BurpSmartBuster - A smart way to find hidden treasures, the next steps

Presented at Hackfest 2016, Nov. 4, 2016, 4 p.m. (Unknown duration).

Bruteforcing non-indexed data is often use to discover hidden files and directories which can lead to information disclosure or even a system compromise when a backup file is found. This bruteforce technique is still useful today, but the tools are lacking the application context and aren't using any smart behaviour to reduce the bruteforce scanning time or even be stealthier. BurpSmartBuster, a Burp Suite Plugin offers to use the application context and add the smart into the Buster! This 20 minute presentation will reveal this new open-source plugin and will show practical case of how you can use this new tool to accelerate your Web pentest to find hidden treasures! The following will be covered: - How to add context to a web bruteforce tool - How we can be stealthier - How to limit the number of requests: Focus only on what is the most critical - Show how simple the code is and how you can help to make it even better!

Presenters:

  • Patrick Mathieu
    Patrick est cofondateurs du Hackfest.ca et s'implique dans le domaine de la sécurité informatique depuis plus de 20 ans. Il travaille en tant que pentester et lead purple-team et est spécialisé dans la sécurité applicative. Patrick possède un Bacc. et un DEC en informatique et de plus, il a toujours été actif dans la communauté et dans les évènements de sécurité.

Links:

Similar Presentations: