How do I? - Page 310 - Burp Suite User Forum

the restoreState() function gives a runtime error

I'm developing an extension that pulls back a list of saved burp states into a table. I'm trying to get the application to restore the burp state when one of these items is clicked. Unfortunatly Burp is giving me a runtime...

Increase single-thread scanner speed

Not sure if this is a bug or the standard behavior, so posting here first. I tried this with burpsuite_pro_v1.6.11.jar and burpsuite_pro_v1.6.02.jar with the default initial config. The application was hosted locally with...

Proxy (VPN) Help [URGENT]

Hello, I've got Burp Suite Professional and I've got a test Process here for my Website, that it attempts a combination of a specific E-Mail and a bunch of Passwords. However, I've put it (on my Website), so if the user...

Session handling

session < > " ' `

Session handling

The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redirecting and sometimes after...

Session handling

The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redirecting and sometimes after...

Handling Multi-Staged Logins for Scan with Burp

I am trying to automate the login process and validation of successful login via Burp Session Handling/Macros. This login requires an initial POST that includes the username/password, then, in the response to the initial...

intercept proxy based applications

I was trying to intercept an application (Internet Download Manager) requests after I configured it's proxy, I was able to intercept the request, however I don't receive response. could it be a certificate problem? if not,...

Determining number of requests/attacks made

I am scanning two websites for XSS attacks (or any other test) only One is ASP.net and other is PHP. Lets say I am testing only URL parameter value and in both the cases there 5 parameters each Question 1: For both...

changing responses exiting burp

A thick java application needs gzipped responses, so I'm trying to make an extension that re-gzips HTTP responses going from burp to the application. However I can't find the right callback to register. Both IHttpListener...

Query Parameter in SSL Request, where is this?

I am validating issues which were previously found. In the URL, the following information is available: GET /cleaned/servlet/ControllerServlet?commandLink=AppPriceReportList.jsp HTTP/1.1 Since the connection is via...

Intercept server request/client response

Im running a game server and the masterserver request bunch of informations so it can show my server in a server list/browser this is the request from the server (wireshark) GET / HTTP/1.1 host: XX.XX.XX.XX:4545 (my...

Spidering - avoid getting all the products from store

Hi there, I've been trying to spider a site and adding the results to the scope. The problem I'm facing is if we want to spider a store with a catalog of, for example, 10k items, it will try to crawl all those items (the...

Transfer license from one user to another

I have purchased Burp Suite for multiple users. Can you please tell me the steps to activate the second user using the license key that I have purchased ?

Writing an extension to add a signature on requests

Hello, I am testing a web service that expects one of the request parameters to contain a hash of the remaining parameters and a shared secret. If I do a scan of it with Burp Scanner the majority of the requests will be...

Importing CA certificate into cert

I have read the howto and i am trying to do the following in order to create new cert and import it into burp. 1. openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der 2....

Macro creation for variables that keeps changing for every request and response.

Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login...

Treating existing values in a parameter while scanning

Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning...

Python Extensions

I have installed Jython and installed several Python-based Extensions. I have configured 'Folder for loading modules' to point to /usr/lib/python2.7 (have also tried python2.7 and python3.2). All extensions fail. Most...

How to flag only new issues when Burp is run on a continuous basis

Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The...

the restoreState() function gives a runtime error

Increase single-thread scanner speed

Proxy (VPN) Help [URGENT]

Session handling

Session handling

Session handling

Handling Multi-Staged Logins for Scan with Burp

intercept proxy based applications

Determining number of requests/attacks made

changing responses exiting burp

Query Parameter in SSL Request, where is this?

Intercept server request/client response

Spidering - avoid getting all the products from store

Transfer license from one user to another

Writing an extension to add a signature on requests

Importing CA certificate into cert

Macro creation for variables that keeps changing for every request and response.

Treating existing values in a parameter while scanning

Python Extensions

How to flag only new issues when Burp is run on a continuous basis

Burp Suite Support Center