Pentest Book
Burp Suite


- If Render Page crash:
sudo sysctl -w kernel.unprivileged_userns_clone=1
- If embedded browser crash due sandbox:
find .BurpSuite -name chrome-sandbox -exec chown root:root {} \; -exec chmod 4755 {} \;
- Scope with all subdomains:
- Use Intruder to target specific parameters for scanning
- Right click: actively scan defined insertion points
# Configuration
- Project Options -> HTTP -> Redirections -> Enable JavaScript-driven
- User Options -> Misc -> Proxy Interception -> Always disabled
- Target -> Site Map -> Show all && Show only in-scope items
# XSS Validator extension
1) Start xss.js phantomjs $HOME/.BurpSuite/bapps/xss.js
2) Send Request to Intruder
3) Mark Position
4) Import xss-payload-list from $Tools into xssValidator
5) Change Payload Type to Extension Generated
6) Change Payload Process to Invoke-Burp Extension - XSS Validator
7) Add Grep-Match rule as per XSS Validator
8) Start.
# Filter the noise
# Filter the noise TLDR
# TLS Pass Through
# Send swagger to burp
# Hosted:
# If some request/response breaks or slow down Burp
- Project options -> HTTP -> Streaming responses -> Add url and uncheck "Store streaming responses...."
# Burp Extension rotate IP yo avoid IP restrictions
# Collab/SSRF/pingback alternative
# Run private collaborator instance in AWS
# Run your own collab server
# Wordlist from burp project file
cat project.burp | strings | tok | sort -u > custom_wordlist.txt
# Autorize:
1. Copy cookies from low priv user and paste in Autorize
2. Set filters (scope, regex)
3. Set Autorize ON
4. Navigate as high priv user
# Turbo Intruder -> Set %s in the injection point and specify wordlist in script -> Set %s in all the injection points and specify the wordlists in script
# Customize Audit Scans
Configure your audit profile -> Issues reported -> Individual issues -> right-click on "Extension generated issues" -> "Edit detection methods"
Works on most of issues like SQLi
# Send to local Burp from VPS
# In local computer
ssh -R 8080: [email protected]_IP -f -N
# In VPS
curl URL -x
# Ip rotation

Preferred extensions

Private collaborator server

GitHub - putsi/privatecollaborator: A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Setting a Private Burp Collaborator Server
Security Blog
Self-hosted Burp collaborator with custom domain
Team ROT Information Security

Collaborator SSRF explotation mindmap