Burp Suite User Forum
<script>alert(1)</script>
Hi PortSwigger team, We have an internal test application that we know to have an XSS issue in a pre-authentication login page. The issue was identified by the Burp Pro scanner, but not by the Enterprise Edition....
Hi, I launch a scan and audit for a website. step1: live passive crawl, step2: live audit from proxy, step3: crawl and audit of website, step1 and step 2 finish in one hour, but in step3, it progress 30%, after five...
I can do a live scan and audit for vulnerabilities; but I cannot seem to have that happen automatically; when I attempt to do an automated scan; it scans the front door landing pages, it does not "see" any login forms. Need...
Needing help with a issue I have been having for a while. This is issue only happens on the test server, it does not happen on production server at all. The issue I having is when I am actively scanning after about 20...
hello, I would like to carry out an authenticated scan on the domain Y but to access this domain I must login on the domain X. Can I do it with burp professional ? If this is possible, how can I do it ?
Hi All, I just download a free trial of Burp Suite Professional to evaluate it I tried to configure a couple of intruder attacks in Brute Forcer mode but the GUI of my Ubuntu 18.04 crashed both times (I assume due to huge...
-In Burp enterprise is there any other way to extract a more detailed report besides the HTML Scan summary report obtained like with the one of Burp Pro? -Regarding scanning capabilities :Which are the differences if any...
Hi dear portswigger community... could you recommend any rule / way in order to avoid intercepting all the data being sent over sockets? There's a video streaming in the background, and I'm trying to capture and work with...
Hi , My website asks for authentication on accessing the url. Once credentials are entered , my login is successful. This is without Burp proxy But once I set up Burp as proxy and access the website, I cannot login and...
I define two scans by clicking "new scan", my questions is how to run the two scan in parallel? how to set time out period to be 3 hours for audit? I find we can only set timeout for crawling. but I want to set for...
When I change my internet proxy, my internet fails to connect, and Burp Suite can't intercept any information. What can I do? Thanks
Hello, Is there a way to upload a list of custom payloads to burp enterprise scanner?
I am perfectly able to capture requests and get them shown as comment, but the victim this lab is talking about is not making any request. I have tried making the same post request at different throttles multiple times but...
Hi, I am trying to silent install the agents (this works), but now I have run into two issues: 1) I have to manually authorize an agent in the enterprise/webserver. 2) The agent is names 'new agent x'; Is there a...
may I know the difference between new scan and new live task? in the new scan//scan configuration/crawling/login functions, there are only two checkbox(1) attempt to self-register (2) trigger login failures, where to...
Hi, Every scan initiated via Burp's API initiates a crawling and auditing stage. It is possible to pre-configure an audit configuration and use it for the scan. However, I don't see an option to do that for a crawling...
in burp pro version, we have find many issue : , but in the advisory tab, there is no OWASP 2017 category (for example A1: injection, A2: broken authen)mentioned, so how to find OWASP category in burp? I have around 20 issues
This is my first time running Burp. Our version is Burp Pro 2.1.04. I have followed the installation tutorials and configure it on windows server 2012 R2 with firefox. Firefox is successfully using burp as the proxy. During...
Dear expert, can we do web server fingerprint in professional V2.1, for example list of the web server platform, technology, apache version, DNS record, bind information, under which menu can I find these info?
Page 244 of 311
Your source for help and advice on all things Burp-related.