Created
July 9, 2021 13:14
-
-
Save wingzRED/a5491eb60b0a00a0d2891198e4f4f26a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# If your tool does not support proxying, this is a manual way to pipe it into Burp. | |
cat URLS.txt | xargs -P 10 -n 1 curl -k -x http://127.0.0.1:8080/ | |
# https://explainshell.com/explain?cmd=xargs+-P+10+-n+1+curl+-k+-x+http%3A%2F%2F127.0.0.1%3A8080%2F | |
Scan Configuration Library | |
- needs more research done here | |
- perhaps there exist more custom scan configurations out there that can be used? | |
- can save resources and help you pinpoint a specific class of vulnerability | |
Consolidate Items before running in Burp Active Scan | |
- remove duplicates | |
- remove unparam'ed requests | |
- remove URLs such as images, stylesheets, etc | |
- can also filter out sensitive endpoints such as entry creation, email sending functionality etc. | |
TLS pass through | |
- configure a list of annoying websites and Burp will skip proxying them entirely | |
Resource Pools | |
- Can be used to setup different "profiles" for your scanning activities | |
- ie. high threads, no delay for a stable and no-WAF target | |
- ie. low threads, suitable delay for an unstable/WAF tagret | |
How to do Content Discovery with Authentication | |
1. Install Burp Extension: "Add Custom Headers" | |
2. Session handling Rules, apply to Intruder/Target/Scanner, etc. | |
3. The scans will now have auth attached to it! | |
How to not overload your Burp: | |
1. Don't load ALL extensions, choose whats suited for the gig | |
2. https://portswigger.net/blog/improved-management-of-system-resources | |
- example... if there are large JS files in your scope, you should modify scan profiles to ignore JS scanning, because that would consume LOTS of resources and slow down the overall scan | |
Burp Coverage issues | |
1. Burp doesn't know how to follow JavaScript links | |
2. You can manually sweep over the app, and then once those are registered in the site map, can then feed to scan again | |
Schedule Your Scans | |
- Avoid collapsing Burp | |
- Avoid collapsing the target application | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment