How do I? - Page 125 - Burp Suite User Forum

Reflected -xss Burp sleep dno not see it.

hi TEAM May I know why Burp do not see my manual reflected xss on some website.I thought Burp should support my. I put him passive scan and nothing he do not see this xss and do not illuminate it. What I'm doing...

match and replace

Is it fashionable to use variables or random values for match and replace?

Is there a good write-up on using intercept vs proxy?

Before I ever used Burp Suite, I installed Foxy Proxy and had no trouble seeing the HTTP history. I'm using the Community Edition on VirtualBox Kali. Then I watch a great Burp video (How to intercept HTTP requests and...

Scan is not Enumerating Subdirectories

Hello, I am attempting to scan my testing environment with the Burp Scanner. Unfortunately, even after using Burp Navigation Recorder and supplying login credentials to the scan, it does not make it past the login page. I...

what is the positive or false positive? Or do you need to fix the problem? I hope you answer me please.(Cookie manipulation (DOM-based)

Issue detail The application may be vulnerable to DOM-based cookie manipulation. Data is read from location.href and passed to document.cookie. Issue background DOM-based vulnerabilities arise when a client-side script...

Make Burp Pro crawl actually discover anything from an SPA app using OIDC?

We are struggling with the Burp Enterprise trial actually discovering anything useful about our web app, and as the Enterprise version seems to offer barely any logs, I went for the Burp Pro trial, to see what's...

How do I get the browser-powered scanning working?

Hello, I'm getting this generic error: "The scan is configured to use recorded login sequences. This requires browser-powered scanning, which your hardware does not support. Please see the system requirements for...

Scan Configuration JSON documentation?

Hi I am evaluating Enterprise Edition and trying to find documentation for custom (JSON) scan configurations that can be either uploaded into the web app or used as part of a GraphQL API query. In the web app, if I go to...

Offline activation of Burp Enterprise license

Not sure but looks like portswigger.net is not reachable from my company network, is there any way I can do an offline activation? Regards! Gaurav

what is the positive or false positive? I hope you answer me please. (Content type incorrectly stated)

Issue detail The response states that the content type is multipart/mixed. However, it actually appears to contain unrecognized content. The following browsers may interpret the response as HTML: Internet Explorer...

Apply for free trial please

I tried applying for the trial via your links but the message popped up asking me to enter a valid email address. I changed my address but with the same results. Could you accept this as a valid request please? Many...

Andriod Emulator and Burp suite

Hello i'm having issue proxying Requests from any Android Emulator Through Burp for the APP's part ! I generated and installed the certificated correctly and i see Requests coming and going through Chrome Browser in...

Burp Collaborator not working

Hello, I bought Burp just to be able to complete the labs that require collaborator but after trying different things it simply doesn't work for me. I open burp collaborator and click copy to clipboard, open my browser...

Get list of scheduled items

I am using grapql to automate some validation stuff. Primarily a script with minor logic to schedule a recurring scan for a given site if there is not currently one. Is there currently a function to query the graphql...

Automated upgrade of private Burp Collaborator instance

Hi, To my knowledge, to upgrade a private Burp Collaborator instance, you have to upgrade your local BurpSuite Pro instance and then copy the jar file to the Burp Collaborator server and restart the process. Also the...

Moving licence to new device

Hi, We have a two user licence, I moved an install from one machine to another machine which worked ok, however now the machine that has the other of the two licences will not activate when i paste the code in, or point it...

How to save scan errors when start from command line

Hi, I ran Burp scan from the command line, which use my extension to start the scan by calling the API doActiveScan function. I check the burp file, the 'Event Log' and 'Logger'are blank. In the 'Audit items' tab, number...

Burp suite pro is not crawling all paths in our application

Hello - Our application is built with angular framework and Type script. when we try to scan both crawl and Audit through app URL, Burp Suite Professional doesn't crawl 95% of the HTTP paths. it only crawls around 5% of...

Scan for trace.axd

Hi, I'm new to using Burp Suite and we found that in an application that trace.axd was on and could possibly disclose unwanted information. Is there a way to crawl and find if is exists? Or is there a module or add-in that...

Burp Doesn't Work sometimes in headless mode

hello everyone , I'm using the last burpsuite pro version on my server (Ubuntu 21) with java 16 after open it and enter the key of my licences it works fine but after 2 or 3 restart , after start it, burp will doesn't start...