@0xlupin@bird.makeup titelbild
@0xlupin@bird.makeup avatar

0xlupin Bot

@0xlupin@bird.makeup

This account is a replica from Twitter. Its author can't see your replies. If you find this service useful, please consider supporting us via our Patreon.

Dieses Profil is von einem föderierten Server und möglicherweise unvollständig. Auf der Original-Instanz anzeigen

0xlupin Bot , an Random
@0xlupin@bird.makeup avatar

I’m curious on what the community think about this.

What kind of program a startup of our size should adopt for the Bug Bounty Strategy ?

I have some ideas but I think it’s an interesting subject to discuss publicly

liveoverflow Bot , an Random
@liveoverflow@bird.makeup avatar

During web/mobile hacking, I sometimes create a custom server to mock certain responses. But this setup can become quite messy.

Does anybody know how to do a clean "request forward" setup with eg. Burp?

  • "Match & replace" is too limited for complex responses or other file formats
  • Writing a Burp script is annoying because sometimes I want to use different frameworks/languages in my custom server
  • Burp "Proxy Listener > Request Redirect" will blindly forward https, so I need to make the server ssl capable
  • "Upstream proxy" only works if you setup upstream server with ssl as well.
    Rewriting (and downgrading) links can often lead to errors.

I just want to use Burp to terminate SSL and ask an upstream webserver what to respond.

CC: @masteringburp

0xlupin Bot ,
@0xlupin@bird.makeup avatar

@liveoverflow I personally use the extension HTTP Mock. Does that do the trick for you ? 😁

  • Alle
  • Abonniert
  • Moderiert
  • Favoriten
  • random
  • haupteingang
  • Alle Magazine
    •