newsletter email to others.
If you liked the newsletter, click the šŸ‘ button below. If you have any specific feedback, shoot an email to [email protected].
Many thanks for considering my request.
Until next time šŸ‘‹
Did you enjoy this issue?
Burp Suite Guide

Your guide to all things Burp Suite !

Tweet Ā Ā Ā  Share
In order to unsubscribe, click here.
If you were forwarded this newsletter and you like it, you can subscribe here.
Powered by Revue