How do I? - Page 244 - Burp Suite User Forum

Hi PortSwigger team, We have an internal test application that we know to have an XSS issue in a pre-authentication login page. The issue was identified by the Burp Pro scanner, but not by the Enterprise Edition....

step3 never progress after several hours

Hi, I launch a scan and audit for a website. step1: live passive crawl, step2: live audit from proxy, step3: crawl and audit of website, step1 and step 2 finish in one hour, but in step3, it progress 30%, after five...

Web Credentialed Scanning

I can do a live scan and audit for vulnerabilities; but I cannot seem to have that happen automatically; when I attempt to do an automated scan; it scans the front door landing pages, it does not "see" any login forms. Need...

IIS 7.5 crashes when actively scanning website

Needing help with a issue I have been having for a while. This is issue only happens on the test server, it does not happen on production server at all. The issue I having is when I am actively scanning after about 20...

Scan authenticate

hello, I would like to carry out an authenticated scan on the domain Y but to access this domain I must login on the domain X. Can I do it with burp professional ? If this is possible, how can I do it ?

Run Intruder attack in silent mode

Hi All, I just download a free trial of Burp Suite Professional to evaluate it I tried to configure a couple of intruder attacks in Brute Forcer mode but the GUI of my Ubuntu 18.04 crashed both times (I assume due to huge...

Burp Enterprise Questions

-In Burp enterprise is there any other way to extract a more detailed report besides the HTML Scan summary report obtained like with the one of Burp Pro? -Regarding scanning capabilities :Which are the differences if any...

A rule for avoiding socket.io noise?

Hi dear portswigger community... could you recommend any rule / way in order to avoid intercepting all the data being sent over sockets? There's a video streaming in the background, and I'm trying to capture and work with...

Cannot scan using Burp

Hi , My website asks for authentication on accessing the url. Once credentials are entered , my login is successful. This is without Burp proxy But once I set up Burp as proxy and access the website, I cannot login and...

parallel scan and time out

I define two scans by clicking "new scan", my questions is how to run the two scan in parallel? how to set time out period to be 3 hours for audit? I find we can only set timeout for crawling. but I want to set for...

proxy connection

When I change my internet proxy, my internet fails to connect, and Burp Suite can't intercept any information. What can I do? Thanks

Add custom payloads to burp enterprise

Hello, Is there a way to upload a list of custom payloads to burp enterprise scanner?

Problem in Exploiting HTTP request smuggling to capture other users' requests, victim not requesting

I am perfectly able to capture requests and get them shown as comment, but the victim this lab is talking about is not making any request. I have tried making the same post request at different throttles multiple times but...

Automatically accept agent

Hi, I am trying to silent install the agents (this works), but now I have run into two issues: 1) I have to manually authorize an agent in the enterprise/webserver. 2) The agent is names 'new agent x'; Is there a...

new scan and task dif

may I know the difference between new scan and new live task? in the new scan//scan configuration/crawling/login functions, there are only two checkbox(1) attempt to self-register (2) trigger login failures, where to...

Initiating scans through API

Hi, Every scan initiated via Burp's API initiates a crawling and auditing stage. It is possible to pre-configure an audit configuration and use it for the scan. However, I don't see an option to do that for a crawling...

OWASP and issue

in burp pro version, we have find many issue : , but in the advisory tab, there is no OWASP 2017 category (for example A1: injection, A2: broken authen)mentioned, so how to find OWASP category in burp? I have around 20 issues

Status "Errors: Unknown"

This is my first time running Burp. Our version is Burp Pro 2.1.04. I have followed the installation tutorials and configure it on windows server 2012 R2 with firefox. Firefox is successfully using burp as the proxy. During...

web server fingerprint

Dear expert, can we do web server fingerprint in professional V2.1, for example list of the web server platform, technology, apache version, DNS record, bind information, under which menu can I find these info?

post

Enterprise