BestHub
Sign in
Tagged articles
8 articles
Page 1 of 1
Black & White Path
Black & White Path
Mar 12, 2026 · Information Security

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

AuthKit is a Burp Suite extension that expands a single request into Original, Unauthorized and multiple‑role samples to uncover unauthorized access, horizontal and vertical privilege escalation, and BOLA issues, offering passive capture, right‑click active testing, multi‑identity replay, metric dashboards, diff views, context‑menu integration, and flexible scope controls.

AuthKitBOLABurp Suite
0 likes · 3 min read
AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection
Black & White Path
Black & White Path
Feb 19, 2026 · Information Security

How to Hard‑Code the Encryption Key of a WeChat Public Account

The article walks through a security test of a WeChat public account that uses AES‑encrypted payloads, RSA‑encrypted keys, and an MD5 signature, showing how the author first tried memory editing with Cheat Engine, then succeeded by intercepting and modifying the JavaScript in Burp Suite to fix the key, and finally summarises why front‑end encryption can be bypassed.

Burp SuiteFront-end securityJavaScript
0 likes · 7 min read
How to Hard‑Code the Encryption Key of a WeChat Public Account
Wukong Talks Architecture
Wukong Talks Architecture
Sep 1, 2025 · Information Security

Boost Web Privilege Testing with the XiaYue Burp Suite Plugin

XiaYue, a powerful Burp Suite extension, automates vertical and horizontal privilege escalation detection by comparing responses across multiple permission levels, offering smart deduplication, advanced filtering, parameter replacement, visual data tables, persistent configuration, and performance optimizations, while the author also shares a heartfelt story about their child's school start.

Burp SuiteVulnerability DetectionWeb Security
0 likes · 9 min read
Boost Web Privilege Testing with the XiaYue Burp Suite Plugin
Alibaba Cloud Developer
Alibaba Cloud Developer
Jul 15, 2025 · Information Security

Boost Web Vulnerability Scanning with LLM‑Powered MCP Server Automation

This article explores how large language models can be integrated with MCP Server and Burp Suite to automate web application vulnerability detection, detailing environment setup, workflow steps, code snippets, challenges such as token limits and payload formatting, and the advantages and limitations of the approach.

Automated Vulnerability ScanningBurp SuiteKotlin
0 likes · 12 min read
Boost Web Vulnerability Scanning with LLM‑Powered MCP Server Automation
DevOps Operations Practice
DevOps Operations Practice
Jul 11, 2024 · Information Security

Top 7 Penetration Testing Tools and Their Key Features

This article introduces seven leading penetration testing tools—including Kali Linux, Metasploit, Wireshark, Nmap, Burp Suite, Acunetix, and Nessus—detailing their primary features and how they help security professionals identify and mitigate vulnerabilities effectively.

Burp SuiteKali LinuxMetasploit
0 likes · 9 min read
Top 7 Penetration Testing Tools and Their Key Features
FunTester
FunTester
Nov 20, 2023 · Information Security

Mastering Bulk API Access Control Testing with Burp Suite Auth Analyzer

This guide explains how to use Burp Suite's Auth Analyzer plugin to efficiently perform bulk API access‑control (broken access control) testing, covering vulnerability types, tool installation, step‑by‑step testing procedures, result analysis, and report export for improved software security.

API testingAccess ControlAuth Analyzer
0 likes · 6 min read
Mastering Bulk API Access Control Testing with Burp Suite Auth Analyzer
Zhengtong Technical Team
Zhengtong Technical Team
Oct 30, 2020 · Information Security

Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application

This article explains how to employ Burp Suite to conduct comprehensive penetration testing on the ZhiXin mobile app, covering setup, proxy configuration, detection of sensitive data leaks, privilege escalation, XSS, and SQL injection vulnerabilities, and provides remediation recommendations.

Burp SuiteInformation Securityapp testing
0 likes · 12 min read
Using Burp Suite for Penetration Testing of the ZhiXin Mobile Application