Burp Suite User Forum

Login to post

Proxying Java / JAR

I have a website that launches a JAR (java applet) I want to proxy the requests that applet does via Burp Suite Burp Suite listens on port 8080 and invisible proxying is also enabled. In java settings , I have...

Last updated: Jun 01, 2015 12:32PM UTC | 3 Agent replies | 2 Community replies | How do I?

How do I get the referrer or spider links

Hi, I see that the spider has a referrer header option, however when I look at the sitemap, there are no referrers. Is there anyway to get the URLs with the referrer from sitemap that were spidered?

Last updated: May 29, 2015 03:59AM UTC | 2 Agent replies | 1 Community replies | How do I?

Validating File uploads

Hi all, This may not be related to Burp Suite tool as such, but wanted to check if someone from this community could help Situation: As a part of file upload checks, only certain file extensions are allowed. But we...

Last updated: May 25, 2015 07:19AM UTC | 0 Agent replies | 0 Community replies | How do I?

Sciript a Proxy Match/Replace (or well really just an insert)

Is there a way to script or conditionally to Match/Replace with the Proxy. Similar to what's in the "Options" tab but slightly more complicated. Specifically what I'm looking for a find requests that don't have a referer...

Last updated: May 22, 2015 03:31PM UTC | 1 Agent replies | 0 Community replies | How do I?

Target scope: Include the URL only once for scan

My website is sending below GET requests (REST style), abc.com/groups/1 abc.com/groups/2 abc.com/groups/3 ... abc.com/groups/23000 Now during an active scan, scanning one of the request is enough (saves time). Is...

Last updated: May 22, 2015 03:26PM UTC | 1 Agent replies | 0 Community replies | How do I?

Getting Java Heap Space Error.

Hi Team, Getting Java Heap Space error and eventually Burp Suite got hanged later on. Increase Java Heap Space as mentioned below but still not getting valid response. Increase the size as mentioned below but still...

Last updated: May 18, 2015 12:28PM UTC | 1 Agent replies | 0 Community replies | How do I?

Clone a online website to work offiline with burp clone a google app with burp

Good day How do I clone a Google app with Burp suite. I know how to spider a app. I know the diference but can burp clone a website like WGET or HTTRACK? Is it possible to use Burp to download a local copy of googels XSS...

Last updated: May 18, 2015 07:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

Spidering + Form Submission

I am spidering a website. While spidering I have selected "Automatically submit using the following rules to assign text field values" I have given a field name and field value and enabled it to be submitted. If there...

Last updated: May 13, 2015 12:32PM UTC | 2 Agent replies | 2 Community replies | How do I?

How do I change the user-agent string that the scanner sends in requests

I want to scan the mobile pages of my web application. In order to do this I need the change the user-agent to emulate a phone. Is there a way to do this? Thanks!

Last updated: May 06, 2015 02:11PM UTC | 1 Agent replies | 2 Community replies | How do I?

Report on CSRF Vulnerabilities

Hello. I am trying to learn Burp Pro after one of my colleagues left without leaving much information around the Burp testing he had done. I have an application with a known CRSF vulnerability AND an older Burp report...

Last updated: May 06, 2015 10:20AM UTC | 1 Agent replies | 0 Community replies | How do I?

Command line commands

We installed Carbonator and want to execute commands in "headless" mode. What are the commands to set a target, set a proxy, scan (active and passive), spider, etc.? Thanks!

Last updated: Apr 30, 2015 07:46AM UTC | 2 Agent replies | 1 Community replies | How do I?

Manually reproduce Cross-site scripting (DOM-based) vulnerability using info from Burp report

Hi, Ran test to look for “Cross-site request forgery” & Burp came back with issue. How can we use the info in the report to reproduce this manually so as to confirm that it's not a false positive? Thx.

Last updated: Apr 24, 2015 07:54AM UTC | 1 Agent replies | 0 Community replies | How do I?

Collaborator Server issues "expected record not found"

I've got a private collaborator server up and running. It has it's own domain, it's resolving fine, wildcard certs are installed and confirmed working on both interaction and collaboration ports. When I run a health check in...

Last updated: Apr 24, 2015 07:41AM UTC | 2 Agent replies | 2 Community replies | How do I?

no details for proxy history

In my case, the proxy history are logged correctly for each internet request. But when I click on the request, there is no Request Raw(or Hex) showing in the bottom panel. The filter is "showing all items". Can someone help?

Last updated: Apr 23, 2015 04:42PM UTC | 2 Agent replies | 2 Community replies | How do I?

TLSv1 Connection issue

How do I make Burp connect to a TLSv1, 256 bits, AES256-SHA only website?

Last updated: Apr 22, 2015 09:13PM UTC | 1 Agent replies | 1 Community replies | How do I?

Add Proxy Listener to listen to Terminal (Linux)

How would I add a proxy listener so that if I were running a tool in my terminal I could have burp scan all websites that are run through it?

Last updated: Apr 22, 2015 08:27AM UTC | 1 Agent replies | 0 Community replies | How do I?

Collaborator Server with private address

My collaborative server has a private address. My configuration is "dns": { "interfaces" : [{ "name":"ns1", "localAddress":"172.31.10.5", "publicAddress":"50.0.1.4" }], ...

Last updated: Apr 20, 2015 09:21AM UTC | 1 Agent replies | 0 Community replies | How do I?

Collaborator Server behind cloudflare

How do I setup a Collaborator Server in a subdomain? My DNS is managed by Cloudflare. For example I want it to be: burp.domain.com I understand that I need an A record for burp.domain.com Also a NS record that...

Last updated: Apr 20, 2015 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Scanning a "POST" causes a "GET" with no parameters

I'm doing an active scan of a POST that has parameters for session ID, which is also stored in the cookie jar. However the attacks created by that scan produce "GET"s that have no parameters (no session ID) which causes my...

Last updated: Apr 20, 2015 08:41AM UTC | 1 Agent replies | 0 Community replies | How do I?

Proxy history without intercept

Hi, the documentation does not say whether it is possible to record proxy history with the intercept feature turned off. For my research project we only need the history, we'll never use the intercept feature and it would...

Last updated: Apr 17, 2015 08:36AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 230 of 232

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image