Burp

Steps to import for SSL

  • Run Burp

  • Open http://burpsuite

  • Download the Certificate (top-right)

  • Import into Firefox

    • Settings > Certificates > Import

Url Encode

  • Burp highlight.. and Ctrl-U ..to url encode a section!

Spider

  • Wont find hidden pages, but will pull obscure/linked ones

Target > Site Map > Spider This Host

app.js  ..send to repeater

../partials/admin.html      ..found: Download-Backups
../api/users                ..found: password/hashes on page

Discovery

  • Scenario: gobuster is blocked

  • Grab the User-Agent String, and re-use with goboster

burp > discovery > Copy User-Agent String

gobuster -u http://$IP:3000 -w medium.txt 
-a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'
.. still no help
Previous*FavoritesNextDirb nikto wpscan etc

Last updated