Burp Suite User Forum
Currently request body and response body is decoded with Latin-1, inferred from question 17199168. The "Latin-1" is very ambiguous, but here I suppose "code page 1252" is referred to. According to HTTP standard, if...
Hello, I'm working on a project where I'd like programmatic access to the Content Discovery tool. On another thread I read this agent's response: "There isn’t currently any way to use Burp’s own Content Discovery...
We have this script, " '-alert(1)-' ". I tried to execute this script in lab without "-" and it didn't work. So I searched about it, but didn't find anything interesting to make it clearer for myself. Why is divis...
i suggest to add discussion for each lab in web security academy it will be very helpful for example in lab (User ID controlled by request parameter with data leakage in redirect) which details is( This lab contains an...
I am using Burp Enterprise Version: 2020.1-2902, Java version: 9.0.4 and Burp Professional v2.1.04 and I am not getting the same result from both the tools. Could you please provide me the tool Limitations for both.
The ReSearcher asking HTTP/2 support but Burp didnt add this feature in last 5 years. UnLucky..
Hi, I noticed that "Scan next" is no longer there with Burp 2.1.07. Would it be possible to add it, or some similar Priority-based handling of Items in the Scan Queue?
Hello , It would be a useful feature to have a filter based on different colors available for highlighting. One can categorize while testing and then while writing reports , find requests / responses quickly...
Hello, from my experience as a trainer, the meaning of the 'Edited' column in 'Proxy / HTTP history' is quite often misunderstood. In fact, students' expectations are coherent, they just don't match the design choices...
Please support OASIS Web Services Security (WSS), or short: WS-Security - https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss Soap UI for example already fully supports it:...
Hello, I have a question again. About context into JavaScript, "Terminating the existing script" I understood. The question appears when I go to the lab for practice, >>Reflected XSS into a JavaScript string with single...
Hello. I am learning about XSS as you can see, and I can’t understand a little bit about that scriptable context: " autofocus onfocus=alert(document.domain) x=" , I understand what autofocus and onfocus do, but I have no...
Hi, Sometimes it would be useful to have a custom column when displaying history/results - especially for Intruder, but also for Proxy History. This would allow things like Content Length to be shown (vs Length), plus other...
Hello there i have somehow messed up a lab which is click jacking ui thing. Please do rest the first lab of it.
Dear Team, Even though i am disabling HTTP Trace method using the Approach mentioned under Issue definition sub tab under Target Tab, but still our burp tool is listing that method as allowable , please suggest any...
Hi, It would be nice if you could add support for encoding rules in intruder or scanner. This need comes from many websites where base64 encoded JSONs are used to transfer information between the client and the backend....
I would like to know if there's an option to load multiple/bulk web URLs and schedule scans for multiple/bulk web URLs. If there's an API for this, could you point me to it?
When right clicking on an issue, is there any way can you add an additional option of "Confirmed" to the "Set Confidence" menu? (Maybe with a check-mark icon and different colored circle based on severity?) Just as you've...
I often find myself having to cancel and re-scan an individual audit item when it is slowing down the scan. It would be a great if individual items could be paused and restarted later during the scan.
Hello, the proxy doesn't work on any computer for me. I have followed the instructions given on your site (burp, browser and certificate configuration). I tried using it on a Mojave Mac OS, Windows 8.1 and Debian 18.04...
Page 42 of 64
Your source for help and advice on all things Burp-related.