How do I? - Page 239 - Burp Suite User Forum

auditing configuration

What is the difference between insertion point types and frequently insertion points in custom auditing configuration?

Hi, I am using burpsuite Enterprise version 1.4.04. currently we are in evaluation phase of burpsuite as automatic vulnerability scanner for our products. Our most of product needs java script enabled to login. So we...

Addressing XSS vulnerability in window.location.hash?

When we ran a security scan, the report unearthed the following vulnerability: newHash=window.location.hash; newHash=newHash.split(/_/); $("#"+newHash[1]).siblings().css('display','none'); We addressed it in the...

Since new version of Burpsuite system pauses during scan

since upgrading to Burpsuite 2. version I constantly get pauses during crawling/scanning, as I am not always monitoring the system this tends to make scans run extremely long, is there a way to stop this from pausing?

antiforgery issue / clearing cache and cookies from browser didn't resolve it

Hi Guys, Tried to login for the second time on my browser, got the following error: "The anti forgery check failed, please try to refresh the page you were on and perform your actions again. This could happen if...

Can't install my certificates on http://burp

Hi, I'm trying to install my certificates as per tutorial, but I'm having a problem to get in the http://burp URL. I'm getting the ERR_NAME_NOT_RESOLVED, can anyone help me? Is there any other workaround for installing...

Burp Infiltrator Patching Fails On Webgoat 6.0.1

wget https://github.com/WebGoat/WebGoat-Legacy/releases/download/v6.0.1/WebGoat-6.0.1-war-exec.jar $ md5sum WebGoat-6.0.1-war-exec.jar 8071e4be1c3d8b6dd6520b2c63031eca WebGoat-6.0.1-war-exec.jar java -verbose -jar...

30 day tiral

I have requested the 30 day trial multiple times with no response at all. Please explain the issue with the trial license being sent? Thanks Bud

any way to bypass preflighted XHR request in a CSRF attack?

Hello, i found a website where they have as a CSRF protection CORS and a short custom header (without token - just a header that is for all users). i found a way to bypass the CORS protection but when trying to reproduce...

Unable to maintain keep alive connection while using burp suite

Hi, I am trying to test a webapp for vulnerabilities. I am using keep alive connections for my app's functioning, it works fine when i am not using burp as a proxy. But i am unable to maintain keep alive connections when...

Proxy: Web Videos

Hello, how do I set up Burp so that clients can watch web videos like .mp4 files without burp trying to download the whole file first (streaming responses is not really an option). It either takes very long to buffer or...

I can load https but not intercept.

I want to load google.com,facebook.com via burpsuite.but i cannot. Burp suite works for http great but not for https. Please Help me. Thanks.

TLS for burp Enterprise server

Team, Can you please help us how/where can we configure burp enterprise server to use tls? We would want the self signed certificate to be used for encryption. Regards, chaitanya

DOM-based XSS

Hi , I got the message like this : The application may be vulnerable to DOM-based cross-site scripting. Data is read from location.hash and passed to $() The response is : var id = location.hash.replace('#',...

License Keys

Hi, Where can we find the license key & the validity of the license key on support portal.

Get div class value from a webpage

When I load a page and it uses jquery, I can't see the div class value in the html. With Inspect chrome environment I can get the value in console with $(".div-class-name").text(); , but in burp suite I don't know how I can...

I have burp pro licenses but can not download pro release

Hi, my direct manager bought Burp pro licenses, I have them in .txt file, however I have created account and I do not see possibility to download any releases. Please help.

Didn't receive proffisinal Burb suite in my email.

Hi , how many time I need to receive the proffisinal burb suite in my email ? Yesterday at 1 :00 pm in Saudi Arabia time I was paid . Please clarify ASAP . Thanks .

How to create Multi-Step Macros

Hello All, I am testing an application where I need to go through the multiple-step form. Here application generates the token when I issue my first request and that token embed with the further steps and doesn't allow me...

Can I cancel filtering?

Sometimes I apply a filter in the site map or proxy http-history sections, that takes extremely long to apply/search. If I use Regex, it quite regularly doesn't even ever stop displaying the "Filter: Please wait ..."...