@BountySecurity @john Great! Looking forward to the tool getting better and better.
English
John
18 posts
@Ramtic233 Hi @john! thanks for your following, in next versión we will fix these issues. Now, you can specify new headers and cookies before you send the urls to scan, with match and replace feature. If you need more information, please let me know.
English
Burp Bounty Pro v3.1.0 is out.
New: AI Scanner. Sends each request to an LLM with structured context extracted from the response. The AI decides which profiles to launch automatically.
A new option alongside Active Scan and Smart Scan, not a replacement.
English
@BountySecurity my suggestion to reuse not only cookies but also other authentication headers—needed for real vulnerability scenarios—has not been adopted.
English
Supports OpenAI, Anthropic, Gemini, OpenRouter, and local models via Ollama. Prompts fully editable.
Also new: per-host scan deduplication. 62 profiles now run once per domain instead of repeating on every URL. Cuts redundant traffic on large scopes.
bountysecurity.ai/pages/burp-bou…
English
Been working on this one for a while. A new option that decides what to test and where, on top of everything that already works.
Nothing changes. Something gets added.
Monday.
x.com/BountySecurity…
Bounty Security@BountySecurity
Monday: the biggest update to Burp Bounty Pro since v3.0.0 → A new scanning option that picks its own targets → Everything else stays exactly the same → Full blog post explaining the thinking behind it bountysecurity.ai/pages/burp-bou…
English
@BountySecurity Please test for contentlength-based SQLi, I have reported bug
English
Same idea for time-based SQLi: 5s delay, then 10s, then 15s. If all three match the injected WAITFOR DELAY, it's real, not network jitter.
Or XSS: send a harmless token first. If it reflects, fire payloads. If it doesn't, skip it.
docs.bountysecurity.ai bountysecurity.ai/pages/burp-bou…
English
A single quote returning 500 doesn't prove SQL injection. Could be anything.
But single quote → 500, double quote → 200, triple quote → 500? That's a pattern.
Multi-step profiles in Burp Bounty Pro let you chain these checks into one scan. Each step: own payload, own match.
English
Asked Burp Bounty Pro users about their best finds 🐛
Some of these genuinely surprised me 🙌
💰 £5k bounties
💉 RCE chains
💀 Full server takeovers
🔴 Real CVEs in production
x.com/BountySecurity…
Bounty Security@BountySecurity
🐛 We asked Burp Bounty Pro users: what's your best find? 🔴 Path traversal → server takeover 💀 🔴 SQLi → RCE chain 💉 🔴 Chained SSRF 🌐 🔴 HTTP Request Smuggling 📡 🔴 CVE-2021-41773 in prod 🐛 🔴 £5,000 bounty 💰 Real bugs. Real users. 🔥 Yours? 👇 #BurpBounty
English
🧠 The idea behind Smart Scan was simple:
What if the scanner could think before it attacks?
Instead of testing everything everywhere → it detects
the tech stack first, then fires only what matters.
27 rules out of the box. Or build your own. 🛠
x.com/BountySecurity…
Bounty Security@BountySecurity
🧠 Smart Scan in Burp Bounty Pro: 👁 Passive profile detects a technology 📋 Rule condition matches 🎯 Active profiles fire automatically WordPress detected? → WP CVE profiles 🔥 SQLi params found? → SQLi payloads only 💉 Spring Boot spotted? → Spring checks ⚡
English
@BountySecurity In the Multi-Step function, does it have to be cookie reuse? Some sites rely on custom headers to verify permissions, such as token,auth-token, or Authorization in the headers. I suggest that the reuse can have customizable keywords.
English
I built a deliberately vulnerable web app so you can test your Burp Bounty Pro profiles against real vulnerabilities.
100+ endpoints. XSS, SQLi, SSRF, SSTI, 42 CVEs, GraphQL...
It's live and free. Go break it 👇
🔗 burpbountylab.com
#BugBounty #Pentesting #BurpSuite
English
@BountySecurity The content length diff function is the same; it should compare the difference in length, right? Not the difference in content.
Also, please adapt the display for Burp Suite dark mode.
English
@BountySecurity When testing the built-in SQLi_ContentLength scan, the content length in the match type feature does not compare the request when no payload is sent, but rather determines whether the response content is included in the response headers.
English
@BountySecurity When testing the built-in SQLi_ContentLength scan, the content length in the match type feature does not compare the request when no payload is sent, but rather determines whether the response content is included in the response headers.
English
📖 New documentation for Burp Bounty Pro 3.0.0 is live.
Every feature. Every workflow. Every config option — documented.
→ docs.bountysecurity.ai
#burpbountypro #BugBounty #BurpSuite
English
@BountySecurity In the Multi-Step function, does it have to be cookie reuse? Some sites rely on custom headers to verify permissions, such as token,auth-token, or Authorization in the headers. I suggest that the reuse can have customizable keywords.
English
@BountySecurity The content length diff function is the same; it should compare the difference in length, right? Not the difference in content.
Also, please adapt the display for Burp Suite dark mode.
English
Tell you what… retweet, like, and dm me “prompt” and I’ll sent it to ya
Merry Xmas
JS0N Haddix@Jhaddix
🤖 WebSecGPT - Your AI security buddy Hacking an API or JS framework? Don't have a swagger file or struggling to understand the app? Wanna quickly identify all js sinks? Meet WebSecGPT (a thread ) 👇
English
Launching "The Ultimate Web Development Guide" eBook.
This guide has everything you need to become a Web Developer.
You will get :
👉 25+ Chapters
👉 100+ Resources
👉 500+ No Code Tools
👉 100+ Web Dev Tools
Get it now for "FREE"
Just:
• Follow
• Reply "free"
I'll DM you
English
ChatGPT is Free.
But most people don’t know the best ways to use it.
That's why I build this Ultimate 50+ Chapters ChatGPT Full course for you:
• 500+ AI Prompts
• 70+ Resources
• 900+ AI Tools
And for next 24 hours, it's free!
Just:
• Follow
• Reply "send"
I'll DM you
English
shiro.sumsec.me 为工具更新站点,后面会更新根据自己以及和同事遇到几种特殊情况shiro环境下漏洞利用经验编写文档。刚刚更新一版主要是更新加载dll的内存马。感谢github.com/whami-root提交的pr修改意见。
中文