Burp Suite User Forum
Hello team, I'm practicing the upload file vulnerabilities labs now and i tried to solve it with introduce solution but i still getting 400 errors back at the turbo intruder and can't achieve the secret. The lab:"Web...
Hi, I hope I didn't miss it anywhere on the website, but I couldn't find how to install a local Jython extension in Burp through the Manual Install-button in the BApp Store tab. The extension runs fine in...
Hi everyone, Can I add/edit an active scan payloads list? Can I add a custom extension to the active scan extension so my custom extension will be triggered during the active scan as well?
Just like the burp versions, is there an RSS feed for newly added extensions in the bapp store? Or should one write a custom parser on it?
Hello, I've learned a lot on this topic by resolving every lab, but now I have been trying to find them in the real world and when I use this extension many times it finds at possible CL.TE or TE.CL and it always says...
Hello Team, Hope you guys are doing well. I 'm currently writing an extension for my burp suite but i 'm facing an issue related to following redirects properly in extension code. I 'm using Jython as development, and...
Hello, While installing java or ruby related plugins, plugins with python do not load and give an error message. I tried to download from the bapp store is not installed. Burp Suite Professional 2021.10.3 OS:...
Hello, Our organization has a burpsuite enterprise license. We are trying to invoke burp enterprise site (with custom configuration and extension) from jenkins or from REST API - POST screen. I have created a burp...
So, in Intruder if I load certain built in payload lists (like the SQLi one), many of the requests have an entry like "{Base}' or 1=1--", however then the request is sent to the server like: GET /example.php?id=123{Base}' or...
i have installed the extension IP rotate and require fields. further provided required access key and secret key from aws services. yesterday it was functioning well. but now it is not getting enabled only and at the same...
I seem to be having an issue with the way that ATOR is pulling an access token from a Request. I have dug into the issue and it appears to not be properly pulling the token and replacing it in my requests. I tried a few...
When installing a python extension such as Authorize I'm getting this error. Traceback (most recent call last): File "/home/myhome/.BurpSuite/bapps/f9bbac8c4acf4aefa4d7dc92a991af2f/Autorize.py", line 9, in <module> ...
hello, am using MacBook pro M1 and i was able to download Kali linux but the burpsuite is not found on the virtual machine. any help?
I want to install https://github.com/intruder-io/param-miner this extension manually,how can I make it as a jar file.Thanks in advance
Dear support, I'm working on an extension that modifies the multipart attributes of a file that is uploaded via a multipart request. See the example request below: POST /doUpload.action HTTP/1.1 Host:...
Hello, After performing an active scan, I usually go into Dashboard >> "View Details" of the task >> Logger tab to see the requests that were done and how the server responded to them. However I noticed that requests...
I have a question, would you like to know false positive or positive? Or do you need to fix? HTTP/1.1 200 OK Date: Mon, 13 Sep 2021 14:03:31 GMT Server: Apache Strict-Transport-Security: max-age=31536000;...
Hi, How do I know if an extension I'm interested in, is intrusive or not. My goal for the time being is to run scan that will not harm the location/DB/code that I'm scanning
hello all i have configured jython and I used my credentials in IP rotate and still not able to rotate ips my IP is not rotating.. Please help
Hello everybody, I have this error when try to enable python burp extensions : " java.lang.Exception: Failed to open Jython JAR file at burp.a8h.<init>(Unknown Source) at burp.dhy.a(Unknown Source) at...
Page 5 of 33
Your source for help and advice on all things Burp-related.