You can install this Custom Action via the Extensibility Helper extension, or copy+paste from here: github.com/PortSwigger/...
bambdas/CustomAction/CSPBypass.bambda at main · PortSwigger/bambdas
Bambdas collection for Burp Suite Professional and Community. - PortSwigger/bambdas
github.com
December 16, 2025 at 3:31 PM
You can install this Custom Action via the Extensibility Helper extension, or copy+paste from here: github.com/PortSwigger/...
Turbo Intruder now has API docs! You can easily discover its many advanced features including
- pauseMarker for pause-basd desync.. or DoS
- decorators for easy response filtering
- 'randomPlz'
- wordlists.clipboard for lazy attack setup
...and many more!
github.com/PortSwigger/...
- pauseMarker for pause-basd desync.. or DoS
- decorators for easy response filtering
- 'randomPlz'
- wordlists.clipboard for lazy attack setup
...and many more!
github.com/PortSwigger/...
December 15, 2025 at 2:08 PM
Turbo Intruder now has API docs! You can easily discover its many advanced features including
- pauseMarker for pause-basd desync.. or DoS
- decorators for easy response filtering
- 'randomPlz'
- wordlists.clipboard for lazy attack setup
...and many more!
github.com/PortSwigger/...
- pauseMarker for pause-basd desync.. or DoS
- decorators for easy response filtering
- 'randomPlz'
- wordlists.clipboard for lazy attack setup
...and many more!
github.com/PortSwigger/...
Research Worth Reading Week 50/2025: SAML bypasses & LLM-assisted crash triage.
🔒 The Fragile Lock: Novel Bypasses for SAML Authentication
Ruby SAML falls again. An extraordinary exploit by the PortSwigger team: portswigger.net/research/the...
🔒 The Fragile Lock: Novel Bypasses for SAML Authentication
Ruby SAML falls again. An extraordinary exploit by the PortSwigger team: portswigger.net/research/the...
The Fragile Lock: Novel Bypasses For SAML Authentication
TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi
portswigger.net
December 14, 2025 at 10:50 PM
Research Worth Reading Week 50/2025: SAML bypasses & LLM-assisted crash triage.
🔒 The Fragile Lock: Novel Bypasses for SAML Authentication
Ruby SAML falls again. An extraordinary exploit by the PortSwigger team: portswigger.net/research/the...
🔒 The Fragile Lock: Novel Bypasses for SAML Authentication
Ruby SAML falls again. An extraordinary exploit by the PortSwigger team: portswigger.net/research/the...
PortSwigger Web Security Academy: All Path Traversal Labs Solved (Full Walkthrough)
https://medium.com/@blueorionn/portswigger-web-security-academy-all-path-traversal-labs-solved-full-walkthrough-8cccad53d44e?source=rss------bug_bounty-5
https://medium.com/@blueorionn/portswigger-web-security-academy-all-path-traversal-labs-solved-full-walkthrough-8cccad53d44e?source=rss------bug_bounty-5
December 12, 2025 at 4:10 PM
PortSwigger Web Security Academy: All Path Traversal Labs Solved (Full Walkthrough)
https://medium.com/@blueorionn/portswigger-web-security-academy-all-path-traversal-labs-solved-full-walkthrough-8cccad53d44e?source=rss------bug_bounty-5
https://medium.com/@blueorionn/portswigger-web-security-academy-all-path-traversal-labs-solved-full-walkthrough-8cccad53d44e?source=rss------bug_bounty-5
Originally from PortSwigger: The Fragile Lock: Novel Bypasses For SAML Authentication ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch
The Fragile Lock: Novel Bypasses For SAML Authentication
TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi
portswigger.net
December 9, 2025 at 11:42 AM
Originally from PortSwigger: The Fragile Lock: Novel Bypasses For SAML Authentication ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch
Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ e...
#Cyber #Security #News #Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
#Cyber #Security #News #Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
Original post on cybersecuritynews.com
cybersecuritynews.com
December 9, 2025 at 6:59 AM
Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ e...
#Cyber #Security #News #Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
#Cyber #Security #News #Vulnerability #News #cyber […]
[Original post on cybersecuritynews.com]
現代ロンドンっ子のRP(BBC教材の伝統RPとは違う)を少しずつ聞くようにしていて、たまに字幕を確認する必要もあるけども、PortSwiggerのJames Kettle (確かロンドンっ子ですよね) の解説や発表をそこそこ聞きながら理解できるようになってきた
PortSwiggerは世界的にWebアプリケーションセキュリティのテストの分野をリードしている企業だと思っていて、できるだけup-to-dateに情報を把握したいので、やはり英語に少し時間を今費やしているのはただしそう
もちろんAIの自動翻訳もなかなかのものだけども、どうしてもリアルタイムで動くものは困難も多いので
PortSwiggerは世界的にWebアプリケーションセキュリティのテストの分野をリードしている企業だと思っていて、できるだけup-to-dateに情報を把握したいので、やはり英語に少し時間を今費やしているのはただしそう
もちろんAIの自動翻訳もなかなかのものだけども、どうしてもリアルタイムで動くものは困難も多いので
December 5, 2025 at 8:52 AM
現代ロンドンっ子のRP(BBC教材の伝統RPとは違う)を少しずつ聞くようにしていて、たまに字幕を確認する必要もあるけども、PortSwiggerのJames Kettle (確かロンドンっ子ですよね) の解説や発表をそこそこ聞きながら理解できるようになってきた
PortSwiggerは世界的にWebアプリケーションセキュリティのテストの分野をリードしている企業だと思っていて、できるだけup-to-dateに情報を把握したいので、やはり英語に少し時間を今費やしているのはただしそう
もちろんAIの自動翻訳もなかなかのものだけども、どうしてもリアルタイムで動くものは困難も多いので
PortSwiggerは世界的にWebアプリケーションセキュリティのテストの分野をリードしている企業だと思っていて、できるだけup-to-dateに情報を把握したいので、やはり英語に少し時間を今費やしているのはただしそう
もちろんAIの自動翻訳もなかなかのものだけども、どうしてもリアルタイムで動くものは困難も多いので
Delighted to present at NDC Manchester. If you attended the talk and want the materials you can grab them from here:
github.com/portswigger/...
