This is a repository about how to Weaponize Burp Suite with extensions for Bug Bounty Hunting. Burp Suite is an amazing tool for Bug Hunting, Penetration Testing Web Applications.
If a bug hunter or penetration tester can implement his own bug hunting mindset in BurpSuite, he can hunt bugs much more powerfully and faster than before.
According to a tweet I published on Twitter, it has been decided to release the methodology for Weaponize Burp Suite This is the repository for this methodology :)
- Burp Bounty Pro
- Logger++
- AutoRepeater
-
URL Patterns
(?:http|ftp|https):\/\/(?:[\w_-]+(?:(?:\.[\w_-]+)+))(?:[\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-]) -
Sensetive Data Exposure Keywords
(?i)([a-z0-9]+){0,}((_|-){0,}(\\s){0,})(APIkey|authtoken|creds|secret|secretKey|password|accessToken|token|api|apiToken)(\\s){0,}(=|:|is|>){1,} -
JSON Values
"([^"]+)" -
And ....
- Set Your AutoRepeater Payloads
- Set AutoRepeater Payloads Response Filters in Logger++
- Now Check the Logger++ Logs for Hunting ;)
- Go to AutoRepeater Tab
- Add Replacement
- Set Type to: Request Params Value
- Set Match to: .*
- Set Replace to: {{ 40*99 }} or any SSTI Detection Payload
- Enable Regex Match
- Go to Logger++ Tab
- Click on Taggs Button in View Logs tab
- Now add your response of your SSTI Payload Filter
Response.Body CONTAINS "3600"
In this methodology, we add our custom payloads in AutoRepeater and create a response of Payload filter in Logger++. So when we are browsing our target website AutoRepeater is replacing payloads in requests and send to server, Logger++ is logs the all AutoRepeater Requests if detect our filters in Logs you send request to Repeater and try to Exploit
- Go Logger++ Tab
- Go Grep Value Tab
- Paste the Sensitive Data Exposure Regex in filed
In this repository, I can't give you examples of all the vulnerabilities, I explained how to Weaponize Your Burp with an SSTI example in this repository, and I leave the other vulnerabilities to you.