Hacking the Docker Registry with Burp Suite

In this blog post, we will walk through the process of finding security bugs in a Docker registry by using Burp Suite with Intruder feature. Specifically, we will focus on how to brute-force directory names to find the repository file, and then demonstrate how to exploit the repository to get files.

Scenario: Our target domain is redacted.com, and we want to find any security vulnerabilities in their Docker registry. Let’s get started!

Step 1: Set up Burp Suite

First, we …

bug bounty bug-bounty-writeup burp burp suite docker ethical hacking hacking pentesting registry