When you're brute forcing for endpoints, don't forget
to add extensions. You can also use this method to
discover backup files
dirsearch-e
php,asp,aspx,jsp,py,txt,conf,config,bak,backup,swp,log,xml,js,json,old,db,sql -u <target>
#bugbounty#bugbountytips#cybersecurity#pentest
Bypass no rate limit
1 add %00 at the end of mail in intruder whenever error 429 comes
Or %2e,%0d %0a
2 add X-Forwarded-For: 127.0.0.1
If rate limit is based on ip use ip rotator burp extention
#bugbounty#bugbountytips#cybersecurity#pentesting#hacking
No more noise in your logs!
Burp Suite > Proxy > Options > TLS Pass Through.
Add these:
*.google\.com
.*.gstatic).com
*.mozilla\.com
.*\.googleapis\.com
*.pkil.goog
#bugbounty#bugbountytips#cybersecurity#pentesting#hacking