Profile avatar
unashamedgeek.bsky.social
6 posts 8 followers 125 following
Regular Contributor
Posts 18 Comments 7

In case you missed them, here are all the videos to highlight some of Hackvertor v2 features. www.youtube.com/watch?v=RV0L...

submitted 3 days ago • 0 comments

We've just released Shadow Repeater, for AI-enhanced manual testing. Simply use Burp Repeater as you normally would, and behind the scenes Shadow Repeater will learn from your attacks, try payload permutations, and report any discoveries via Organizer. portswigger.net/research/sha...

submitted 8 days ago • 2 comments

@jameskettle.com casually dropping info on the craziest sounding AI-enabled burp extension. Can you imagine messing about with a suspicious LFI candidate in repeater and without you doing anything differently than you do today, burp suddenly spits back the right payload?

submitted 10 days ago • 1 comment

If you'd like to practice your Hackvertor skills, here are two Web Security Academy challenges you should take up 🛠️ 1️⃣ Inconsistent handling of exceptional input portswigger.net/web-security... 2️⃣ Providing an encryption oracle portswigger.net/web-security...

submitted 11 days ago • 1 comment

Found a handy new CSP bypass gadget on Snapchat: cspbypass.com#snapchat

submitted 15 days ago • 1 comment

Thanks to everyone who took the O4D training, played my CTF, and attended my workshop at @wildwesthackinfest.bsky.social I'm exhausted, but I saw enough smiles from folks that it made it all worth it. See you all next time 😁

submitted 20 days ago • 0 comments

Discover blocklist bypasses via unicode overflows using the latest updates to ActiveScan++, Hackvertor & Shazzer! Thanks to Ryan Barnett and Neh Patel for sharing this technique. portswigger.net/research/byp...

submitted 31 days ago • 0 comments

There's a certain 'harmless' quirk in a popular server that I've known about for over ten years but never found or seen a viable use for. Today, I used it to complete an exploit chain! I feel like I just solved the meaning of life 😂

submitted 32 days ago • 3 comments

A nice tip Match & Replace from Intigriti... 💎 Replace `Content-Type: application/json` with `Content-Type: application/xml` in requests and look for XML parsing errors in responses 🛠️ That will allow you to identify XML-processing endpoints 🧠

submitted 56 days ago • 0 comments

Nominations are now open for the Top 10 Web Hacking Techniques of 2024! Browse the contestants and submit your own here: portswigger.net/research/top...

submitted 51 days ago • 1 comment

Hackvertor now supports tags `<@space/>` and `<@newline/>` That doesn't look like a game-changer, but it's incredibly useful when you want to avoid that these raw characters break Burp's HTTP parsing

submitted 54 days ago • 0 comments

Given that simps0n isn’t on Bluesky, allow me to repost a link to his excellent weekly ezine 💎 Here’s today’s edition, "AppSec Ezine - 566th" 📚

submitted 70 days ago • 0 comments

⚠️Challenge time again⚠️ It is based on a real-world situation. Use the HTML injection to leak the flag to an external domain ☃️ This time, send solutions in DM; we don't want to spoil the fun. I also might want to patch any obvious blunder I made creating it joaxcar.com/xss/outer.ht...

submitted 72 days ago • 2 comments

It’s ESS-CUE-ELL not SEE-KWUHL. It's GIF not JIF. It's JAY-DUBYA-TEE not JOT. Argue amongst yourselves in the comments. I'll still love you even if you're wrong. 🤪

submitted 73 days ago • 16 comments

Interesting: this webb app uses the "X-Forwarded-Host" header with the requested URL to built the final URL. The XFH header can include path and parameters, not just the host, and everything is combined. This gave me an easy 403 bypass at the proxy level, but I wonder what else can be done...

submitted 87 days ago • 0 comments

Piper, the gift that keeps on giving!🔥

submitted 163 days ago • 0 comments

Watch my talk on Blind CSS Exfiltration, an innovative blind attack technique designed to extract data from web pages through CSS. www.youtube.com/watch?v=3WjD...

submitted 379 days ago • 0 comments

In case you missed it...I wrote a book, please support my work by buying a copy. If you've already bought one thank you please can you RT to spread the word! leanpub.com/javascriptfo...

submitted 382 days ago • 0 comments