How do I? - Page 113 - Burp Suite User Forum

burp hostname resolution

Hello, i use burp as a proxy in my malware lab for intercepting communication in a VM used as a proxy. I have create two proxy listeners and they redirect traffic to inetsim. https://ibb.co/5LNj5Zf My...

How to set system wide proxy settings on Ubuntu 18.04 without exporting the environment variables?

Hello, I am Ubuntu 18.04 and I would like to set system-wide proxy settings without exporting the environment variables. I don't want to use the command export http_proxy='http://127.0.0.1:8080' as it declares the...

configure scan for HSTS

want to just search for HSTS vulnerabilities on security headers on a website. what configuration do I use that will show it.

Web Cache Poisoning X-Forwarded-Host

Hi, I am attempting the "Web cache poisoning with an unkeyed header" lab. I am not receiving a response in the Repeater when I add the X-Forwarded-Host (example.com). However, I receive a response as normal with or...

SSL error for Android

Getting below error: Kindly support on priority - The client failed to negotiate a TLS connection to : Received fatal alert: certificate_unknown

No connections to the polling server at polling.[domain] could be opened. The collaborator will not work in this configuration.

I am struggling to get my private Burp collaborator working correctly, running a health check gives: An HTTP connection to the capture server at 6qxgdpy57h21gh1p4si6u6jil9rm55pntqi.[DOMAIN] could not be opened. An HTTPS...

How can i make send get request then post request in Intruder?

Hello i Have an AB test , first i need to send Get Request then Send Post Request , how can i automate this in Intruder ?

BURP api is not working

Hi Team, I have generated api key and keeping http://127.0.0.1:1337 service running in useroption=> misc tab and i am trying to run http://127.0.0.1:1337/v0.1/ it is working fine but When i am trying to...

Install Burp Suite Enterprise inside alpine docker

Trying to install Burp Suite Enterprise inside alpine docker. Java is installed (OpenJDK-11) and it is in PATH. JAVA_HOME is set. Still, I get error that java is not found Trying to install Burp Suite Enterprise...

Anti CSRF Token

I keep spending hours on something so simple that should be part of this product... I can't bypass a simple setup like below to perform a scan. GET /comment provide anti csrf value in body let's call it...

Auto-reject client requests for sites with bad certificates

I'd like to configure Burp Suite to automatically reject requests from the client for sites with bad certificates. This seems really basic, but I haven't found a way to do this. Using badssl.com for testing, Burp Suite lets...

Extract strings matching a regexp in Burp

Hello guys, Any idea how to extract strings matching a regexp in Burp? I mean i see how to search but not how to extract. Thanks,

How does Active Scanner know the the request body to post to an api endpoint?

I ran burp suite's active scanner and in one of the requests it made to an API, the post request body was filled automatically with the needed JSON data. How does burp know what data it should post? I also used an extension...

Burp Collaborator

Any reason why Burp Collaborator would stop working? not getting the ping responses on collaborator even when i visit the link in my own browser

export to csv format

Hi! Is it possible to export the Burp vulnerability report into a csv format instead of xml/Html?

unable to intercept google.com request

one of the application i am testing using google recaptcha which fetched from "https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit&hl=en" then i tried to access google.com it also not working. i...

Update

Ever since update i can no longer access anything with my burpsuite i get errors when i check for updates i get unable to check for updateds due to network error even when i try to access the browser within the proxy...

Lab - Reflected XSS into HTML context with most tags and attributes blocked

Hi I am busy with the lab, "Reflected XSS into HTML context with most tags and attributes blocked". I successfully fire the print() on myself and the simulated victim, but for extra practice preparing for the burp suite...

XXE file protocol to retrieve files

Hello, first of all: Thanks for the amazing learning materials, I have really learned a lot! My question concerns XXE, specifically the "file" protocol mentioned in the learning materials. It says that: "The...

How to run multiple scans with different scan configurations at the same time.

Hello, currently I launch multiple scans (each one with a different scan configuration) over one request. However this is time-consuming, and I want to know if there is a way I can semi-automate this process, if there is...