BurpSuite | BurpSuite using the document and some extensions | Plugin library

I've been using REST APIs (both as a consumer and a developer of) for many years and am just starting to work with a GraphQL API for the first time, specifically, BurpSuite's Enterprise GraphQL API. I like it but I'm definitely missing a few critical concepts.

I am trying to hit their GetScan endpoint:

After setting up my device with Burpsuite. Im able to capture and intercept request from the mobile browser (Chrome) and only "some request" from my application. I wonder why are some request can't be capture in the HTTP history?

**Note that after setting up the proxy in wifi, my device is showing LIMITED CONNECTION. However I can still have access to internet when surfing website in Mobile Chrome, but some apps (Youtube, Facebook) is totally losing internet access.

Is that the reason why some of my request can't be capture?

Setup works including:

1. IP:proxy
2. cacert installation (VPN & APPS) + (WIFI)

Some info

1. Im using 8082 proxy
2. Android 10

After some debugging, I found out that my application is returning Network Error while firing some requests (those which failed to capture). Though this could be the reasoning of CACERT / proxy set, but I still expect the http request to be appear in burp? Why is not appearing?

I am in the process of writing an intercepting proxy tool like Burpsuite for security testing. An important part of that would be sending malformed HTTP requests in the case of which we would have to give the user full control over the request!

So, I can't have complete control while using a library! I need to be able to send raw HTTP requests to the target hosts like,

I have not, but shall DAST* security test, out of curiosity, an IoT device; Nodemcu esp8266 www server I built. It's showing a HTML page (on a mobile phone for example) that allows to control and interact with a camera module and a A/C relay. With it I can for example show images captured in the camera I even think it has some image recognition built in, and I can switch on and off a relay for electrical current to a light bulb (110/220v A/C power)

Before I start pentest I though I better start thinking of what types of exploits one would be able to find and detect? Which sinister exploits I will be able to find, or rather ought be able to find given a proper pentest exercise? (And if I do not find exploits, my approach to the pentest of the Iot might be wrong)

I ponder it might be a totally pointless exercise since the esp8266 www server (or rather its LUA programming libraries) might not have any security built into it, so basically it is "open doors" and everything with it is unsafe ?

The test report might just conclude what I can foresee be that the the "user input needs to be sanitized"?

Anyone have any idea what such pentest of a generic IoT device generally reports? Maybe it is possible to crash or reset the IoT device? Buffer overruns, XXS, call own code ?

I might use ZAP or Burpsuite or similar DAST security test tool.

• I could of course SAST test it instead, or too, but I think it will be hard to find a static code analyzer for the NodeMCU libraries and NUA scripting language easily ? I found some references here though: https://ieeexplore.ieee.org/abstract/document/8227299 but it seems to be a long read.

So if someone just have a short answer what to expect in a DAST scan/pentest , it would be much appreciated.

Stay safe and secure out there ! Zombieboy

For safety reasons of my company I removed the URL's. But I think they aren't important for the understanding of the problem.

When I make a post with Burpsuite the post is executed correctly, like this print. The request is represented below:

I am checking Request.UrlReferrer = null on each page_load method outside of Postback. But if it's not null and still someone change the referrer header value using BurpSuite. Then it should redirect to default errorpage.

How should I validate this?

So i try to make X number of lists where X is the number of nargs provided in my program. Example: python program.py --payloads file1 file2 file3 file4... up to 20 nargs. This gives me a list of: payloads_sets = [file1, file2, file3, file4] (takes up to 20 files)

Now, here is the tricky part where i got stuck. I need to read from each file and iterate through each payload in the file simultaneously to set it in the request I'll make for every payload in the files. TL;DR: There is a different payload set for each defined position (up to a maximum of 20). The attack iterates through all payload sets simultaneously and places one payload into each defined position.

For example:

I once knew the name of python3 module that after importing when gave the name of request file saved by burpsuite, it automatically generated python3 requests headers. What is the module name?

Edit: I am not searching for bs4, instead i am searching for what sqlmap -r does. I want to implement functionality similar to sqlmap -r but it was a module rather than what sqlmap is doing, and it made a variable with all the HTTP header set such as cookie, host etc

I'm trying to use requests python to create a post request together with the submit form data. Here it is the HTML form: