Prakhar Prasad

PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...

https://prakharprasad.com/exploration-intruder-payload-processing/

PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...

https://prakharprasad.com/diving-deeper-into-extender-api-interfaces/

PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...

https://prakharprasad.com/burp-project-structure-and-fundamentals/

PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Development Tools Extension Project Structure and Fundamentals Diving deeper into Extender API Interfaces Exploration - In...

https://prakharprasad.com/setting-up-extension-development-tools/

Burp Extender provides necessary extensibility required for creation and execution of Burp Suite extensions. The EXTENDER tab exposes all APIs required for development of custom extensions in the...

https://prakharprasad.com/introduction-to-burp-extender/

This is an introductory post for a series of blog posts which will focus on the development of Burp Suite extensions. PARTS OF SERIES Introduction to Burp Extender Setting Up Extension Devel...

https://prakharprasad.com/burp-suite-extension-development-series/

This post revolves around a remote code execution vulnerability that I found in SHOPIFY Before I start I'd inform you that the vulnerability I found was reported to Shopify, as a part of their ...

https://prakharprasad.com/shopify-remote-code-execution/

In this blog post I'll explain about the bug I found yesterday at HackerOne which netted me their highest bounty so far (as on 15th Oct 2014 GMT +5:30). The bug was on program/team side which inv...

https://prakharprasad.com/hackerone-vulnerability-common-response-title-leak-through-triggers/

I'm writing about a stored XSS which I found on one of Facebook's Acquisition, FriendFeed. I started to check on FriendFeed website, for possible bugs, but failed to get anything good there. Th...

https://prakharprasad.com/facebook-friendfeed-stored-xss/

I am sharing one of my findings that I submitted to Facebook's Whitehat program earlier this year. Facebook Ads Manager provides a sort of integration with MailChimp, to fetch data to Facebook ...

https://prakharprasad.com/facebook-mailchimp-application-oauth-2-0-misconfiguration/

Just wanted to share a privilege escalation vulnerability affecting Flipkart, a top-notch e-commerce website in India having local Alexa Internet ranking of 10. Let's jump to the background of ...

https://prakharprasad.com/flipkart-com-elevation-of-privilege/

Hey! It's been a while since I blogged about security bugs here, so let me start off once again. About two weeks ago I found an OAuth based bug that affected Facebook, which since then got pa...

https://prakharprasad.com/ssrf-xspa-in-mailchimp/

A few weeks ago, I found a critical cross-site request forgery vulnerability that forces a user’s primary phone number linked with his PayPal account being changed by hacker’s choice. Before ...

https://prakharprasad.com/paypal-csrf-aids-in-account-takeover/

I want to share the details behind a DOM-based XSS which I found on Rediff Blogs. At first glance it looks unexploitable as the source of XSS is a cookie, which then lands in an innerHTML sink.So...

https://prakharprasad.com/triggering-an-unexploitable-dom-based-xss-in-rediff-blogs-automagically/

I want to share the details of a redirection flaw, which I found on Quora, an extremely popular Q/A website, possessing Alexa rank of around 800 worldwide and how someone can exploit the issue to...

https://prakharprasad.com/pwning-facebook-accounts-taking-a-little-help-from-quora/