github.com/portswigger/...
GitHub - PortSwigger/splitting-the-email-atom
Contribute to PortSwigger/splitting-the-email-atom development by creating an account on GitHub.
github.com
December 4, 2025 at 6:02 PM
Delighted to present at NDC Manchester. If you attended the talk and want the materials you can grab them from here:
github.com/portswigger/...
github.com/portswigger/...
I'm going to become the Portswigger
December 2, 2025 at 10:48 PM
I'm going to become the Portswigger
"download Burp Suite from Portswigger" dude as soon as I stop laughing I'm gonna hack your login page so bad
December 2, 2025 at 10:46 PM
"download Burp Suite from Portswigger" dude as soon as I stop laughing I'm gonna hack your login page so bad
Why 95% of Bug Bounty Hunters Quit (And How the 5% Actually Make Money) You spent three months learning OWASP Top 10, completed 50+ PortSwigger labs, joined HackerOne with dreams of financial freed...
#programming #ethical-hacking #software-development #bug-bounty #cybersecurity
Origin | […]
#programming #ethical-hacking #software-development #bug-bounty #cybersecurity
Origin | […]
Original post on systemweakness.com
systemweakness.com
December 11, 2025 at 7:09 AM
Why 95% of Bug Bounty Hunters Quit (And How the 5% Actually Make Money) You spent three months learning OWASP Top 10, completed 50+ PortSwigger labs, joined HackerOne with dreams of financial freed...
#programming #ethical-hacking #software-development #bug-bounty #cybersecurity
Origin | […]
#programming #ethical-hacking #software-development #bug-bounty #cybersecurity
Origin | […]
Business Logic Vulnerabilities — Hands-On Lab Series (PortSwigger Academy)
https://medium.com/@fatimahasan022/business-logic-vulnerabilities-hands-on-lab-series-portswigger-academy-e92b54210aeb?source=rss------bug_bounty-5
https://medium.com/@fatimahasan022/business-logic-vulnerabilities-hands-on-lab-series-portswigger-academy-e92b54210aeb?source=rss------bug_bounty-5
November 26, 2025 at 9:08 PM
Business Logic Vulnerabilities — Hands-On Lab Series (PortSwigger Academy)
https://medium.com/@fatimahasan022/business-logic-vulnerabilities-hands-on-lab-series-portswigger-academy-e92b54210aeb?source=rss------bug_bounty-5
https://medium.com/@fatimahasan022/business-logic-vulnerabilities-hands-on-lab-series-portswigger-academy-e92b54210aeb?source=rss------bug_bounty-5
Myth Debunked: Browser Updates Have Not Ended Tabnabbing Attacks The “Upcoming Google Chrome update will eradicate reverse tabnabbing attacks” — claimed an article in Portswigger, a renow...
#front-end-development #react #frontend #cybersecurity
Origin | Interest | Match
#front-end-development #react #frontend #cybersecurity
Origin | Interest | Match
Awakari App
awakari.com
November 26, 2025 at 6:17 PM
Myth Debunked: Browser Updates Have Not Ended Tabnabbing Attacks The “Upcoming Google Chrome update will eradicate reverse tabnabbing attacks” — claimed an article in Portswigger, a renow...
