"Detecting and annoying Burp users" by @dustriorg Some fun and innovative ways to keep pesky Burp users at bay. Contents: • Detecting Burp users • Detecting the web interface • Detecting the TLS man-in-the-middle • TLS ciphers support • JA3 • Infinitely chunked responses • Detecting the Burp browser extension recording • Brotli compression • User-agent of the embedded browser • Hackvector • Breaking stuff in Burp • Breaking the crawler • Confusing Burps active scan • Breaking the decoding • Breaking the Intruder https://www.dustri.org/b/detecting-and-annoying-burp-users.html 534 views07:20