Burp Suite User Forum

What is the best way to handle SQL Injection errros reported by BURP in a PHP – Apache environment?

BURP suite is reporting SQL Injection errros, whats best possible way to handle those errors in a PHP – Apache environment.

Last updated: Aug 17, 2015 08:50AM UTC | 1 Agent replies | 0 Community replies | How do I?

Database scanning

Is Burpsuite capable of performing vulnerability scans against databases ? I have seen and there is no option, but just wanted to confirm with the experts. Also, do we have a security standard for databases as we have...

Last updated: Aug 17, 2015 05:04AM UTC | 1 Agent replies | 1 Community replies | How do I?

Collaborator Log Messages

We are testing a private collaboration server that is exposed to the Internet. When I came back from lunch I saw this in the console: 2015-08-05 12:40:12.508 : Request received:...

Last updated: Aug 14, 2015 03:06PM UTC | 1 Agent replies | 1 Community replies | How do I?

No UI after launching BUrp from command line

When I try to launch Burpsuite v1.6.01 from my 32-bit Ubuntu-12.04LTS, it shows message "Proxy:Proxy service started on 127.0.0.1:8080" but no UI is displayed means Burpsuite App is not launched. -My PC has a second...

Last updated: Aug 10, 2015 11:10AM UTC | 2 Agent replies | 2 Community replies | How do I?

ASP.NET forms authentication login redirect

Can Burp Suite support a login redirect where the login page is not within the scope? I have a /Employee and a /Customer area within my ASP.NET MVC application. For ease of development, the login URL in Web.config is...

Last updated: Aug 10, 2015 10:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burpsuite is not starting

When I try to launch Burpsuite v1.6.01 from my 32-bit Ubuntu-12.04LTS, it shows message "Proxy:Proxy service started on 127.0.0.1:8080" but no UI is displayed means Burpsuite App is not launched. -My PC has a second...

Last updated: Aug 10, 2015 08:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do i replace a value that is sent in multi-part/form-data body of a request?

Dear all, I have the following Form data, that is sent through HTTP POST to a site: -----------------------------10935559812996 Content-Disposition: form-data;...

Last updated: Aug 10, 2015 08:05AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Collaborator - Wildcard certificate problem

Hi all, I have an internal collaborator Server up and running on a physical server with the following config: { "serverDomain" : "collaborator.test.com" "eventCapture" : { "https": { "hostname" :...

Last updated: Aug 03, 2015 01:29AM UTC | 3 Agent replies | 1 Community replies | How do I?

Internal VA

Hi there, I am doing some Internal VA scan. What is the difference between External VA scan and Internal VA scan.What are the most common things to look out for. What are the most common web host used by a mid to large...

Last updated: Jul 31, 2015 09:48AM UTC | 0 Agent replies | 0 Community replies | How do I?

Site Map Data populations

Hi All, I have a question related to site map. As per "https://portswigger.net/burp/help/target_sitemap.html", Site Map Views can be created by "The left-hand-side tree view contains a hierarchical representation of...

Last updated: Jul 29, 2015 08:15AM UTC | 1 Agent replies | 0 Community replies | How do I?

Installing Burp's CA Certificate in an Headless Android Emulator

Hi, I am using an headless android emulator with API leve 19 on amazon ec2 ubuntu instance. Can you please with installing Burp's CA certificate in an headless android emulator ? Thanks, Chhagan Mathuriya

Last updated: Jul 28, 2015 07:57AM UTC | 2 Agent replies | 1 Community replies | How do I?

the restoreState() function gives a runtime error

I'm developing an extension that pulls back a list of saved burp states into a table. I'm trying to get the application to restore the burp state when one of these items is clicked. Unfortunatly Burp is giving me a runtime...

Last updated: Jul 27, 2015 02:14PM UTC | 4 Agent replies | 2 Community replies | How do I?

Increase single-thread scanner speed

Not sure if this is a bug or the standard behavior, so posting here first. I tried this with burpsuite_pro_v1.6.11.jar and burpsuite_pro_v1.6.02.jar with the default initial config. The application was hosted locally with...

Last updated: Jul 26, 2015 08:39AM UTC | 4 Agent replies | 2 Community replies | How do I?

Proxy (VPN) Help [URGENT]

Hello, I've got Burp Suite Professional and I've got a test Process here for my Website, that it attempts a combination of a specific E-Mail and a bunch of Passwords. However, I've put it (on my Website), so if the user...

Last updated: Jul 23, 2015 07:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Session handling

session < > " ' `

Last updated: Jul 21, 2015 01:46PM UTC | 0 Agent replies | 0 Community replies | How do I?

Session handling

The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redirecting and sometimes after...

Last updated: Jul 21, 2015 01:00PM UTC | 0 Agent replies | 0 Community replies | How do I?

Session handling

The log out detection in Burp is inconsistent when "Follow redirections where necessary" (Scanner > Options) is set. Inconsistent because it tests the session validity sometimes before redirecting and sometimes after...

Last updated: Jul 21, 2015 01:00PM UTC | 0 Agent replies | 0 Community replies | How do I?

Handling Multi-Staged Logins for Scan with Burp

I am trying to automate the login process and validation of successful login via Burp Session Handling/Macros. This login requires an initial POST that includes the username/password, then, in the response to the initial...

Last updated: Jul 17, 2015 07:35AM UTC | 4 Agent replies | 4 Community replies | How do I?

intercept proxy based applications

I was trying to intercept an application (Internet Download Manager) requests after I configured it's proxy, I was able to intercept the request, however I don't receive response. could it be a certificate problem? if not,...

Last updated: Jul 13, 2015 12:36PM UTC | 3 Agent replies | 2 Community replies | How do I?

Determining number of requests/attacks made

I am scanning two websites for XSS attacks (or any other test) only One is ASP.net and other is PHP. Lets say I am testing only URL parameter value and in both the cases there 5 parameters each Question 1: For both...

Last updated: Jul 10, 2015 03:19PM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 107 of 111

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image