Skip to content

Instantly share code, notes, and snippets.

@wingzRED
Created July 9, 2021 13:14
Show Gist options
  • Save wingzRED/a5491eb60b0a00a0d2891198e4f4f26a to your computer and use it in GitHub Desktop.
Save wingzRED/a5491eb60b0a00a0d2891198e4f4f26a to your computer and use it in GitHub Desktop.
# If your tool does not support proxying, this is a manual way to pipe it into Burp.
cat URLS.txt | xargs -P 10 -n 1 curl -k -x http://127.0.0.1:8080/
# https://explainshell.com/explain?cmd=xargs+-P+10+-n+1+curl+-k+-x+http%3A%2F%2F127.0.0.1%3A8080%2F
Scan Configuration Library
- needs more research done here
- perhaps there exist more custom scan configurations out there that can be used?
- can save resources and help you pinpoint a specific class of vulnerability
Consolidate Items before running in Burp Active Scan
- remove duplicates
- remove unparam'ed requests
- remove URLs such as images, stylesheets, etc
- can also filter out sensitive endpoints such as entry creation, email sending functionality etc.
TLS pass through
- configure a list of annoying websites and Burp will skip proxying them entirely
Resource Pools
- Can be used to setup different "profiles" for your scanning activities
- ie. high threads, no delay for a stable and no-WAF target
- ie. low threads, suitable delay for an unstable/WAF tagret
How to do Content Discovery with Authentication
1. Install Burp Extension: "Add Custom Headers"
2. Session handling Rules, apply to Intruder/Target/Scanner, etc.
3. The scans will now have auth attached to it!
How to not overload your Burp:
1. Don't load ALL extensions, choose whats suited for the gig
2. https://portswigger.net/blog/improved-management-of-system-resources
- example... if there are large JS files in your scope, you should modify scan profiles to ignore JS scanning, because that would consume LOTS of resources and slow down the overall scan
Burp Coverage issues
1. Burp doesn't know how to follow JavaScript links
2. You can manually sweep over the app, and then once those are registered in the site map, can then feed to scan again
Schedule Your Scans
- Avoid collapsing Burp
- Avoid collapsing the target application
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment