You may have deployed Splunk Universal Forwarders on your systems to forward to your SIEM, but what if they are not properly secured and could be hijacked? Attackers could leverage them to remotely execute code (RCE)!
I share two new tools to demonstrate this technique.Splunk Universal Forwarder Hijacking 2: SplunkWhisperer2 on GitHub
The “Scan manual insertion point” Burp extension lets the user select a region of a request (typically a parameter value), and via the context menu do an active scan of just the insertion point defined by that selection. It is similar with the “actively scan defined insertion points” feature in the context menu of the Intruder, without the burden of having to send the request to the Intruder.
Just right click on a request and select “Scan manual insertion point”.Burp extension "Scan manual insertion point" on GitHub