Category: Burp

Burp, Penetration Testing

Stunnel and Burp Pro

Stunnel Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled …

Burp, Python

Simple python script to make multiple raw requests from Burp

* Open your Burp. * Copy requests from Repeater. * Store them in txt files. One request per file. * Edit/Set auth cookies inside script. * Run python call_burp_requests.pypython call_burp_requests.py Download https://gist.github.com/maldevel/a19cc1a959023f40518c48a95448c3b9 import requests import os   proxies = { ‘http’: ‘http://127.0.0.1:8080’, ‘https’: ‘http://127.0.0.1:8080’, }   protocol = ‘https’ xsrf = ‘xsrf-token’ auth_cookie = ‘sessionid=blah-blah-blah’ …

Burp, Web Penetration Testing

Using Burp Intruder to Test CSRF Protected Applications

1. Open Intruder Tab 2. Define Attack Target 3. Select Pitchfork as Attack type. Define your payload positions. 4. Define grep rule. Open Options tab -> click Add button under Grep – Extract section. A new window opens -> click fetch response button and select your csrf token value and press ok. 5. Select Paylod …