Federico Dotta

The ninth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out! The topics of this ninth part is "Custom scan checks - An improved quick way to extend Burp Suite Active and Passive Scanner"! hnsecurity.it/blog/extending…

🔄 Brida, Burp to Frida Bridge A bridge between Burp Suite and Frida to help test Android applications. 👇 portswigger.net/bappstore/2c0d…

I released an updated version of Brida (0.6), fully compatible with @fridadotre >= 17! You can download the new release from GitHub and soon from the @Burp_Suite BAppStore. hnsecurity.it/blog/brida-0-6…

A few notes and examples on a topic I've been exploring recently: AI red teaming on LLM-based applications! security.humanativaspa.it/attacking-gena…

The unattainable unicorn in fault injection! Our latest article reveals that single-bit faults are possible on ESP32. Discover how some bits are easier to flip and why lowest voltage isn't always best. Join @0x696e6f6465 in his #hardwarehacking quest. security.humanativaspa.it/fault-injectio…

Eighth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

Seventh article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: using the Collaborator in Burp Suite plugins! security.humanativaspa.it/extending-burp…

Great article on fault injection by my colleague @0x696e6f6465. Definitively worth a read! security.humanativaspa.it/fault-injectio…

Display responses that came from a server-side cache (Varnish/Cloudfront) with this filter bambda: return requestResponse.response().headerValue("X-Cache").toLowerCase().contains("hit");

Sixth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: adding new checks to Burp Suite Active and Passive Scanner! security.humanativaspa.it/extending-burp…

@InsiderPhD 4. Brida, Burp to Frida bridge Bridges Burp and Frida, enabling traffic manipulation across multiple platforms. Simplifies mobile testing with direct function usage for data encryption/decryption, offering custom plugins, tabs, menu options and more. portswigger.net/bappstore/2c0d…

Fifth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: adding new functionalities to the context menu! security.humanativaspa.it/extending-burp…

A quick overview and some tips on how to handle and exploit Java applets and serialized Java objects in the present day using @Burp_Suite. security.humanativaspa.it/java-applet-se…

Fourth article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: creating new tabs for processing HTTP requests and responses! security.humanativaspa.it/extending-burp…

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

Stay tuned for the next part on topic: creating new tabs for processing HTTP requests and responses

Third article of the series "Extending @Burp_Suite for fun and profit - The Montoya way" is out! Topic: inspecting and tampering WebSocket messages! security.humanativaspa.it/extending-burp…

@MasteringBurp Thank you!!!

A great detailed introduction to the Montoya API 💎

Stay tuned for the next part: inspecting and modifying WebSocket messages

First two articles of the series "Extending @Burp_Suite for fun and profit - The Montoya way" are out! Topics: setting up the environment, Hello World and inspecting and tampering HTTP requests and responses! security.humanativaspa.it/extending-burp… security.humanativaspa.it/extending-burp…