Meine Beobachtungen zeigen, dass Certificate-Pinning bei Apps nicht immer als Schutzmechanismus eingesetzt wird, sondern häufig dazu dient, rechtlich fragwürdige Praktiken und (kalkulierte) Datenschutzverstöße zu verschleiern. Auszug aus dem demnächst erscheinenden Artikel »In den Datenstrom eintauchen: Ein Werkzeugkasten für Tester von Android-Apps«.
As we wrap up 2023, let's take a look back at the different topics we covered in our technical #blog this year.
Our #VulnerabilityResearch series expanded with some new writeups and coordinated disclosure advisories. We also provided practical advice and tooling to aid security researchers in effective #CodeReview using #Semgrep. There’s more in store on this topic: stay tuned for the latest updates.
Burp Git Version allows you to fingerprint the exact versions of open-source components of your target webapps by comparing the Git repository with some of the deployed static artifacts.
We now added a README to support wider adoption :)
Announcing the release of ProtoBurp++ (our fork of ProtoBurp)! ProtoBurp++ is a #burpsuite extension that enables #security researchers to encode/decode and fuzz custom Protobuf messages. It allows for fuzzing inputs using Burp's Repeater, Intruder tools and Active Scanner, as well as proxying traffic from other tools (e.g., sqlmap). Check it out today!
holy moly, certain API methods just vanished from the #burpsuite Montoya API and trying to compile my extension now throws errors (it compiled fine a couple of days ago)...
Announcing the launch of InQL 5.x! Our open source #burpsuite extension for pentesting #graphql applications has just gotten even better! We've added several new features to streamline your testing workflows, that we think you'll find useful.
To improve stability and performance, we've started a complete re-write in #kotlin and welcome contributions from the #opensource software community.
Learn more about it in our latest blog post and check it out today!
We just published on the @hnsec blog the first 2 articles of a new series on creating #extensions for #burpsuite named "Extending Burp Suite for fun and profit - The Montoya way", by @apps3c.
Topics: setting up the environment, Hello World, and inspecting/tampering HTTP requests.
We just published on the @hnsec blog the first 2 articles of a new series on creating #extensions for #burpsuite named "Extending Burp Suite for fun and profit - The Montoya way", by @apps3c.
Topics: setting up the environment, Hello World, and inspecting/tampering HTTP requests.
#100DaysOfHacking I'm going over the SSRF challenges again on Portswigger so I can screenshot for my next blog post on SSRF and I feel so much more confident going over them. It helps that I take notes for sure lol