Burp Suite User Forum

Login to post

Access Request panel from Intruder | Positions subtab using Swing

I am trying to add intruder request using Jemmy automation. I can find all components under Intruder | Positions subtab except the main request text area. I tried to dump all the compnents and look for the specific area...

Last updated: Oct 28, 2015 01:57PM UTC | 1 Agent replies | 0 Community replies | How do I?

List Burp Proxy Listeners

Greetings, Quick question - how would one obtain a list of every Proxy listener currently configured within Burp using the BurpExtender API? I've tried leveraging the callbacks.getProxyListeners...

Last updated: Oct 21, 2015 06:34PM UTC | 1 Agent replies | 2 Community replies | How do I?

App ignoring system proxy settings?

I've looked at the first 5 pages of this Support Center and the closest I see to my problem is here (http://forum.portswigger.net/thread/1557/burp-displaying-webgoat). If this has been answered, or this is the wrong area to...

Last updated: Oct 21, 2015 08:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Proxy works only on 127.0.0.1

Hello, I'm trying to configure my proxy to work on other IPs than 127.0.0.1, but the browsers refused to connect to other ips than 127.0.0.1. I didn't see any errors, and I verify that the proxy is connected and running...

Last updated: Oct 20, 2015 07:50AM UTC | 1 Agent replies | 0 Community replies | How do I?

Binding burp to a low port

I am trying to do some invisible proxying through burp, but this requires binding burp's proxy to ports 80/443 which requires root privileges. However, if I run burp as root, it asks for another license. I am wondering if...

Last updated: Oct 20, 2015 07:49AM UTC | 1 Agent replies | 0 Community replies | How do I?

CA Import PKCS12 parameters

Hey PortSwigger, I'm currently trying to import a cert chain as my CA for burp suite (using Burp Pro). I need to import my intermediate certificate as the CA for each host, whilst also supplying the root cert file for all...

Last updated: Oct 19, 2015 01:23PM UTC | 2 Agent replies | 0 Community replies | How do I?

inserting Images from relative path

Hello, I would like to create an "About" page for my extension, but I am having difficulty finding the path that the extension resides in. I am currently using Jython to write my extensions. Right now, using the Python...

Last updated: Oct 19, 2015 08:01AM UTC | 1 Agent replies | 0 Community replies | How do I?

Save State - Save Only "Issues" in Target Tab

Used to be possible when "Issues" is part of Scanner tab. Newer versions saves the "Content" making the state file unnecessarily large. Thanks!!

Last updated: Oct 16, 2015 07:54AM UTC | 1 Agent replies | 0 Community replies | How do I?

dynamic cookie handling in burp intruder

How do i use the intruder if the webapp provide new cookie each time a new GET is made? Would it be possible for burp-intruder to pick the new cookie from the response and put it back as the next Request...

Last updated: Oct 14, 2015 11:30AM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp Proxy Conection Issue with Black Berry 7 Devices

Hi; We are using burp Pro Version of 1.6.27. In the Security Assesment we are not able to connect with BB7 Device like the Burp Proxy is not connected the BB7 device and it not intercepting. We are using BB7-9320...

Last updated: Oct 09, 2015 01:09PM UTC | 1 Agent replies | 0 Community replies | How do I?

Probable bug in session handling macro

Hi I am using latest version of Burp and created a Macro to login to complex website. It requires at least four request to complete the login sequence. Below are the first three requests (sanitised) First...

Last updated: Oct 07, 2015 03:00PM UTC | 1 Agent replies | 1 Community replies | How do I?

Intruder / Macro question

Hi, I'm trying to get a macro working with intruder. The sequence I am trying to repeat is : POST XML data to server1/service.svc Receive a token from server one (in the response it can be found between <token> and...

Last updated: Oct 07, 2015 02:21PM UTC | 1 Agent replies | 0 Community replies | How do I?

In consistency while reproducing XSS vulnerability

Burp has reported some XSS vulnerability for a website. For the below discussion let us use this URL...

Last updated: Oct 06, 2015 03:07PM UTC | 3 Agent replies | 2 Community replies | How do I?

support documentation

i was hoping that you all had an all-encompassing user guide with all content in one doc. i found the following, which shows all help pages, but i'd really like to get all of that content in one file that i can review...

Last updated: Oct 06, 2015 08:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

WilliamOrTY WilliamOrTY

<a href=http://canadianonlinepharmacy.top>canadian online pharmacy</a> <a href=http://bestpriceforgenericviagra.us>best price for generic viagra</a> <a href=http://clomiphenecitrateforsale.top>clomiphene citrate for...

Last updated: Oct 06, 2015 08:01AM UTC | 0 Agent replies | 0 Community replies | How do I?

How to pentest a web site that behind reverse proxy?

Is it possible to pentest a web site that behind reverse proxy? If yes, how to?

Last updated: Oct 05, 2015 07:57AM UTC | 1 Agent replies | 0 Community replies | How do I?

Multiple usernames as Prefixes when Base64 encoding authentication

Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication...

Last updated: Oct 02, 2015 09:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Session validataion and Loop issue

I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or...

Last updated: Oct 02, 2015 07:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

fatal alert: unknown_ca in Burp's "Alerts" tab

Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to...

Last updated: Sep 30, 2015 07:55AM UTC | 1 Agent replies | 1 Community replies | How do I?

Security Headers for POST response

Hello, I noticed a few POST response (whether 200 or 302) is not having a XSS protection/ Content sniffing / Click Jacking prevention header set and burp suite detected that as a vulnerability. Is there a specific...

Last updated: Sep 29, 2015 11:21AM UTC | 3 Agent replies | 3 Community replies | How do I?

Page 118 of 125

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image