To get a valid session token to use with Burp Suite tools, I ended up writing a small Python extension (110 lines of code, but who’s counting?) that obtained a new session token for each request, allowing items like Intruder to work as intended. Cool, I was able to use it during the test, but I would like this to be repeatable. So, this blog is releasing Swapper, a regex pattern-based match/replace Burp Suite extension.

The post Swapper – A Pure Regex Match/Replace Burp Extension appeared first on Black Hills Information Security, Inc..

This is a foolproof guide to intercepting traffic from mobile applications built on Flutter, which historically have been especially challenging to intercept.

The post Intercepting Traffic for Mobile Applications that Bypass the System Proxy appeared first on Black Hills Information Security, Inc..

This blog will cover how to root an AVD emulator and a physical Pixel 6. But before we cover those topics, let's cover what it is we will be doing and some of the pro/cons of rooting an Android phone.

The post How to Root Android Phones appeared first on Black Hills Information Security, Inc..

In this video, Dave Blandford discusses a beginner's guide to creating Burp Suite extensions. The session covers an overview of what Burp extensions are, how they can improve testing capabilities, and the tools and languages used in developing them.

The post Creating Burp Extensions: A Beginner’s Guide appeared first on Black Hills Information Security, Inc..

As a tester, I do all my work inside a Virtual Machine (VM). Recently, I found myself in a situation where I needed to get a VM on a Windows […]

The post QEMU, MSYS2, and Emacs: Open-Source Solutions to Run Virtual Machines on Windows appeared first on Black Hills Information Security, Inc..