Upgrade to Pro — share decks privately, control downloads, hide ads and more …

P j borah

P j borah

Learn common 6 extensions that you need while doing Testing on cloud based applications.

15d05906370266398f014184d86d17c5?s=128

Pj borah

May 09, 2021
Tweet

Transcript

  1. 6 Burp extension for Cloud Security Use burp for More

    Vulnerability Which make Your Testing phase More Easy . 6 burp extesnsion You must need while your doing testing against cloud based application
  2. Extension 1 AWS Security Checks https://github.com/PortSwigger/a ws-security-checks This extensions provides

    additional Scanner checks for AWS security issues.
  3. Extension 2 AWS Extender https://github.com/VirtueSecurity /aws-extender This Burp Suite extension

    can identify and test S3 buckets as well as Google Storage buckets and Azure Storage containers for common misconfiguration issues using the boto/boto3 SDK library.
  4. Extension 3 AWS Signer https://github.com/NetSPI/AWSSi gner The extension will look

    for the "X-AMZ-Date" header in all requests being sent by Burp. If it finds a request, it will update the signature in the request. Your request must also have an Authorization header, which should be on all AWS signed requests.
  5. Extension 4 cloud_enum https://github.com/initstring/clou d_enum Enumerate public resources in AWS,

    Azure, and Google Cloud.
  6. Extension 5 AWS Security Checks https://github.com/anvilventures/ aws-sigv4 This is a

    Burp extension for signing AWS requests with SigV4. Signature Version 4 is a process to add authentication information to AWS HTTP requests.
  7. Extension 6 Burp-AnonymousCloud https://github.com/codewatchorg /Burp-AnonymousCloud Burp extension that performs a

    passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities. This Help to find AWS S3 bucket URLs, Azure Storage container URLs, Google Storage container URLs, More Above
  8. cyber UF Learn Cyber Security we Do Penentration Testing Choose

    Your Best Online Training We Help to Secure Your Network Infrastructure Ask Your Questions? Insta: @cyber_unfold Medium:https://cyberunfold.medium.com