Burp Suite User Forum
Hi, I am developing an extension that will perform the same functionality as it can be done manually by right clicking on items in Target's site map or Proxy history and then selecting "Save items". Using manual process I...
Hi, team! I want to automate BurpSuite scans using burp's REST API (https://portswigger.net/blog/burps-new-rest-api) but receive errors when sending requests to start the scan. I run burp in headless mode. My request...
Is there a configuration which will let me not crawl the site I'm crawling at all and JUST scan the URL(s) provided? I have an application which contains the ability to self-register a user, and I'd like to be able to...
Hey there burp community, Here is my question : I was using the repeater tool to send requests and in the response some of the data was hidden/censored by an asterix (*) (eg....
i run proxy 127.0.0.1:8080 with burp suite and set chrome or firefox proxy at 127.0.0.1:8080, finally,i just can enter 'http://burp/' to download certificate . and all the other websites, i couldn't get in .why? why?
It does not appear to be possible to run _passive_ scan rules on one or multiple requests. There used to be an option in the right-click menu in proxy, target and other.
Hi Team, I want to know how to use burpsuite pro shipped with burp enterprise version. Is it possible to use it or trigger it with vmware/burp-rest-api. Kindly let me know how this can be worked on?
We currently pay for the Pro Edition however numerous cases have arisen to develop tools for continued use by other individuals who currently do not pay for the Professional Edition. Is there any support for Extensions in...
hi, i have PC for penetration test for internal application. but i suspect my PC has been hacked by other stranger. how burpsuit pro track this 'stranger' or assessment my PC to prove my PC have been hacked ?
Dear Support, I tried the challenge to receive the /etc/hostname using the following: Initial XML in HTTP request: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [ <!ENTITY % xxe SYSTEM...
Is there a way to customize the reporting to show OWASP top 10 report or how can we get OWASP top 10 reporting? Thanks
How can I extract Json Report from the scans from Burp Enterprise?
During the manual audit/scan, why does the burp logsout the application under audit/scan? During the audit/scan, some of the requests are resulting in request timed out? Is it expected and what could be the...
hi, i have PC for penetration test for internal application. but i suspect my PC has been hacked by other stranger. how burpsuit pro track this 'stranger' or assessment my PC to prove my PC have been hacked ?
I use burp professional version, I click new scan task, it asks me to define crawling and auditing parameter, I use default setting, i can't find xss and csrf, so any parameter need to be changed in audit setting so we can...
Hi Team/Friends, I am having a bit of trouble setting up Burp with Firefox. I change the network setting of Firefox to 127.0.0.1:8080 and in burp the settings are normal. If I turn the intercept on, burp start to...
Any tips while pen-testing Flutter based Android apps? Since it ignores system proxy and user/system CA certificates you cannot use burp suite easily. I found a couple of blogs but they suggest patching etc. Is there any...
Hi Portswigger, For installing BurpSuite Enterprise for evaluation purpose, we are going with bare minimum requirements. The documentation shows this: Enterprise server machine Agent...
I have recently upgraded to Burp Suite Pro 2.1.04. Previously I could spider my application but using the new crawler I immediately encounter the following exception and can't seem to get much further. ...
Burp has created 3 different DOM XSS issues with this description with High Severity and Firm Confidence The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and...
Page 242 of 311
Your source for help and advice on all things Burp-related.