Burp Suite User Forum
Hi, I'm using an iMac with the Proxy Listener set up and have set it up correctly on my iOS device. I can see some of the http history appearing in the listener when websites are browsed in the browser, although it is slower...
Our Burp Suite (latest professional, default settings, no extensions) "Site map" shows an inconsistent behavior for displaying or hiding requests (without filter, i.e. "Showing all items"). According to the documentation...
Dear Sir, I saw that the burp collaborator support upstream proxy during the healt check, in my current setup the health check is fully green. Using our collaborator server. But the in the alert window I continue to...
It seems that the In-Scope defining doesn't allow defining scope using only rules that exclude addresses. A way to circumvent this seems to be to make a single include rule for IP-address range 0.0.0.0/0.
I've tried using the "discovery" feature but tend to find it's not particularly useful because of its tendency to regard common methods of redirecting to login forms as a "success", meaning it fills the site map with false...
test
test
test
test
The formatter thinks "<base>" need a close tag, but actually "base" is an empty element, as explained in https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base clearly. Everything under "<base>" should not have...
Hi, I'm using Burp Professional 1.7.33. MacOS ver. Burp suite logged the first cookies for Scanner. I logout from website and I sign in with different membership. After I'm using Scanner. But cookies not true, because...
A server team is reporting that it is still receiving attack strings and file upload attacks from my scan even though I stopped scanning more than one week ago. Is it possible that Burp (or my OS) is still trying to send...
The scanner plugin for cross domain script inclusion is not very reliable - it always shows not nearly all cross domain scripts that are included. For example, if there's a script block on a page that injects another script...
Burp Suite has reported about use of Permanent or persistent cookies on client machine. Should we stop using them? What are the alternatives available?
Hi Team, I get this error message while running Burp Suite spider & scanner against multiple post request using asp.x application which are using xrftoken or key in body content : java.net.SocketException: Software...
What is Private IP addresses disclosed reported by Burp Suite, and how to fix it. Please let us know what can be the cause of this issue and how to fix it.
Hi, Below page contains a list of issue that Burp Suite can report. https://portswigger.net/kb/issues It will be really helpful if it can hint about the cause and possible fix for it. We really don't have idea what is...
Hello, During an active scan I canceled some items and paused the scan (or the opposite, I don't recall the exact sequence). The results was when I tried to resume the scan, the items I wanted to scan stayed in "waiting"...
Our security team has reported something called [What is abuse of functionality], by which the user entry can be altered to some other value, even though we have validation for it. Lets say, one can choose max next 30 days...
Adding an entry to "Skip server-side injection..." in the Scanner Options does not prevent that (for instance) parameter from being actively tested, i.e. making requests with payloads on that parameter. I need to add the...
Page 123 of 140
Your source for help and advice on all things Burp-related.