I am trying to run an unauthenticated active scan of a website as part of a penetration test, and there is one form on the website on a contact page that looks like it will send emails to a singular contact. We don’t want to flood this per…
I have a website that needs a 6 digit code to log in. A dynamic ID is sent with the OTP submission request as "recoveryCode":"xxx" in the body. The dynamic ID for the next request is returned in the response of the firs…
When I make a normal Python request to some site without any proxies, I get a 429 response, which is too many requests. However, when I open up Burpsuite proxy and add:
import requests
# Set up the proxies dictionary for Burpsuite
proxies…
A website I’m looking at for my colleagues has a parameter which is number|number
Where the likely values will be 1-99|1-999 (e.g. 14|234)
How do I configure burp to try all possible values? (Would this be the intruder tool?)
Burp Newb!…
