Burp community forum

Burp Enterprise unattended install -- what is the administrator password?

When doing an unattended install from a response file generated by a previous install, e.g. `./burpsuite_enterprise_linux_v1_1_02.sh -q -varfile response.varfile`, what's the administrator password set to? The password from...

Last updated: Feb 19, 2020 07:47PM UTC | 3 Agent replies | 4 Community replies | How do I?

traffic Interception issues for vpn based applications

I have a licensed burp installed on my system. I am currently testing an IOS mobile app, the IOS mobile app works only when the vpn to my company network is established. My laptop is also on vpn connection. I have...

Last updated: Feb 19, 2020 04:36PM UTC | 1 Agent replies | 1 Community replies | How do I?

Is this a false positive? (sql / xpath injection)

Google brought me here. This previous post from 2015 seems similar to what I'm experiencing: https://forum.portswigger.net/thread/probable-bug-sql-injection-avoidable-false-positive-d1e55f31 Basically I have two...

Last updated: Feb 19, 2020 03:27PM UTC | 0 Agent replies | 0 Community replies | How do I?

Integrate Burp Enterprise with Splunk

Hi, I was looking at integrating Burp Enterprise with Splunk. I see documentation on ActiveEvent, but the it doesn't look like it works with the enterprise version of Burp. I would like to pipe the scan results to splunk...

Last updated: Feb 19, 2020 02:50PM UTC | 1 Agent replies | 0 Community replies | How do I?

Use the jenkins plug-in with pipeline scripting

Hello, Is there a way to use the burp enterprise jenkins plug-in inside a groovy pipeline script. Something like (jenkins pipeline syntax follows): stage('Web scan') { steps { ...

Last updated: Feb 19, 2020 02:36PM UTC | 1 Agent replies | 0 Community replies | How do I?

NET::ERR_CERT_VALIDITY_TOO_LONG

Information ------------------------------------------------------------ Version : Burp 1.7.32 (Professional) Burp Proxy Server : Kali Linux Certificate : Android Device 7.0...

Last updated: Feb 19, 2020 02:33PM UTC | 6 Agent replies | 5 Community replies | How do I?

Audit a REST API

There's a way to audit a rest API with Burp enterprise using the swagger file like with OpenAPI Parser in Burp Pro?

Last updated: Feb 19, 2020 01:45PM UTC | 1 Agent replies | 0 Community replies | How do I?

Login on website Scan

I was trying out the website scan functionality and I entered the login credentials for a site. I then entered all the other data and started the crawl and audit. When it was on the Account\Login page it did not appear to...

Last updated: Feb 19, 2020 09:40AM UTC | 2 Agent replies | 1 Community replies | How do I?

Exploiting cross-site scripting to steal cookies

I inject javascript code to steal cookies but the online lab doesn't simulate another user who views blog comments after they are posted ... any idea why ? Known bug ? I don't use Burp Collaborator but a service hosted on...

Last updated: Feb 19, 2020 09:14AM UTC | 3 Agent replies | 2 Community replies | How do I?

Lab: Reflected XSS into HTML context with most tags and attributes blocked

Hi all. I'm working on solving lab "Reflected XSS into HTML context with most tags and attributes blocked". I get an alert and find a pare of tag / attribute but lab does not get marked as solved. My solution is:...

Last updated: Feb 18, 2020 03:27PM UTC | 6 Agent replies | 8 Community replies | How do I?

Can I use private Burp2 Collaborator Server deployment with Burp1.7 Professional?

Hi, We are doing gradual rollout of Burp2, upgrading from Burp1.7 (professional versions). At the moment, Burp Collaborator is Burp 1.7. Is Burp 2 Collaborator Server backward compatible, so Burp 1.7 can continue to...

Last updated: Feb 18, 2020 01:43PM UTC | 1 Agent replies | 0 Community replies | How do I?

Autocomplete/Autofill enabled

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : "It was noted during the assessment that auto-complete feature was enabled on certain...

Last updated: Feb 18, 2020 11:43AM UTC | 1 Agent replies | 0 Community replies | How do I?

Improper Error Handling

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : At Error page, Application returns stack trace and debugging information, which...

Last updated: Feb 18, 2020 11:06AM UTC | 1 Agent replies | 0 Community replies | How do I?

Excessive information provided in response headers

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : By default, excessive information about the server ISS 10 application are returned...

Last updated: Feb 18, 2020 10:16AM UTC | 1 Agent replies | 0 Community replies | How do I?

Privilege Escalation

Hi, I have done a security testing in Burp Suite, while doing we have faced the below issue for our application. issue description : The application has different level of user access: General user and Admin user....

Last updated: Feb 18, 2020 10:16AM UTC | 1 Agent replies | 0 Community replies | How do I?

use 32-bit JVM

I am wondering if I am using wrong version JVM or Burp Suite. Recently our organization renewed the Burp Suite Professional v1.6.21. In account to that I see an alert message each time I launch as "You appear to be using...

Last updated: Feb 18, 2020 10:15AM UTC | 2 Agent replies | 5 Community replies | How do I?

"Lab: HTTP request smuggling, basic TE.CL vulnerability" need help in understanding

Hello, I'm trying to figure out what is going on under the hood but with no luck so far. Trying following as a possible solution I don't understand why the Response is "Unrecognized method G0POST" Why there is a zero...

Last updated: Feb 17, 2020 04:33PM UTC | 2 Agent replies | 1 Community replies | How do I?

Modify Executable in the Intercept Response Tab

Hi Folks, I have the following test use case with Burp and i kindly request your insight to resolving this: 1. I need to showcase a proof that a windows client (target) doesnt perform signature validation on the client...

Last updated: Feb 17, 2020 03:47PM UTC | 1 Agent replies | 0 Community replies | How do I?

How to decrpyt or encrpyt password hashes like SHA -256 , 512 ,224 with burp suite pro

Please help me with decrypting or encrpting password hashes when i try to hash/ de-hash using decoder the text appears to be scrambled

Last updated: Feb 17, 2020 11:11AM UTC | 1 Agent replies | 1 Community replies | How do I?

Regaring Web Security Academy : Lab: Exploiting cross-site scripting to steal cookies

In this Lab which user to simulate as the lab does not give option to create a new user , post comments in the blog with new user , Login as another user , view the new user blog , exfiltrate the another user cookie and send...

Last updated: Feb 17, 2020 10:06AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 1 of 88