This is a repository about how to Weaponize Burp Suite with extensions for Bug Bounty Hunting. Burp Suite is an amazing tool for Bug Hunting, Penetration Testing Web Applications.
If a bug hunter or penetration tester can implement his own bug hunting mindset in BurpSuite, he can hunt bugs much more powerfully and faster than before.
According to a tweet I published on Twitter, it has been decided to release the methodology for Weaponize Burp Suite This is the repository for this methodology :)
- Burp Bounty Pro
- Logger++
- AutoRepeater
-
URL Patterns
(?:http|ftp|https):\/\/(?:[\w_-]+(?:(?:\.[\w_-]+)+))(?:[\w.,@?^=%&:\/~+#-]*[\w@?^=%&\/~+#-]) -
Sensetive Data Exposure Keywords
(?i)([a-z0-9]+){0,}((_|-){0,}(\\s){0,})(APIkey|authtoken|creds|secret|secretKey|password|accessToken|token|api|apiToken)(\\s){0,}(=|:|is|>){1,} -
JSON Values
"([^"]+)" -
And ....
In this methodology, we add our custom payloads in AutoRepeater and create a response of Payload filter in Logger++. So when we are browsing our target website AutoRepeater is replacing payloads in requests and send to server, Logger++ is logs the all AutoRepeater Requests if detect our filters in Logs you send request to Repeater and try to Exploit