As we saw in the previous chapter, Burp Suite is a flexible tool used to detect and exploit vulnerabilities. In this chapter, we will be exploiting other types of vulnerabilities, showing more options and capabilities in Burp Suite.
In this chapter, we will cover the following topics:
- Using SSRF/XSPA to perform internal port scans
- Using SSRF/XSPA to extract data from internal machines
- Extracting data using Insecure Direct Object Reference (IDOR) flaws
- Exploiting security misconfigurations
- Using insecure deserialization to execute OS commands
- Exploiting crypto vulnerabilities
- Brute forcing HTTP basic authentication
- Brute forcing forms
- Bypassing file upload restrictions