Burp Suite User Forum

Login to post

WilliamOrTY WilliamOrTY

<a href=http://canadianonlinepharmacy.top>canadian online pharmacy</a> <a href=http://bestpriceforgenericviagra.us>best price for generic viagra</a> <a href=http://clomiphenecitrateforsale.top>clomiphene citrate for...

Last updated: Oct 06, 2015 08:01AM UTC | 0 Agent replies | 0 Community replies | How do I?

How to pentest a web site that behind reverse proxy?

Is it possible to pentest a web site that behind reverse proxy? If yes, how to?

Last updated: Oct 05, 2015 07:57AM UTC | 1 Agent replies | 0 Community replies | How do I?

Multiple usernames as Prefixes when Base64 encoding authentication

Hi, Is there a way to supply a list of usernames to be used as a prefix when payload processing prior to base64 encoding? I have an application which has a pop up authentication window to log in. The authentication...

Last updated: Oct 02, 2015 09:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Session validataion and Loop issue

I am active scanning a website which involves sessions. Number of threads for scanning is 5 - this means 5 requests will be sent at one time I am using a session handling rules to check if session is valid or...

Last updated: Oct 02, 2015 07:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

fatal alert: unknown_ca in Burp's "Alerts" tab

Problem: When intercepting, the site I'm visiting doesn't render properly in my browser. Some resources do not load. Related: in BurpSuite's "Alerts" tab, I have dozens of lines like this one: "The client failed to...

Last updated: Sep 30, 2015 07:55AM UTC | 1 Agent replies | 1 Community replies | How do I?

Security Headers for POST response

Hello, I noticed a few POST response (whether 200 or 302) is not having a XSS protection/ Content sniffing / Click Jacking prevention header set and burp suite detected that as a vulnerability. Is there a specific...

Last updated: Sep 29, 2015 11:21AM UTC | 3 Agent replies | 3 Community replies | How do I?

Spidering only POST

Hello, I would like to spider only POST requests (and follow redirection). Is it possible ? I verified if there are any options to define the scope based on POST method, but I couldnt find any. In short, I would...

Last updated: Sep 28, 2015 01:55PM UTC | 1 Agent replies | 1 Community replies | How do I?

Scanner - POST request results on a Different Page

I have a webapp where, when saving edits to a particular page, a POST request is made to a simple 'FormSave' page. The server response is a simple 200, json response {"Success":"true"} (or failure if the request fails)....

Last updated: Sep 28, 2015 01:33PM UTC | 1 Agent replies | 1 Community replies | How do I?

Setting proxy.MasterIntercept to 0

In order to do selective custom scanning area selection using active scanning using my extension, I am trying to set those values using the loadConfig() To do this, I first set the following values to...

Last updated: Sep 24, 2015 08:25AM UTC | 2 Agent replies | 2 Community replies | How do I?

Performing an ActiveScan to perform scan against non-body parameters

I am currently writing an extension to do perform active scan with manipulated parameters: queueItem = this.callbacks.doActiveScan(this.host, this.port, this.useHttps,baseRequestResponse.getRequest(), ...

Last updated: Sep 23, 2015 08:05PM UTC | 1 Agent replies | 1 Community replies | How do I?

Invalid client request received: Failed to parse target host and port from CONNECT request

I'm connecting android/ios devices to burpsuite to intercept my mobile application requests. Every other website can be easily intercepted (both http and https) But I don't know what's wrong with my application. I get a...

Last updated: Sep 22, 2015 01:12PM UTC | 1 Agent replies | 0 Community replies | How do I?

Set socks proxy in headless mode

I searched the googles and haven’t found any success, does anyone know if its possible to set up the socks proxy parameters with burp in headless mode?

Last updated: Sep 14, 2015 03:46PM UTC | 1 Agent replies | 0 Community replies | How do I?

Session Management

I want to manage multiple session while scanning the application as scanning the application with multiple thread is giving lot session errors. so I need help regarding the following 1. How to create custom cookie...

Last updated: Sep 14, 2015 12:27PM UTC | 1 Agent replies | 0 Community replies | How do I?

Best approach for web-application testing with a webservice.

The data flow works like this: Browser -> Application -> Webservice -> Application -> Browser I'd like to be able to fuzz the flow where the webservice is sending data back to the application so that I can attack the...

Last updated: Sep 09, 2015 08:29AM UTC | 1 Agent replies | 0 Community replies | How do I?

How to do POC for PRSSI vulnerability

How to do POC for PRSSI vulnerability ??

Last updated: Sep 03, 2015 07:50AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Suite Proxy will not intercept the site after Intercept mode is on.

Hi, Can any one please help me, In my Burp tool i have enabled Proxy - > intercept on but still it is not intercept my site but Target -> site map will show all the action and response. So please help me how to resolve...

Last updated: Sep 02, 2015 01:54PM UTC | 2 Agent replies | 1 Community replies | How do I?

Add all URL in target scope

Hi, I'm looking for a way to add all URL in target scope. As we can use regex I just put '*' in "Host or IP range" but burp is not agree with that. Which regex can I use to achieve this ? Cheers

Last updated: Sep 01, 2015 08:40PM UTC | 1 Agent replies | 1 Community replies | How do I?

Cat information

<a href=http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/>http://mycat.cf/to-read-kay-kipling-s-on-stage-blog-click-here-coming-attractions/trackback/</a> <a...

Last updated: Aug 30, 2015 08:34PM UTC | 0 Agent replies | 0 Community replies | How do I?

Certificate Import

Hello, I am trying to intercept SSL by installing a custom certificate and private key which matches the target server I am trying to test. Having successfully converted and imported the cert, I am getting a certificate...

Last updated: Aug 28, 2015 08:59AM UTC | 2 Agent replies | 1 Community replies | How do I?

selective vulnerability

Is it possible for Burp to scan and show only a specific list of vulnerabilities?

Last updated: Aug 28, 2015 07:40AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 132 of 138

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image