挖洞技巧
Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond
https://www.intruder.io/research/practical-http-header-smuggling
Subdomain Enumeration Guide 2021
https://sidxparab.gitbook.io/subdomain-enumeration-guide/
Testing FIX-backed applications
https://labs.f-secure.com/blog/a-bit-of-a-fixer-upper-playing-with-the-fix-tcp-protocol
挖洞工具
A Burp extension to enable modification of FIX messages when relayed from MitM_Relay:
https://github.com/FSecureLABS/FixerUpper
APIKit:Discovery, Scan and Audit APIs Toolkit All In One.
https://github.com/API-Security/APIKit
APISandbox是一个包含多个场景的API漏洞靶场。
https://github.com/API-Security/APISandbox
