Bug Bytes #22 – Disabling distracting Firefox traffic from Burp, A 2019 Workflow for Subdomain Enumeration by @0xpatrik & DirectoryImporter

By Intigriti

June 11, 2019

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series are curated by Mariem, better known as PentesterLand. Every week, she keeps us updated with a comprehensive list of all write-ups, tools, tutorials and resources we should not have missed.

Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 31 of May to 07 of June.

Our favorite 5 hacking items

1. Tip of the week

Foxyproxy.json for disabling distracting Firefox traffic from Burp

If you’re a regular Firefox + Burp user, you probably have noticed that Firefox generates some traffic that shows up in Burp, like requests to http://detectportal.firefox.com/ or update checks.
This JSON file is @liamosaur’s Foxyproxy configuration file that allows him to disables this unwanted traffic.

2. Writeup of the week

Ability to reset password for account on Upserve ($3,500)

This isn’t a fully disclosed writeup, but the little information shared is mind-boggling.
Ilya/exadmin was able to steal other users’ password reset link by entering an array of email addresses instead of one email address.
The request’s body looked like this: {“email_address”:[“admin@breadcrumb.com”,”attacker@evil.com”]}.
It would be interesting to see what the backend code looks like, but even without knowing this is an interesting idea to try on other programs.

3. Article of the week

Subdomain Enumeration: 2019 Workflow

@0xpatrik shares his new subdomain enumeration wokflow.
I know, there are already dozens (hundreds?) of subdomain enumeration articles out there, and @0xpatrik himself already talked about this same topic… but here he shows how he improved his methodology for more efficiency and better results. Interested yet?

4. Resource of the week

Guide 001 |Getting Started in Bug Bounty Hunting..

This is a great guide for anyone interested in Web app security or bug bounty. It has 3 sections that correspond to the following learning phases:

  • Basics of Networks, Programming & Automation

  • Learning about Vulnerabilities, Resource for practicing, Tools…

  • Selecting a target, starting tests & writing reports

Each phase is explained with the necessary resources to get you started. So if you don’t know where to start, this is perfect!

5. Tool of the week

DirectoryImporter

DirectoryImporter is a Java Burp Suite extension that allows you to import directory bruteforcing results into Burp.
Until now, the alternative was to proxy bruteforcing tools through burp to check the results (or do it manually).
So this can be pretty handy. For now, only Dirsearch and Gobuster are supported. But you can add any other bruteforcing tool you want by adding a parser.

Other amazing things we stumbled upon this week

Videos

Podcasts

Conferences

Slides only

Tutorials

Medium to advanced

Beginners corner

Writeups

Responsible disclosure writeups

Pentest writeups

Bug bounty writeups

See more writeups on The list of bug bounty writeups.

Tools

If you don’t have time

  • GPOCheck: Tool for auditing GPO on Windows AD

  • Seccubus: Automates vulnerability scanning with: Nessus, OpenVAS, NMap, SSLyze, Medusa, SkipFish, OWASP ZAP and SSLlabs

More tools, if you have time

  • Ansible-burp_extensions: Ansible playbook to install Burp extensions

  • Cloud_enum: Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud

  • H2buster: A threaded, recursive, web directory brute-force scanner over HTTP/2

  • Venom: Auto Recon Bash Script

  • Liffy: Local file inclusion exploitation tool

  • Taint’em All: Taint analysis tool for PHP

  • Fatt /fingerprintAllTheThings: A pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic

  • Leprechaun & Tutorial: This tool is used to map out the network data flow to help penetration testers identify potentially valuable targets.

  • Mirage: A powerful and modular framework dedicated to the security analysis of wireless communications

  • CloudCopy: Stealing hashes from Domain Controllers in the Cloud

  • Byepass: Automates a large number of password cracking tasks using optimized dictionaries and mangling rules

  • Zydra: A file password recovery tool and Linux shadow file cracker. It uses the dictionary search or Brute force method for cracking passwords

  • Recsech: Websites footprinting and recon tool. It collects DNS Information, subdomains, Subdomain takeovers, does Github recon, detects honeypots…

  • Sshd-poison: A tool to get creds of pam based sshd authentication

  • ReverseTCPShell: Reverse Encrypted (AES) Shell over TCP using PowerShell SecureString, to Bypass Detection (FW\AV\IPS\IDS). Useful for RedTeams

Misc. pentest & bug bounty resources

Challenges

Articles

News

Bug bounty / Pentest news

Reports

Vulnerabilities

Breaches & Attacks

Other news

Non technical

Tweeted this week

We created a collection of our favorite pentest & bug bounty related tweets shared this past week. You’re welcome to read them directly on Twitter: Tweets from 05/31/2019 to 06/07/2019.

Subscribe to the newsletter here!

Disclaimer:
The views and opinions expressed in this article are those of the curators and do not necessarily reflect the position of intigriti.Curated by Pentester Land & Sponsored by Intigriti

You may also like