Insecure Deserialization Attacks
What is Serialization? Serialization is the process of converting an object in memory into a format that can be stored or transmitted. This format is often a sequence of bytes.…
Web
HTTP Desync Attacks, Also known as HTTP Request Smuggling
HTTP Desync Attacks, also known as HTTP request smuggling, exploit inconsistencies in the interpretation of HTTP headers by different servers in a chain, such as between a front-end server (e.g.,…
Burp 107: BurpSuite Decoder, Sequencer and Comparer
Decoder The Decoder tab can be used to encode, decode, and hash any selected text. Here is a simple login credentials for an example. I can select the first…
Burp 106: BurpSuite Intruder for Application Security Testing
Intruder is incredibly useful for automating attacks. For a useful walk-through of how it works, I will use one of the PortSwigger web academy labs as a demonstration. In…
Burp 105 : Burp Suite Repeater Guide
By right-clicking on a request and selecting Send to Repeater or doing so with the Action button in the proxy interception section, you can send requests to the repeater…
Burp 104 : Burp Suite Proxy Guide
The Proxy tab allows you to modify and send intercepted requests and view your request history. When you first view this tab you won’t have any intercepted requests and…
Burp 103 : Target Component
The Target tag allows you to view the site map of the target site, as well as what requests you’ve made and what findings you have found for each…
BurpSuite 102: Dashboard Overview
The first tab that should be open is the Dashboard tab, but keep in mind that you can drag these tabs around so the order of your tabs may…
BurpSuite 101 : Introduction to BurpSuite
What is Burp Suite ? Burp suite is one of the most popular security testing tool. Burp suite can be used in order to intercept HTTP requests which are going…