In this previous article, we have seen what a SSRF vulnerability is, and how, in general, it can be exploited. We had placed ourselves in a quite simple theoretical framework, but various elements (either due to the vulnerability itself or due to security implementations) can make the task more complicated.
In this article, we will have a look at various methods to go further. On
- Various methods for manually bypassing filters;
- SSRFMap: a semi-automatic operating tool.
Now that we have introduced four main functionalities of Burp Suite in the previous article, we will go a bit further with some functionalities and extensions that can increase the quality of an audit and your efficacy.
Functionalities and screenshots presented in this article are from the version Professional 2.1.01.
Burp, by information security professionals, is often said to be our best friend. Burp doesn’t ring a bell? It is a software dedicated to web security audits, used by a majority of information security professionals. First, we will present you the software Burp and four fundamental modules. For those already familiar with the tool, a second more technical article details some functionalities and extensions to gain efficiency.
Alternative to classic Bluetooth, Bluetooth Low Energy is chosen increasingly for the IoT. This technology, also known as the abbreviation BLE, is establishing itself for connected devices, as it is ideal to send small amounts of data between devices and to preserve the battery; which matches the IoT’s needs perfectly. Classic Bluetooth, on its side, is used to send large amounts of data between a device and a user (wireless headphones and speakers are using Bluetooth for example).
While these two Bluetooth protocols are used for different purposes and are not compatible, they are nevertheless to some extent similar, as they have common technologies (software and hardware), such as the one managing pairing. Thus, security manager has to keep in mind that security breaches that impact classic Bluetooth affect sometimes Bluetooth Low Energy too; however, the latter has its own features and therefore its specific flaws.