Burp Suite User Forum

Login to post

Importing CA certificate into cert

I have read the howto and i am trying to do the following in order to create new cert and import it into burp. 1. openssl req -x509 -days 730 -nodes -newkey rsa:2048 -outform der -keyout server.key -out ca.der 2....

Last updated: Jul 01, 2015 09:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Macro creation for variables that keeps changing for every request and response.

Hello, I am trying to create a macro to login to the website (as a part of session handling rules). The web site is in aspx In the macro editor, under macro items, I have made the entries that will successfully login...

Last updated: Jun 30, 2015 10:57AM UTC | 1 Agent replies | 1 Community replies | How do I?

Treating existing values in a parameter while scanning

Hello, I am adding a URL for scanning that has 10 body parameters for scanning Out of the 10 parameters, 4 parameters are already filled with some values. Other 6 parameters are left blank. When we are active scanning...

Last updated: Jun 30, 2015 10:56AM UTC | 2 Agent replies | 2 Community replies | How do I?

Python Extensions

I have installed Jython and installed several Python-based Extensions. I have configured 'Folder for loading modules' to point to /usr/lib/python2.7 (have also tried python2.7 and python3.2). All extensions fail. Most...

Last updated: Jun 27, 2015 03:31PM UTC | 1 Agent replies | 2 Community replies | How do I?

How to flag only new issues when Burp is run on a continuous basis

Hi, I am trying to run Burp tests automatically from a test suite. I want to re-run these test suites every two weeks. I want to flag only the new issues when I re-run the burp tests. Is there a way to do this? The...

Last updated: Jun 17, 2015 08:29AM UTC | 1 Agent replies | 0 Community replies | How do I?

Spider a application with form based login

For spidering I filled in the scope at Target > Scope. And at Spider > Options I used for "Application Login" > "Prompt for guidance". But after running the spider as "Spider from here" (as it was the / site) only a...

Last updated: Jun 16, 2015 04:08PM UTC | 1 Agent replies | 1 Community replies | How do I?

CSRF PoC vulnerability only succeeds while Proxying through Burp

This may be a dumb question as I may not fully understand how this CSRF vulnerability is working. Scenario: Within the application using Spring / Spring Webflow, and Spring Security. I am able to create a PoC with Burp...

Last updated: Jun 11, 2015 08:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Updating Cookie Jar based on redirected responses

Hello! I'm having troubles updating burp's internal cookie jar based on redirected responses. Eg. I send a POST request to /whatever.jsp with a cookie SESS1=123, I get a response w/ 302 Found, when I follow the...

Last updated: Jun 10, 2015 11:25AM UTC | 1 Agent replies | 0 Community replies | How do I?

Java Socks Override on OSX

Hi there, This is more a heads up rather than a question. I use a socks proxy via SSH/corkscrew when I am onsite at clients' sites to get unobstructed internet. To do this I set the OSX OS proxy settings to my socks...

Last updated: Jun 04, 2015 02:39PM UTC | 1 Agent replies | 0 Community replies | How do I?

Proxying Java / JAR

I have a website that launches a JAR (java applet) I want to proxy the requests that applet does via Burp Suite Burp Suite listens on port 8080 and invisible proxying is also enabled. In java settings , I have...

Last updated: Jun 01, 2015 12:32PM UTC | 3 Agent replies | 2 Community replies | How do I?

How do I get the referrer or spider links

Hi, I see that the spider has a referrer header option, however when I look at the sitemap, there are no referrers. Is there anyway to get the URLs with the referrer from sitemap that were spidered?

Last updated: May 29, 2015 03:59AM UTC | 2 Agent replies | 1 Community replies | How do I?

Validating File uploads

Hi all, This may not be related to Burp Suite tool as such, but wanted to check if someone from this community could help Situation: As a part of file upload checks, only certain file extensions are allowed. But we...

Last updated: May 25, 2015 07:19AM UTC | 0 Agent replies | 0 Community replies | How do I?

Sciript a Proxy Match/Replace (or well really just an insert)

Is there a way to script or conditionally to Match/Replace with the Proxy. Similar to what's in the "Options" tab but slightly more complicated. Specifically what I'm looking for a find requests that don't have a referer...

Last updated: May 22, 2015 03:31PM UTC | 1 Agent replies | 0 Community replies | How do I?

Target scope: Include the URL only once for scan

My website is sending below GET requests (REST style), abc.com/groups/1 abc.com/groups/2 abc.com/groups/3 ... abc.com/groups/23000 Now during an active scan, scanning one of the request is enough (saves time). Is...

Last updated: May 22, 2015 03:26PM UTC | 1 Agent replies | 0 Community replies | How do I?

Getting Java Heap Space Error.

Hi Team, Getting Java Heap Space error and eventually Burp Suite got hanged later on. Increase Java Heap Space as mentioned below but still not getting valid response. Increase the size as mentioned below but still...

Last updated: May 18, 2015 12:28PM UTC | 1 Agent replies | 0 Community replies | How do I?

Clone a online website to work offiline with burp clone a google app with burp

Good day How do I clone a Google app with Burp suite. I know how to spider a app. I know the diference but can burp clone a website like WGET or HTTRACK? Is it possible to use Burp to download a local copy of googels XSS...

Last updated: May 18, 2015 07:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

Spidering + Form Submission

I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there...

Last updated: May 13, 2015 12:32PM UTC | 2 Agent replies | 2 Community replies | How do I?

How do I change the user-agent string that the scanner sends in requests

I want to scan the mobile pages of my web application. In order to do this I need the change the user-agent to emulate a phone. Is there a way to do this? Thanks!

Last updated: May 06, 2015 02:11PM UTC | 1 Agent replies | 2 Community replies | How do I?

Report on CSRF Vulnerabilities

Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report...

Last updated: May 06, 2015 10:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Command line commands

We installed Carbonator and want to execute commands in "headless" mode. What are the commands to set a target, set a proxy, scan (active and passive), spider, etc.? Thanks!

Last updated: Apr 30, 2015 07:46AM UTC | 2 Agent replies | 1 Community replies | How do I?

Page 117 of 120

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image