Burp Suite User Forum

Login to post

This is really awesome tool ever

This is really awesome tool ever.

Last updated: Nov 22, 2016 05:52AM UTC | 0 Agent replies | 0 Community replies | How do I?

Intruder options:

Under Intruder, there is a section named "Payload Encoding", it allows to URL encode certain characters. Why is burp doing so, in other words, why are we bothering to URL encode the payloads before they reach the web...

Last updated: Nov 21, 2016 04:48PM UTC | 2 Agent replies | 1 Community replies | How do I?

Port 25 needed for new SMTP Checks on Private Collaborator Server?

Hi, Does port 25 need to be opened in the firewall for the new SMTP checks to work on our private Collaborator Server and is there an option to set the listening port? aka "smtp": { "port" : 8025 } Thanks

Last updated: Nov 21, 2016 11:48AM UTC | 1 Agent replies | 2 Community replies | How do I?

Http History does not record calls from browser to webapi on the target site

I am using Burp Suite Professional 1.7.04 In an application that hosts a Silverlight component I can see calls to the component's host page in the Http History. The Silverlight component makes https REST API calls back...

Last updated: Nov 16, 2016 04:23PM UTC | 1 Agent replies | 0 Community replies | How do I?

Injecting special characters like " /,*,' " into an http request

Hi Mr. Stuttard, I have an http request which contains following...

Last updated: Nov 16, 2016 09:44AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Collaborator

Hi there, stupid question. How come i don't see the Collaborator tabs within my Burp app? I have my Burp pointing to use the public Collaborator servers but not seeing any of the tabs. What am I missing here? Thanks.

Last updated: Nov 15, 2016 07:10PM UTC | 2 Agent replies | 2 Community replies | How do I?

How do I manage JSON Web Token auth in Burp?

So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.

Last updated: Nov 14, 2016 08:10PM UTC | 2 Agent replies | 5 Community replies | How do I?

Replaying all request without payload

Hi, I have a requirement where i need to replay all the request i have in the target. Please suggest me a way to replay all the request.

Last updated: Nov 14, 2016 09:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

Report highlight

Hi I've been using Burp for several year now and am a totally dedicated fan of this product! I have however not until now decided that I should create my own customized reports. There are several reason, but one major...

Last updated: Nov 11, 2016 08:07AM UTC | 1 Agent replies | 1 Community replies | How do I?

CSRF in POST request. Proxy only shows GET.

Found an interesting issue. A recent scan gave a CSRF finding in a POST. Going to the HTTP history tab multiple GETs to the same resource that was identified in the finding but no POSTs were found. How am I able to to create...

Last updated: Nov 07, 2016 03:29PM UTC | 1 Agent replies | 0 Community replies | How do I?

Active Directory Single Sign On

Hello team, Is it possible to use proxy tool when the application use authenthication on Windows Active Directory Single Sign On. Because when i use burp suite i face authorizathion issue. Pleaee help me to sort out

Last updated: Nov 04, 2016 01:43PM UTC | 1 Agent replies | 0 Community replies | How do I?

Manually Recover some items in Corrupt Project file?

I have a very large scan that took place over several days and my computer crashed at some point in the last few hours of the scan. Now the project file is corrupt and Burp cannot repair the scan issues. It was able to pull...

Last updated: Oct 31, 2016 04:00PM UTC | 1 Agent replies | 0 Community replies | How do I?

Registered in England and Wales (company no. 6719143)

We perform the payment of the renewal of the license number of the Company 6719143. the license has not been renewed We send e-payment support licensing@portswigger.net ; office@portswigger.net;

Last updated: Oct 31, 2016 08:56AM UTC | 1 Agent replies | 0 Community replies | How do I?

How "real world" is the CSRF PoC Generator

So here is my dilemma. I found a website that potentially has a CSRF vulnerability and when I proxy my traffic through Burp, generate the PoC html file, CSRF works. The thing as, as far as I know, the CSRF token isnt being...

Last updated: Oct 28, 2016 03:56PM UTC | 1 Agent replies | 0 Community replies | How do I?

Invisible listener for websocket traffic

I'm trying to see WebSocket traffic for an application on an iPhone. I've configured the iPhone and Burp using these two...

Last updated: Oct 28, 2016 09:46AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I keep settings in vmoptions.txt?

Hi, I'm using Burp Suite Pro native platform installers for Mac OS X. When I update my installation, the updater overwrite existing /Applications/Burp\ Suite\ Professional.app/Contents/vmoptions.txt with the default one....

Last updated: Oct 28, 2016 06:04AM UTC | 1 Agent replies | 1 Community replies | How do I?

authenticated session spidering/scanning

hi all, could you provide a step by step guide on how to setup a macro, or any other mechanism in order to automatically login into application if i get logged out? my scenario is: - authentication server, say:...

Last updated: Oct 27, 2016 02:10PM UTC | 1 Agent replies | 0 Community replies | How do I?

Precise Scope Regex Rules

Hi, I'm using Burp Scanner against a site using the Carbonator extension, and I'm having some problems with site scoping. I'm initiating Carbonator against, say, "http://example.com", and specifying that Carbonator run...

Last updated: Oct 25, 2016 07:51PM UTC | 1 Agent replies | 1 Community replies | How do I?

Scanner errors and re-scanning

Hi, Often when I do a scan, there are errors. I believe these are due to weekend jobs running backups and such, causing the network to slow down. Unfortunately, I cannot always pick and choose when I scan, and cannot baby...

Last updated: Oct 25, 2016 04:12PM UTC | 1 Agent replies | 0 Community replies | How do I?

xssValidator not working

I am trying to get xssValidator to work on Windows 2008 Server.. I think my problem is that I am trying to patch from different solutions and versions and cannot get it work. May you please guide me on the steps to get...

Last updated: Oct 25, 2016 03:05PM UTC | 1 Agent replies | 1 Community replies | How do I?

Page 214 of 232

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image