Burp Suite User Forum
OWASP TOP 10 has been revised for 2017... noteably there are 3 new vulnerabilities listed; A4 - Broken Access Control, A7 - Insufficient Attack Protection, and A10 - Underprotected APIs. When do you plan on updating your...
Like other professionals, we use CWE for classify vulnerabilities. In our case we try to use several tools and correlate vulnerabilities in this way. Thank to that we can create custom reports using our description of...
Do the vunarabilities identified are classified to any security standards (OWASP/CWE)? Also whether the latest scanner covers all the OWASP 2017 top 10 vunarabilities ?
So that a testar can script requests and responses on the fly without the pain of writing custom extensions. Extensions are awesome, but sometimes the timeframe is very limited, kicking the "write an extension for this" out...
Is there anyway to automatic resend request with 5xx Status & "no response" in Intruder module. I always have to manual resend 100k or more request with 5xx Status or "no response" after 10m request. Which is very...
Adding a comment to a IRequestResponse object can be useful for a number of things. However, not all extensions consider that this is a shared field and may overwrite values set by other extensions. A solution to this may...
I was recently working on a badly broken app that had home rolled session tokens (never a good thing). The token entropy was so bad that there were even duplicates in the sequence. Now, whilst this is the kind of thing...
I like the color highlighting of requests in the proxy http history, but the hard-coded colors are mostly too bright/vibrant. It would be nice to be able to use a custom color so I can use softer colors.
Let me put this straight. I have configured burpsuite proxy and everything correctly. How do I find the exact time and date a request was made? For example when I go to www.google.com, I want burpsuite to show me...
Hi! the BApp Store currently includes nearly 200 extensions. When having a specific need, I systematically go the Web version (https://portswigger.net/bappstore) and Ctrl+F the page. That requires Internet access, breaks...
Hi! Hackers love to hack by night. And our eyes are so fragile... To be short: I can't wait testing 2beta10 and its new dark theme :-D https://twitter.com/Burp_Suite/status/1055436883805827073 Looking forward!!
In the Site Map tree, I can see many payloads (in folder and file names) which were used by Active scanner (alone, or by some extension during the Active Scan). Such payloads are: %00grqjw%22a%3d%22b%22sc35f %00prompt(1)...
Hello, Kindly I would like to know if we can integrate Burp with Microsoft Team Foundation Server (TFS) or if we can integrate the test result into TFS. Also, is possible to run the test as continuous integration? Thanks...
The Active scanner in Burp already identifies SQL statements within queries as potential SQL injection vulnerabilities. However, some applications log the executed SQL statements in the HTML output as comments or in an HTML...
It's a commonly implemented UI pattern that when a dialog has a list that you can select elements from and a button to commit to that selection, double clicking an element on the list performs both actions (selecting the...
Hi, how to capture windows based authentication application thanks, Anju.
Can you please add an option to disable notification to upgrade to Burp 2.0? I'm planning on staying in Burp 1.x for now. It gets tedious click close each time I open Burp.
Hello! I've often found myself in need of switching DNS for an assessment, for various reasons, and I believe that being able to override the system resolvers via Project / User options would be quite handy.
On some circustances there is the need to process a dynamic value like anti-csrf token and append this to a parameter. I'm not sure this could be helpful to others, anyway should be a great feature.
When will the professional version of the crawler support front-end frameworks like VUE? In the face of such systems, the reptiles became furnishings.
Page 50 of 66
Your source for help and advice on all things Burp-related.