Burp Extension Review: Authorize and SQLiPy скачать в хорошем качестве

Burp Extension Review: Authorize and SQLiPy

Bug Bounty Bits: find IDORs faster with automation (Insecure Direct Object Reference tutorial)    • Bug Bounty Bits: find IDORs faster with au...   Authorize ----------------------------------------- Requirements Session has to be handled in the headers ○ Big chance this is the case Functionality Repeats request with different headers ○ Headers of other user ○ Unauthenticated headers Save headers Request/response viewer Filter out specfic requests ○ For example § Heartbeats § Dashboard calls § Calls that can be made by anyone Match and replace Adjust the output filter Save and restore How good is it? You will need to set up some filters You'll need to give it some way to authenticate It speeds up looking for IDORs massively Very user friendly What would i do different? Nothing Final verdict 5/5 SQLiPy ----------------------------------------- Requirements Jython 2.7.0 or newer Java 1.7 or 1.8 (the beta version of Jython 2.7 requires this). Python 2 (already installed on most Unix distributions) SQLMap API needs to be configured Functionality Start the API Look for SQLi on 1 URL at a time Can be started multiple times manually View the logs via seperate tab How good is it? Very user friendly Can only scan 1 URL at a time All the options of sqlmap can be configure Default settins will usually work What would i do different? Make the plugin accept a list of URLs Final verdict 5/5 Patreon:   / thexssrat   Instagram: thexssrat Follow me on twitter to be notified when i release a new video:   / ferret_amazing   I created a slack workspace for all you amazing hackers :D feel free to join me https://join.slack.com/t/definenormal... And also a discord channel 😊   / discord