11 Implementing Advanced Topic Attacks

This chapter covers intermediate to advanced topics such as working with XML External Entity (XXE) injection, JSON Web Token (JWT) attacks, Server-Side Request Forgery (SSRF), Cross-Origin Resource Sharing (CORS) findings, and Java deserialization attacks, as well as testing GraphQL in Burp Suite. We’ll learn how to use Burp Suite and Burp Suite extensions to assist in making each of these types of test easier.

In this chapter, we will cover the following recipes:

Performing XXE attacks
Working with JWT
Using Burp Suite Collaborator to determine SSRF
Testing CORS
Performing Java deserialization attacks
Hacking GraphQL with Burp Suite

Technical requirements

To complete the recipes in this chapter, you ...

Get Burp Suite Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Burp Suite Cookbook - Second Edition by Dr. Sunny Wear

11

Implementing Advanced Topic Attacks

Technical requirements

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly