Pentest Book
Burp Suite


- If Render Page crash:
sudo sysctl -w kernel.unprivileged_userns_clone=1
- If embedded browser crash due sandbox:
find .BurpSuite -name chrome-sandbox -exec chown root:root {} \; -exec chmod 4755 {} \;
- Scope with all subdomains:
- Use Intruder to target specific parameters for scanning
- Right click: actively scan defined insertion points
# Configuration
- Project Options -> HTTP -> Redirections -> Enable JavaScript-driven
- User Options -> Misc -> Proxy Interception -> Always disabled
- Target -> Site Map -> Show all && Show only in-scope items
# XSS Validator extension
1) Start xss.js phantomjs $HOME/.BurpSuite/bapps/xss.js
2) Send Request to Intruder
3) Mark Position
4) Import xss-payload-list from $Tools into xssValidator
5) Change Payload Type to Extension Generated
6) Change Payload Process to Invoke-Burp Extension - XSS Validator
7) Add Grep-Match rule as per XSS Validator
8) Start.
# Filter the noise
# Filter the noise TLDR
# TLS Pass Through
# Send swagger to burp
# Hosted:
# If some request/response breaks or slow down Burp
- Project options -> HTTP -> Streaming responses -> Add url and uncheck "Store streaming responses...."
# Burp Extension rotate IP yo avoid IP restrictions
# Collab/SSRF/pingback alternative
# Run private collaborator instance in AWS
# Run your own collab server
# Wordlist from burp project file
cat project.burp | strings | tok | sort -u > custom_wordlist.txt
# Autorize:
1. Copy cookies from low priv user and paste in Autorize
2. Set filters (scope, regex)
3. Set Autorize ON
4. Navigate as high priv user
# Turbo Intruder -> Set %s in the injection point and specify wordlist in script -> Set %s in all the injection points and specify the wordlists in script
# Match and Replace
# Customize Audit Scans
Configure your audit profile -> Issues reported -> Individual issues -> right-click on "Extension generated issues" -> "Edit detection methods"
Works on most of issues like SQLi
# Send to local Burp from VPS
# In local computer
ssh -R 8080: [email protected]_IP -f -N
# In VPS
curl URL -x
# Ip rotation

Preferred extensions

Private collaborator server

GitHub - putsi/privatecollaborator: A script for installing private Burp Collaborator with free Let's Encrypt SSL-certificate
Setting a Private Burp Collaborator Server
Security Blog
Self-hosted Burp collaborator with custom domain
Team ROT Information Security

Collaborator SSRF explotation mindmap

Export as PDF
Copy link
Edit on GitHub
Preferred extensions
Private collaborator server
Collaborator SSRF explotation mindmap