PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...
https://prakharprasad.com/exploration-intruder-payload-processing/
PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...
https://prakharprasad.com/diving-deeper-into-extender-api-interfaces/
PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...
https://prakharprasad.com/burp-project-structure-and-fundamentals/
PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...
https://prakharprasad.com/setting-up-extension-development-tools/
Burp Extender provides necessary extensibility required for creation and execution of Burp Suite extensions. The EXTENDER tab exposes all APIs required for development of custom extensions in the...
This is an introductory post for a series of blog posts which will focus on the development of Burp Suite extensions. PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Devel...
https://prakharprasad.com/burp-suite-extension-development-series/
This post revolves around a remote code execution vulnerability that I found in SHOPIFY Before I start I'd inform you that the vulnerability I found was reported to Shopify, as a part of their ...
In this blog post I'll explain about the bug I found yesterday at HackerOne which netted me their highest bounty so far (as on 15th Oct 2014 GMT +5:30). The bug was on program/team side which inv...
https://prakharprasad.com/hackerone-vulnerability-common-response-title-leak-through-triggers/
I'm writing about a stored XSS which I found on one of Facebook's Acquisition, FriendFeed. I started to check on FriendFeed website, for possible bugs, but failed to get anything good there. Th...
I am sharing one of my findings that I submitted to Facebook's Whitehat program earlier this year. Facebook Ads Manager provides a sort of integration with MailChimp, to fetch data to Facebook ...
https://prakharprasad.com/facebook-mailchimp-application-oauth-2-0-misconfiguration/
Just wanted to share a privilege escalation vulnerability affecting Flipkart, a top-notch e-commerce website in India having local Alexa Internet ranking of 10. Let's jump to the background of ...
https://prakharprasad.com/flipkart-com-elevation-of-privilege/
Hey! It's been a while since I blogged about security bugs here, so let me start off once again. About two weeks ago I found an OAuth based bug that affected Facebook, which since then got pa...
A few weeks ago, I found a critical cross-site request forgery vulnerability that forces a user’s primary phone number linked with his PayPal account being changed by hacker’s choice. Before ...
https://prakharprasad.com/paypal-csrf-aids-in-account-takeover/
I want to share the details behind a DOM-based XSS which I found on Rediff Blogs. At first glance it looks unexploitable as the source of XSS is a cookie, which then lands in an innerHTML sink.So...
https://prakharprasad.com/triggering-an-unexploitable-dom-based-xss-in-rediff-blogs-automagically/
I want to share the details of a redirection flaw, which I found on Quora, an extremely popular Q/A website, possessing Alexa rank of around 800 worldwide and how someone can exploit the issue to...
https://prakharprasad.com/pwning-facebook-accounts-taking-a-little-help-from-quora/