#BurpHacksForBounties - Day 1/30
Turbo intruder: Power of Python with @Burp_Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
Turbo intruder: Power of Python with @Burp_Suite Intruder.
I use it to tailor my pen-testing for a specific target and targetted #bugbounty
#infosec #appsec #bugbountytips #bugbountytip #security
How to - 🧵🙃👇
1/n
Using: CE so that everyone can explore.
Intruder in CE is limited in multithreading, Turbo-Intruder can overcome that.
- Install through Extender
- Send req to the plugin.
Using: CE so that everyone can explore.
Intruder in CE is limited in multithreading, Turbo-Intruder can overcome that.
- Install through Extender
- Send req to the plugin.
2/n
Once you send req to the plugin, a python editor will open. This will show a couple of existing python scripts to take reference from and to use.
Once you send req to the plugin, a python editor will open. This will show a couple of existing python scripts to take reference from and to use.
3/n
Details in comments.
Code: gist.github.com/r0hi7/47e3d47e…
Increase concurrency or can add pipeline.
Then click attack.
Details in comments.
Code: gist.github.com/r0hi7/47e3d47e…
Increase concurrency or can add pipeline.
Then click attack.
n/n
You can do almost anything with Python inside Burp.
Eg.
- Handle custom login
- Tailored testing
- Filter out requests on "interesting" responses
- Scale your testing
- Add rate limiting, pipeline, etc
This approach can overcome intruder multithreading deficiencies in CE.
You can do almost anything with Python inside Burp.
Eg.
- Handle custom login
- Tailored testing
- Filter out requests on "interesting" responses
- Scale your testing
- Add rate limiting, pipeline, etc
This approach can overcome intruder multithreading deficiencies in CE.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
