Category: Burp
-
Burp with Android Studio Nougat AVD
I needed to setup some new systems for mobile application penetration tests at the start of January and part of this process includes importing Burp’s certificate for traffic interception. I have set this up in the past but it seems to change fairly regularly with newer versions of Android emulators. I installed the latest version…
-
Bypass WAF: Burp Plugin to Bypass Some WAF Devices
I wrote a blog post on the technique used by this plugin here a while back. Many WAF devices can be tricked into believing a request is from itself, and therefore trusted, if specific headers are present. The basics of the bypass approach can be found in an HP blog post here. I have been…
-
SQLiPy: A SQLMap Plugin for Burp
I perform quite a few web app assessments throughout the year. Two of the primary tools in my handbag for a web app assessment are Burp Suite Pro and SQLMap. Burp Suite is a great general purpose web app assessment tool, but if you perform web app assessments you probably already know because you are…
-
Java Fat Client Penetration Testing and JNLP Auto-Downloads
I was recently asked to perform an application penetration test of a Java based fat client. The application used JNLP and communicated with a backend web service. The steps for this are documented elsewhere, but as a brief guide they require: Loading the JDSer-NG plugin for Burp Configuring Java to proxy through Burp Downloading all…
CodeWatch 