Justin Gardner

I also experienced this with `herokudns.com`. Sometimes it would find it and sometimes it would not. It could also not find domains that were domain -> Cloudfront/Cloudflare -> heroku. Even...

Great - looking forward to seeing what you come up with.

Hey! She's actually taking a break from streaming since mixer went down. I'll make you a deal, I'll decrease the number of coffees I owe you from the Bug Bounty...

Hey Mongo! Thanks for the reply. > I think this is a can of worms because then every single XSS by some users will start to be reported as "account...

> CSRF are set as "Varies" (depending on the action) so to me it seems weird that particular one got P2. Supposedly, a P2 would be for site-wide CSRF (all...

> I could see that, but would that be enforced per program+researcher, or for the whole program? ie if I submit a XSS as "account takeover" and get the full...

> I don't disagree with your points but lets say reflected XSS with account takeover becomes P2 instead of P3. Then, a stored XSS with account takeover would probably need...

I just lost everything that I organized for like 6 hours by restarting Burp. I would really love to see this feature implemented. Am willing to pay a `feature bounty`...

I was right clicking from the configuration screen, not the results screen.

This is pivotal!