Overview In part 4 of our series on creating extensions for Burp Suite using the Montoya API, we will learn about designing an interactive GUI for our extension. If you haven’t read the previous installments of this blog post series yet, we highly recommend you do...
An Open Redirect is a vulnerability in a web application that allows an attacker to redirect a user to an arbitrary website. At first glance, this might not seem harmful, but with a malicious intent, it can be used as part of phishing attacks, malware distribution, or...
Local File Inclusion (LFI) is a vulnerability that allows an attacker to read files from a server they should not have access to. This can lead to to the exposure of sensitive information and often enables the attacker to progress further towards their goals. It’s...
Content discovery is often focussed on finding files and folders. However, modern applications not longer conform to this hierarchical approach and specifically applications that use APIs. Kiterunner is a tool that can be used to discover routes and endpoints used in...
Application Programming Interfaces (APIs) are at the heart of modern applications, enabling functionality, communication and acting as a bridge between different software components. A common issue that’s found though is Broken Function Level Authorization (BFLA), and...
In 2023, there are more resources to learn new skills and progress than ever. However, this industry is also moving and growing rapidly, and more isn’t necessarily better. The phrase “drinking from a fire hose” comes to mind. Today we’re going to be looking at a path...