How do I? - Page 240 - Burp Suite User Forum

Hi, Is there any mean to avoid a request with a pattern to be sent to HTTP history? I mean, being someone that deals a lot with HTTP history I want sometimes to avoid my HTTP history to be polluted with analytics paths such...

Get a list of Scanned URLs

Hi, I have two questions. Is it possible to get a list of scanned URLs ? Is it possible to send a notification after the scan complete? (e.g. send mail or call api for webhook) Regards,

cant release license

Hi, I work with Burp Pro, recently I lost the vm image (vm crash) on which Burp was running, as such I am unable to release the license, now I have bgot a new vm built for my work, but cant install the burp on it as its...

Intruder - Attack Types - How can I use dynamic numbers for only a param While attac okther params

I have a request that need to different attack type for example; register_user.php?name=[payload1]&address=[payload2]&mail=[payload3] And a Payload list with 100 line. Iwant to test results following: Payload1 =...

Migrating from Burp Suite professional v1.7.37 to 2.1.x

Our teams are currently using Burp Suite professional v1.7.37. As part of nightly automation workflow, we starts up Burp from commadline and pass pre-configured settings (user settings and project settings) e.g. using...

Lab: CORS vulnerability with internal network pivot attack - step 1 not working

Hi there, While attempting to follow the instructions for step 1 it does not appear that after "store" the exploit and then "deliver exploit to victim" that the victim is actually visiting the exploit link. There is...

Scan POST Parameter with REST API

Hi, I am currently testing the REST API of the Burpsuite Pro and trying to scan POST parameters. The scan starts but only the GET requests to the URL I entered in the scope are scanned. The POST request with...

No licenses or order update.

Hi, I purchase a professional license and I haven't recieved anything yet. I already sent an email to office@portswigger.net. But no answer, I expect to get the license fast or something. Hope to get an answer soon.

[Information Required] Number of follow-up passes performed on completion of each audit phase

Hi, I was wondering if anyone could help me with the "number of follow-up passes that are performed on completion of each audit phase" option configured in the Built-in Scan configuration (e.g. Audit Coverage-thorough,...

Burp 2 - v2.1.06 - Scan / Crawl sends four times the same HTTP request for each entry

Hello, While doing a scan / crawl of a website, I noticed that Burp 2 makes 4x time the same HTTP requests for each crawl action. for instance it will query /robots.txt four times, this happens also when setting the...

More info on "Identify Backend Parameters"

During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context...

Monitoring Traffic for Android Device Not Connected to same WIFI as my Laptop

Hi, I want to intercept traffic for an Android device to test security variabilities in different Android Apps. I am planning to use a Genymotion emulator which will be hosted on Amazon Web Service E2C...

Can we use Burp Tool for testing "netty socket server"

We have an application which is send request and give response if it's valid which use netty socket server to do this. My organization is doing R&D weather we can use 'BURP Tool' for atchiving this can you please provide...

Scan Status

What are the different status of scan in burp ? Out of my 100 urls, to some of the urls i get the status as DONE and for others i get as request timed out. Should i expect the status as DONE for all the URl i produce to burp...

How to configure Burp Suite for traffic to/from Docker container?

As titled really. I have it setup correctly to monitor all browser traffic, however when I'm hitting a local container web app at localhost, it isn't intercepting. Can you offer any guidance?

How do i get CWE references from /scan response

I have noticed that Burp Suite Enterprise Edition web app has CWE references included under ‘Vulnerability classifications’ in every scan result. however, API json scan output doesn’t contain it. I would like to have these...

how do i convert multipart gzip to original file

during my research i'm intercepting some packages like this: Content-Type: multipart/form-data; boundary=cLXA2xHy63hD9QS92t_yJwlwnL8vVb Accept-Encoding: gzip, deflate X-FB-HTTP-Engine: Liger Connection:...

Crawling and Auditing a Shibboleth Protected website

We are trying to crawl and audit a shibboleth protected site and am only seeing the public facing pages being crawled and audited.We can see the sitemaps and items when manually traversing the site via the proxy and browser....

http://burp/ not reachable

hi folks I am trying to install the CA for firefox and the suggestion to download from http://burp/ results in the site not being reachable. Is the site down? I have tried this from multiple computers and networks and...

Fraud

HTTP History and patterns