Pinned
Remember you can always find my full research portfolio, upcoming presentations and contact details at jameskettle.com
James Kettle
5,281 posts
James Kettle
@albinowax
Director of Research at @PortSwigger aka @Burp_Suite. Find my research, tools & contact details at jameskettle.com
- I just confirmed that yes, @brave browser's Tor mode appears to leak all the .onion addresses you visit to your DNS provider reddit.com/r/netsec/comme…
- I usually avoid non-technical posts... but can't resist sharing yesterday was the happiest day of my life #wedding
- HTTP is supposed to be stateless, but sometimes... it isn't! Some servers create invisible vulnerabilities by only validating the first request on each TCP/TLS connection. I've just published a Custom Action to help you detect & exploit this - here's a narrated demo:
00:00 - XSS in PDF.js! I think this is going to cause some chaos both client-side and server-side... really nice finding by @CodeanIO codeanlabs.com/blog/research/…
- I've added Log4Shell detection to ActiveScan++. Grab v1.0.23 from here: github.com/PortSwigger/ac…
- Manually testing for IDOR can get pretty tedious... so Backslash Powered Scanner will now recognise and flag iterable inputs! If you're interested in the background and philosophy behind BPS, check out the presentation: portswigger.net/research/backs…
- A few people had issues figuring out how to use HTTP Request Smuggler, so I've posted step-by-step instructions on how to use it to solve an online @WebSecAcademy lab:
- Looking for a mentor? I don't tutor, but I do lead a team dedicated to teaching web hacking to everyone for free. Every topic is designed by @PortSwigger hackers - @artsploit, @garethheyes, @DafyddStuttard and myself. You're in good hands. Start here: portswigger.net/web-security/l…
- How to find a HTTP/2 playmate: 1. Install Burp 2020.8 and HTTP Request Smuggler 2. Configure scope & browse some bug-bounty sites 3. Go to proxy, hide out of scope traffic 4. Ctrl+A, right click->Extensions->pick your scan 5. Wait portswigger.net/research/http2
- I'm thrilled to announce "HTTP/2: The Sequel is Always Worse" will premiere at @BlackHatEvents #BHUSA! blackhat.com/us-21/briefing…
- The whitepaper is live! Learn how to win the HTTP desync endgame... and why HTTP/1.1 needs to die:
- I had planned to present at Black Hat and DEF CON in person, but on Tuesday morning my baby daughter was born six weeks earlier than expected! So, not the ideal time to fly to Vegas. Thankfully she and her mother are recovering well. Hope you enjoyed the recordings, thanks for
Due to unexpected personal circumstances, my presentations at Black Hat and DEF CON will be virtual rather than in person. I’m a bit gutted to let people down but this is the best I can do. - Authentication bypass by supplying a regex as a session token - seems like a cool variant on the classic NoSQL 'where' injection
