Hey, Folks! Check this weekly series with Zachary Stashis called "There's a BApp for that". It shows a technical how-to-use of certain Burp Suite Plugins to help with Penetration Testing and Bug hunting. hackredcon.com/there-s-a-bapp… #cybersecurity #pentesting #HackRedCon

#BurpSuite Sharpener extension has been updated to version 1.9 to remember last size & position of Burp Suite as well as detecting whether it is off-screen! It also includes a number of important bug fixes: github.com/mdsecresearch/… Hopefully BApp Store will update it soon too.

How we tune Burp Suite's performance: - "Proxy->Options->Misc->Don't send items to Proxy history or live tasks, if out of scope" - Enable "Project Options->HTTP->{keep-alive,HTTP/2}" - Disable live-tasks & extensions

For this week's "There's a BApp for that", Zach shows how to use Stepper, a natural evolution of Burp Suite's Repeater tool to help automate “second-order” attacks. hackredcon.com/post/there-s-a… #burpsuite #pentester #cybersecurity #infosec #cybersecuritytips #HackRedCon

It's worth knowing Burp Suite project files are memory mapped. This means they reduce RAM consumption, but don't support garbage collection (yet) so deleting requests frees up RAM for Burp, but doesn't reduce file size. For long-term storage, use 'Project->Save copy' then zip.

Burp Suite 2022.7.1 released to the Stable channel. You can now configure tab-specific options for Repeater and automatically detect client-side prototype pollution sources using Burp Scanner. portswigger.net/burp/releases/…

Framing without iframes by Gareth Heyes \u2028 portswigger.net/research/frami…

We've prototyped a new feature in repeater where we are diffing the last response with the current and showing different colours depending on what changes. Please check it out we'd love your feedback! portswigger.net/bappstore/902e…

This is a Burp extension, and it's only a prototype currently - check it out and feel free to share your thoughts with us!

Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling by James Kettle portswigger.net/research/brows…

Burp Suite 2022.8.1 released to the Stable channel, with new scan checks based on the Browser-Powered Desync Attacks presented by James Kettle at Black Hat 2022, as well as new Repeater capabilities that let you test for these vulnerabilities manually. portswigger.net/burp/releases/…

Hope you enjoyed the talk, thanks for coming! Always a pleasure to present to a DEF CON crowd. Time for a couple drinks, then on to the next research for me. You can find the sides&whitepaper here: portswigger.net/research/brows…

Burp Suite 2022.9.1 released to the Early Adopter channel. Includes an upgrade to Burp's browser and various bug fixes. portswigger.net/burp/releases/…

Last week I published a number of novel CL.0 desync techniques, alongside advice on tuning your research to outwit the competition. Next week, a way to turn a 'medium' severity flaw into a crit with a $12k case study. And no it's not XSS :) portswigger.net/research/how-t…

That's what an expert user looks like! 🧠 Intruder + Hackvertor + Stepper, by Soroush Dalili github.com/CoreyD97/Stepp…

We released a Burp Suite extension to scan for CVE-2022-42889, aka. Text4Shell: blog.silentsignal.eu/2022/10/18/our…

HTTP/3 connection contamination: an upcoming threat - by James Kettle portswigger.net/research/http-…

Introducing the brand new flavour of Burp Suite - completely free, and available for a CI/CD pipeline near you … #cicd #dast portswigger.net/blog/free-dast…

Updated: Active Scan++ portswigger.net/bappstore/3123…

Updated: Nuclei Burp Integration portswigger.net/bappstore/9c7f…