Burp Suite User Forum
test
test
test
The formatter thinks "<base>" need a close tag, but actually "base" is an empty element, as explained in https://developer.mozilla.org/en-US/docs/Web/HTML/Element/base clearly. Everything under "<base>" should not have...
Hi, I'm using Burp Professional 1.7.33. MacOS ver. Burp suite logged the first cookies for Scanner. I logout from website and I sign in with different membership. After I'm using Scanner. But cookies not true, because...
A server team is reporting that it is still receiving attack strings and file upload attacks from my scan even though I stopped scanning more than one week ago. Is it possible that Burp (or my OS) is still trying to send...
The scanner plugin for cross domain script inclusion is not very reliable - it always shows not nearly all cross domain scripts that are included. For example, if there's a script block on a page that injects another script...
Burp Suite has reported about use of Permanent or persistent cookies on client machine. Should we stop using them? What are the alternatives available?
Hi Team, I get this error message while running Burp Suite spider & scanner against multiple post request using asp.x application which are using xrftoken or key in body content : java.net.SocketException: Software...
What is Private IP addresses disclosed reported by Burp Suite, and how to fix it. Please let us know what can be the cause of this issue and how to fix it.
Hi, Below page contains a list of issue that Burp Suite can report. https://portswigger.net/kb/issues It will be really helpful if it can hint about the cause and possible fix for it. We really don't have idea what is...
Hello, During an active scan I canceled some items and paused the scan (or the opposite, I don't recall the exact sequence). The results was when I tried to resume the scan, the items I wanted to scan stayed in "waiting"...
Our security team has reported something called [What is abuse of functionality], by which the user entry can be altered to some other value, even though we have validation for it. Lets say, one can choose max next 30 days...
Adding an entry to "Skip server-side injection..." in the Scanner Options does not prevent that (for instance) parameter from being actively tested, i.e. making requests with payloads on that parameter. I need to add the...
Hello, Session handling rules/Rule Actions: Use cookies from the session handling cookie jar with Proxy set as the scope does not work anymore. It used to work in previous versions. It was one of most important feature...
Get this message: https://i.imgur.com/XDPPoHl.png Burp Suite Professional 1.7.32. Not sure if there are any error logs I could look at anywhere?
I noticed this weird behavior when I named one like "thatProject" with a mix of upper and lower letters now it always show as duplicate entries in projects list like: "ThatProject" "/path/ThatProject.burp" ...
Hi, I use the proxy to capture the request i made to my api. Some of the requests are not captured by the proxy (mostly PUT and DELETE) any idea why?
Since version 1.7.32 of BurpSuite, when a Burp Extender sends HTTP requests using IBurpExtenderCallbacks#makeHttpRequest while active scanning, IHttpListener#processHttpMessage sets IBurpExtenderCallbacks#TOOL_SCANNER to the...
To Whom this May Concern, I am attempting to download newer versions of the tool via the update prompt that comes up in the tool. When I click to download the installer it appears to be downloading and gets to...
Page 131 of 148
Your source for help and advice on all things Burp-related.