if you're using Burp for web app testing, you can benefit from the added productivity provided by the Burp Variables extension. this extension lets you reference reusable variables in your requests, similar to environment variables in Postman and Insomnia

additionally, new with v1.2.0, Burp Variables now supports auto-updating variable values from response content via a regex with a capture group, allowing you to automatically update tokens, session data, and other dynamic values

https://github.com/0xceba/burp_variables

#cybersecurity #infosec #hacking #bugbounty #pentest #pentesting

this is your reminder that if you're using Burp for web app testing, you should be using an extension that lets you use variables in your outgoing requests. variables functionality gives you a single place to update credential, token, and identifier values which improves productivity and reduces false positives. there are a few extensions that provide this functionality and I recommend my extension, Burp Variables, which is purpose-built for it: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking

after a lengthy concept review, code review, and QA process, PortSwigger has published the Burp Variables extension to the BApp Store! if you do API testing from Burp, you should look into this productivity extension which allows you to store and reuse variables in your outgoing requests, similar to other API testing clients like Postman and Insomnia. this is a productivity boon because it gives you single place to update ephemeral credential/token values and it helps you keep track of your identifiers & credentials which minimizes false positives. to learn more:
- install the extension from the BApp Store
- see more details at the BApp Store page: https://portswigger.net/bappstore/27f89b068a3045649d4df77a863209c1
- review the source code at the extension's source repo: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking #cybersecurity #infosec

I'm excited to announce Burp Variables v.1.1.6. this version has an updated UI which streamlines how variables are added: they can now be added through the dedicated panel on the Variables tab or via the context menu for requests that come from the message editor. the latter option is convenient when working with new variable names that haven't been memorized yet. download the new release at: https://github.com/0xceba/burp_variables

#burp #burpsuite #burp_suite #pentesting #pentest #bugbounty #bugbountytips #hacking

Burp Variables v1.1.5 has been released. this version features an optimized storage mechanism and import/export functionality to conveniently populate the variables table from disk. download the release at https://github.com/0xceba/burp_variables

#burp #burp_suite #burpsuite #pentesting #pentest #bugbounty #bugbountytips #hacking

if you do a lot web app testing of APIs that use JSON data, you should considering using the extension Prettify JSON Then Send to Comparer. this is a productivity extension that adds a context menu action to pretty print format JSON data before sending it to the Comparer tool. this greatly increases readability of JSON data in Comparer because you're no longer comparing long single lines with the dreaded 💀 horizontal scrollbar 💀. github repo: https://github.com/0xceba/burp_prettify_json_then_send_to_comparer

#burp_suite #burp #burpsuite #pentesting #pentest #bugbounty #bugbountytips #hacking