Burp Suite User Forum
I have a request that need to different attack type for example; register_user.php?name=[payload1]&address=[payload2]&mail=[payload3] And a Payload list with 100 line. Iwant to test results following: Payload1 =...
Our teams are currently using Burp Suite professional v1.7.37. As part of nightly automation workflow, we starts up Burp from commadline and pass pre-configured settings (user settings and project settings) e.g. using...
Hi there, While attempting to follow the instructions for step 1 it does not appear that after "store" the exploit and then "deliver exploit to victim" that the victim is actually visiting the exploit link. There is...
Hi, I am currently testing the REST API of the Burpsuite Pro and trying to scan POST parameters. The scan starts but only the GET requests to the URL I entered in the scope are scanned. The POST request with...
Hi, I purchase a professional license and I haven't recieved anything yet. I already sent an email to office@portswigger.net. But no answer, I expect to get the license fast or something. Hope to get an answer soon.
Hi, I was wondering if anyone could help me with the "number of follow-up passes that are performed on completion of each audit phase" option configured in the Built-in Scan configuration (e.g. Audit Coverage-thorough,...
Hello, While doing a scan / crawl of a website, I noticed that Burp 2 makes 4x time the same HTTP requests for each crawl action. for instance it will query /robots.txt four times, this happens also when setting the...
During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context...
Hi, I want to intercept traffic for an Android device to test security variabilities in different Android Apps. I am planning to use a Genymotion emulator which will be hosted on Amazon Web Service E2C...
We have an application which is send request and give response if it's valid which use netty socket server to do this. My organization is doing R&D weather we can use 'BURP Tool' for atchiving this can you please provide...
What are the different status of scan in burp ? Out of my 100 urls, to some of the urls i get the status as DONE and for others i get as request timed out. Should i expect the status as DONE for all the URl i produce to burp...
As titled really. I have it setup correctly to monitor all browser traffic, however when I'm hitting a local container web app at localhost, it isn't intercepting. Can you offer any guidance?
I have noticed that Burp Suite Enterprise Edition web app has CWE references included under ‘Vulnerability classifications’ in every scan result. however, API json scan output doesn’t contain it. I would like to have these...
during my research i'm intercepting some packages like this: Content-Type: multipart/form-data; boundary=cLXA2xHy63hD9QS92t_yJwlwnL8vVb Accept-Encoding: gzip, deflate X-FB-HTTP-Engine: Liger Connection:...
We are trying to crawl and audit a shibboleth protected site and am only seeing the public facing pages being crawled and audited.We can see the sitemaps and items when manually traversing the site via the proxy and browser....
hi folks I am trying to install the CA for firefox and the suggestion to download from http://burp/ results in the site not being reachable. Is the site down? I have tried this from multiple computers and networks and...
Hi Team, I need to do IPV6 scanning using latest Burp 2.1.5 tool on windows. steps 1: https://[IPV6]/ entered in the browser. step2 . At Burp side Intercept is On on windows Machine. Step3: Burp cannot able to get...
Team, Could you please let me know how to pass the build in Jenkins despite vulnerabilities being identified using the burp enterprise edition? The BURP_SCAN_STATUS is succeeded in Jenkins but Build is marked as Failure...
I am taking help of headless burp extension and running the below command java -jar -Xmx1g -Djava.awt.headless=true "C:\Program Files\BurpSuitePro\burpsuite_pro.jar" --project-file=project.burp -c config.xml but this will...
Hello, I am not able to intercept the HTTPS traffic using burp. I have installed certificate. I able to intercept the https://www.google.com but not able to intercept one specific URL. When i set the proxy, URL main page...
Page 241 of 311
Your source for help and advice on all things Burp-related.