If you never used the Piper extension, I recommend to watch the 4-minute demo I gave last year during my talk at NorthSec 🛠️ youtube.com/watch?v=N7BN--…

A good reminder that Intruder’s "Simple list" payload type doesn’t work well with huge files like rockyou.txt 🛠️

Reminder: we're also on Bluesky 🦋 bsky.app/profile/master…

Great example demonstrating how to use Hackvertor global variables to store secrets 💎 Two use-cases for this strategy: 1) the project will later be shared and we don't want to leak the secrets 2) we don't want to mix static data (the requests) and dynamic data (the secret)

This behavior (which apparently isn't rare) can be exploited easily with a "Match & Replace" bambda 🛠️🎁 Thanks to ghazi m for sharing his knowledge 🤝

Ever wondered why you NEVER see chunked responses in Burp? 🤔 The answer is simple, default settings hide them! 🫣 Go to "Settings > Network > HTTP > Streaming responses" to make them appear 🔍

burl: a simple wrapper that routes curl traffic through Burp Suite 🛠️ 🎁 gist.github.com/ngregoire/f1e7…

That's a nice tip! 💎

Hackvertor now supports tags `<Space/>` and `<newline/>` That doesn't look like a game-changer, but it's incredibly useful when you want to avoid that these raw characters break Burp's HTTP parsing

Reminder: this account also exists on Bluesky. And there's no ads there... 🦋

A little bird told me that Metasploit Project is working on a persistence mechanism based on Burp Suite extensions 👀 github.com/rapid7/metaspl…

The Early Adopter v2025.1 of Burp Suite Pro fixes the bug where the Home and End keys caused the cursor to jump to a different line 🥳 portswigger.net/burp/releases/…

The extension "Bypass Bot Detection" (which works really well) is now in the BApp Store 🥳 portswigger.net/bappstore/50fd…

I won't post here anymore. Feel free to join Bluesky or to read the content I post there by simply browsing my profile at bsky.app/profile/master…

Web Security Academy ctrl+r, ctrl+shift+r: Send to Repeater, Switch to Repeater. Same with i for Intruder. Courtesy of the wonderful Agarri's Mastering Burp Suite Pro course for drilling that into my mind.

What's your best Burp Suite tip or trick and where did you learn it?

I just added the 15-minute talk I gave at Tumpicon to the "Freebies" section This talk covers the extensions Piper and Scalpel, and allows users to easily manipulate encrypted data by shuffling blocks around hackademy.agarri.fr/freebies