20 Burp Suite tips from the Burp user community

dump/json2paths at master · s0md3v/dump

This tool finds hidden endpoints, especially on APIs. It fetches JSON responses from BurpSuite history and creates url-paths wordlist from JSON keys.

A study on Windows HTTP authentication (Part II)

Since last year, Burp also implemented NTLM EPA authentication. Nevertheless, it still does not support the WWW-Authenticate: Negotiate header, pass-the-hash, pass-the-ticket and so on. They all lead to authentication errors.

We decided to add to our proxy the support of all the HTTP Authentications that you could find on a Windows based infrastructure including:

• Standard NTLM authentication
  • NTLM EPA channel binding
  • NTLM EPA service binding
  • Pass-the-hash capabilities (from LM or NT hashes)
• Kerberos authentication
  • Standard user/password capabilities
  • Pass-the-ticket capabilities (from TGT or ST)
  • Overpass-the-hash capabilities (from the NT hash)

The objective is also to give a simple script to work with HTTP authentication. It is based on a single file, with minimal dependencies. Feel free to tweak, patch and modify it so that it matches your needs, PRs are welcome.