ParaForge is a simple Burp Suite extension to extract the paramters and endpoints from the request to create custom wordlist for fuzzing and enumeration.
https://github.com/Anof-cyber/ParaForge
https://github.com/Anof-cyber/ParaForge
GitHub
GitHub - Anof-cyber/ParaForge: A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and…
A BurpSuite extension to create a custom word-list of endpoint and parameters for enumeration and fuzzing - Anof-cyber/ParaForge
burpsuite_pro_v2023.7.zip
619.6 MB
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18burpsuite_pro_v2023.8.zip
624.2 MB
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18burpsuite_pro_v2023.10.1.zip
642.7 MB
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18FireProx leverages the AWS API Gateway to create pass-through proxies that rotate the source IP address with every request
https://github.com/ustayready/fireprox
https://github.com/ustayready/fireprox
GitHub
GitHub - ustayready/fireprox: AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation
AWS API Gateway management tool for creating on the fly HTTP pass-through proxies for unique IP rotation - ustayready/fireprox
Tool for making local copies of web pages with all the things including JS, CSS, links etc
https://github.com/rajatomar788/pywebcopy
https://github.com/rajatomar788/pywebcopy
GitHub
GitHub - rajatomar788/pywebcopy: Locally saves webpages to your hard disk with images, css, js & links as is.
Locally saves webpages to your hard disk with images, css, js & links as is. - rajatomar788/pywebcopy
(Research) Exploiting HTTP Parsers Inconsistencies
https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
Rafa's Blog
(Research) Exploiting HTTP Parsers Inconsistencies
In this cybersecurity research, I'm going to show inconsistencies within HTTP parsers of various web applications. [Cache Poisoning, Desync Attacks, SSRF].
burpsuite_pro_v2023.11.1.2.zip
680.3 MB
pass: 311138
README (en+ru) included, plz read it before run BS.
Happy Hacking! 🥳
+BurpBountyPro_v2.7.0
README (en+ru) included, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18 (JDK for Win included)+BurpBountyPro_v2.7.0
burpsuite_pro_v2023.12.1.2.zip
686 MB
pass: 311138
README (en+ru) included, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18 (JDK for Win included)
+BurpBountyPro_v2.7.0
README (en+ru) included, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18 (JDK for Win included)
+BurpBountyPro_v2.7.0
burpsuite_pro_v2024.1.1.1.zip
692.3 MB
pass: 311138
README (en+ru) included, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18 (JDK for Win included)
+BurpBountyPro_v2.8.0
README (en+ru) included, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18 (JDK for Win included)
+BurpBountyPro_v2.8.0
SAS CTF is an international competition for cybersecurity experts, held as a part of the Security Analyst Summit conference. The competition consists of an online Jeopardy qualification stage and on-site Attack-Defense finals.
The qualification stage will begin on May 18 at 12:00 UTC and will last for 24 hours.
Top 8 teams from the qualification stage will compete for a share of the $18.000 prize pot at SAS 2024 in Bali, Indonesia on October 22-25.
https://ctf.thesascon.com
The qualification stage will begin on May 18 at 12:00 UTC and will last for 24 hours.
Top 8 teams from the qualification stage will compete for a share of the $18.000 prize pot at SAS 2024 in Bali, Indonesia on October 22-25.
https://ctf.thesascon.com
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/
https://thefrogsec.github.io/2024/04/06/How-we-escalated-a-DOM-XSS-to-a-sophisticated-1-click-Account-Takeover-for-8000-Part-1/
FrogSec's Research Blog
How we escalated a DOM XSS to a sophisticated 1-click Account Takeover for $8000 - Part 1
A fascinating case study where we escalated a seemingly simple DOM XSS into a sophisticated 1-click Account Takeover.
burpsuite_pro_v2024.3.1.zip
713.2 MB
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java 18 or Java 22burpsuite_pro_v2024.3.1.2.zip
713.4 MB
Burp Suite Professional v2024.3.1.2 + BurpBounty_Pro 2.8.0 + JDK 22
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java SE JDK 22
pass: 311138
README (en+ru) inside, plz read it before run BS.
Happy Hacking! 🥳
Run with Java SE JDK 22