BestHub
Sign in
Tagged articles
8 articles
Page 1 of 1
Black & White Path
Black & White Path
Mar 12, 2026 · Information Security

AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection

AuthKit is a Burp Suite extension that expands a single request into Original, Unauthorized and multiple‑role samples to uncover unauthorized access, horizontal and vertical privilege escalation, and BOLA issues, offering passive capture, right‑click active testing, multi‑identity replay, metric dashboards, diff views, context‑menu integration, and flexible scope controls.

AuthKitAutomationBOLA
0 likes · 3 min read
AuthKit: A Burp Suite Plugin for Automated Privilege‑Escalation Detection
Black & White Path
Black & White Path
Feb 19, 2026 · Information Security

How to Hard‑Code the Encryption Key of a WeChat Public Account

The article walks through a security test of a WeChat public account that uses AES‑encrypted payloads, RSA‑encrypted keys, and an MD5 signature, showing how the author first tried memory editing with Cheat Engine, then succeeded by intercepting and modifying the JavaScript in Burp Suite to fix the key, and finally summarises why front‑end encryption can be bypassed.

Burp SuiteFront-end securityJavaScript
0 likes · 7 min read
How to Hard‑Code the Encryption Key of a WeChat Public Account
Wukong Talks Architecture
Wukong Talks Architecture
Sep 1, 2025 · Information Security

Boost Web Privilege Testing with the XiaYue Burp Suite Plugin

XiaYue, a powerful Burp Suite extension, automates vertical and horizontal privilege escalation detection by comparing responses across multiple permission levels, offering smart deduplication, advanced filtering, parameter replacement, visual data tables, persistent configuration, and performance optimizations, while the author also shares a heartfelt story about their child's school start.

AutomationBurp SuiteWeb Security
0 likes · 9 min read
Boost Web Privilege Testing with the XiaYue Burp Suite Plugin
Alibaba Cloud Developer
Alibaba Cloud Developer
Jul 15, 2025 · Information Security

Boost Web Vulnerability Scanning with LLM‑Powered MCP Server Automation

This article explores how large language models can be integrated with MCP Server and Burp Suite to automate web application vulnerability detection, detailing environment setup, workflow steps, code snippets, challenges such as token limits and payload formatting, and the advantages and limitations of the approach.

Automated Vulnerability ScanningBurp SuiteKotlin
0 likes · 12 min read
Boost Web Vulnerability Scanning with LLM‑Powered MCP Server Automation
DevOps Operations Practice
DevOps Operations Practice
Jul 11, 2024 · Information Security

Top 7 Penetration Testing Tools and Their Key Features

This article introduces seven leading penetration testing tools—including Kali Linux, Metasploit, Wireshark, Nmap, Burp Suite, Acunetix, and Nessus—detailing their primary features and how they help security professionals identify and mitigate vulnerabilities effectively.

Burp SuiteKali LinuxMetasploit
0 likes · 9 min read
Top 7 Penetration Testing Tools and Their Key Features
FunTester
FunTester
Nov 20, 2023 · Information Security

Mastering Bulk API Access Control Testing with Burp Suite Auth Analyzer

This guide explains how to use Burp Suite's Auth Analyzer plugin to efficiently perform bulk API access‑control (broken access control) testing, covering vulnerability types, tool installation, step‑by‑step testing procedures, result analysis, and report export for improved software security.

API testingAuth AnalyzerAutomation
0 likes · 6 min read
Mastering Bulk API Access Control Testing with Burp Suite Auth Analyzer