How do I? - Page 214 - Burp Suite User Forum

This is really awesome tool ever

This is really awesome tool ever.

Intruder options:

Under Intruder, there is a section named "Payload Encoding", it allows to URL encode certain characters. Why is burp doing so, in other words, why are we bothering to URL encode the payloads before they reach the web...

Port 25 needed for new SMTP Checks on Private Collaborator Server?

Hi, Does port 25 need to be opened in the firewall for the new SMTP checks to work on our private Collaborator Server and is there an option to set the listening port? aka "smtp": { "port" : 8025 } Thanks

Http History does not record calls from browser to webapi on the target site

I am using Burp Suite Professional 1.7.04 In an application that hosts a Silverlight component I can see calls to the component's host page in the Http History. The Silverlight component makes https REST API calls back...

Injecting special characters like " /,*,' " into an http request

Hi Mr. Stuttard, I have an http request which contains following...

Burp Collaborator

Hi there, stupid question. How come i don't see the Collaborator tabs within my Burp app? I have my Burp pointing to use the public Collaborator servers but not seeing any of the tabs. What am I missing here? Thanks.

How do I manage JSON Web Token auth in Burp?

So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.

Replaying all request without payload

Hi, I have a requirement where i need to replay all the request i have in the target. Please suggest me a way to replay all the request.

Report highlight

Hi I've been using Burp for several year now and am a totally dedicated fan of this product! I have however not until now decided that I should create my own customized reports. There are several reason, but one major...

CSRF in POST request. Proxy only shows GET.

Found an interesting issue. A recent scan gave a CSRF finding in a POST. Going to the HTTP history tab multiple GETs to the same resource that was identified in the finding but no POSTs were found. How am I able to to create...

Active Directory Single Sign On

Hello team, Is it possible to use proxy tool when the application use authenthication on Windows Active Directory Single Sign On. Because when i use burp suite i face authorizathion issue. Pleaee help me to sort out

Manually Recover some items in Corrupt Project file?

I have a very large scan that took place over several days and my computer crashed at some point in the last few hours of the scan. Now the project file is corrupt and Burp cannot repair the scan issues. It was able to pull...

Registered in England and Wales (company no. 6719143)

We perform the payment of the renewal of the license number of the Company 6719143. the license has not been renewed We send e-payment support licensing@portswigger.net ; office@portswigger.net;

How "real world" is the CSRF PoC Generator

So here is my dilemma. I found a website that potentially has a CSRF vulnerability and when I proxy my traffic through Burp, generate the PoC html file, CSRF works. The thing as, as far as I know, the CSRF token isnt being...

Invisible listener for websocket traffic

I'm trying to see WebSocket traffic for an application on an iPhone. I've configured the iPhone and Burp using these two...

How do I keep settings in vmoptions.txt?

Hi, I'm using Burp Suite Pro native platform installers for Mac OS X. When I update my installation, the updater overwrite existing /Applications/Burp\ Suite\ Professional.app/Contents/vmoptions.txt with the default one....

authenticated session spidering/scanning

hi all, could you provide a step by step guide on how to setup a macro, or any other mechanism in order to automatically login into application if i get logged out? my scenario is: - authentication server, say:...

Precise Scope Regex Rules

Hi, I'm using Burp Scanner against a site using the Carbonator extension, and I'm having some problems with site scoping. I'm initiating Carbonator against, say, "http://example.com", and specifying that Carbonator run...

Scanner errors and re-scanning

Hi, Often when I do a scan, there are errors. I believe these are due to weekend jobs running backups and such, causing the network to slow down. Unfortunately, I cannot always pick and choose when I scan, and cannot baby...

xssValidator not working

I am trying to get xssValidator to work on Windows 2008 Server.. I think my problem is that I am trying to patch from different solutions and versions and cannot get it work. May you please guide me on the steps to get...