#front-end-development #react #frontend #cybersecurity
Origin | Interest | Match
#front-end-development #react #frontend #cybersecurity
Origin | Interest | Match
I let Burp AI loose against a couple more web challenges over on Portswigger Web Academy: SSRF & SSTI
Watch how it does: youtu.be/eQBD2-k9V7s
Watch how it does: youtu.be/eQBD2-k9V7s
November 19, 2025 at 3:01 PM
I let Burp AI loose against a couple more web challenges over on Portswigger Web Academy: SSRF & SSTI
Watch how it does: youtu.be/eQBD2-k9V7s
Watch how it does: youtu.be/eQBD2-k9V7s
SQL injection — Portswigger LAB 1 -SQL injection vulnerability in WHERE clause allowing retrieval…
https://medium.com/@emir78.gkta/sql-injection-portswigger-lab-1-sql-injection-vulnerability-in-where-clause-allowing-retrieval-f734c234215d?source=rss------bug_bounty-5
https://medium.com/@emir78.gkta/sql-injection-portswigger-lab-1-sql-injection-vulnerability-in-where-clause-allowing-retrieval-f734c234215d?source=rss------bug_bounty-5
November 19, 2025 at 9:10 AM
SQL injection — Portswigger LAB 1 -SQL injection vulnerability in WHERE clause allowing retrieval…
https://medium.com/@emir78.gkta/sql-injection-portswigger-lab-1-sql-injection-vulnerability-in-where-clause-allowing-retrieval-f734c234215d?source=rss------bug_bounty-5
https://medium.com/@emir78.gkta/sql-injection-portswigger-lab-1-sql-injection-vulnerability-in-where-clause-allowing-retrieval-f734c234215d?source=rss------bug_bounty-5
Easy ways to master cybersecurity
TryHackMe ➟ beginner-friendly, guided learning
PortSwigger ➟ master web hacking the right way
Hack The Box ➟ real, hands-on pentesting labs
OverTheWire ➟ fun wargames that teach core skills
TryHackMe ➟ beginner-friendly, guided learning
PortSwigger ➟ master web hacking the right way
Hack The Box ➟ real, hands-on pentesting labs
OverTheWire ➟ fun wargames that teach core skills
November 16, 2025 at 4:40 PM
Easy ways to master cybersecurity
TryHackMe ➟ beginner-friendly, guided learning
PortSwigger ➟ master web hacking the right way
Hack The Box ➟ real, hands-on pentesting labs
OverTheWire ➟ fun wargames that teach core skills
TryHackMe ➟ beginner-friendly, guided learning
PortSwigger ➟ master web hacking the right way
Hack The Box ➟ real, hands-on pentesting labs
OverTheWire ➟ fun wargames that teach core skills
Originally from PortSwigger: Introducing HTTP Anomaly Rank ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch
Introducing HTTP Anomaly Rank
HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,
portswigger.net
November 12, 2025 at 1:04 PM
Originally from PortSwigger: Introducing HTTP Anomaly Rank ( :-{ı▓ #PortSwigger #Burpsuite #cyberresearch
Introducing HTTP Anomaly Rank | PortSwigger Research https://portswigger.net/research/introducing-http-anomaly-rank
Introducing HTTP Anomaly Rank
HTTP Anomaly Rank If you've ever used Burp Intruder or Turbo Intruder, you'll be familiar with the ritual of manually digging through thousands of responses by repeatedly sorting the table via length,
portswigger.net
November 11, 2025 at 10:20 PM
Introducing HTTP Anomaly Rank | PortSwigger Research https://portswigger.net/research/introducing-http-anomaly-rank
Lab: Exploiting vulnerabilities in LLM APIs
#portswigger
#portswigger
Lab: Exploiting vulnerabilities in LLM APIs
Tác giả: travondatrack
Ngày: (08/11/2025)
1. Tóm tắt
Xoá file /home/carlos/morale.txt bằng cách kh
postgoo.com
November 8, 2025 at 1:04 PM
Lab: Exploiting vulnerabilities in LLM APIs
#portswigger
#portswigger
Portswigger changed the way the Scanner configuration looks like (at least in Early Adopter releases) and I really like the new layout 👏
November 7, 2025 at 8:52 AM
Portswigger changed the way the Scanner configuration looks like (at least in Early Adopter releases) and I really like the new layout 👏
Want hands-on cybersec practice? Try these free platforms:
- HackThisSite
- OverTheWire
- picoCTF
- TryHackMe
- Hack The Box
- PortSwigger Web Security
Great for beginners and pros — learn, practice, join CTFs
- HackThisSite
- OverTheWire
- picoCTF
- TryHackMe
- Hack The Box
- PortSwigger Web Security
Great for beginners and pros — learn, practice, join CTFs
November 5, 2025 at 7:55 AM
Want hands-on cybersec practice? Try these free platforms:
- HackThisSite
- OverTheWire
- picoCTF
- TryHackMe
- Hack The Box
- PortSwigger Web Security
Great for beginners and pros — learn, practice, join CTFs
- HackThisSite
- OverTheWire
- picoCTF
- TryHackMe
- Hack The Box
- PortSwigger Web Security
Great for beginners and pros — learn, practice, join CTFs
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
November 3, 2025 at 12:26 PM
Firefox nightly introduces the setHTML() method. Which is like a native DOMPurify. You can easily test it here:
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
portswigger-labs.net/mxss/
Set HTMLSanitizer ✅
Auto update ✅
I'm trying to break it, I encourage you to break it too
New Safari vector:
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
October 30, 2025 at 12:48 PM
New Safari vector:
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
Instead of using window name, I use document.URL to smuggle the payload and the title attribute to create the TypeError XSS.
Hash:
#'-alert(1)//
Poc:
portswigger-labs.net/xss/xss.php?...
day 26
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
October 20, 2025 at 8:25 PM
day 26
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
- done with graphql portswigger module
- did some more testing
gonna try to figure out how to use clairvoyance tmrw
- im really tired
