How do I? - Page 247 - Burp Suite User Forum

Make Poxy port persitent

Hi, Is there any way of making a proxy port change persitent across sessions? Thanks!

Dark mode missing in pro 2.1 release?

If I go Burp -> User options -> I only have Restore Defaults, Load user options, Save user options. I have no ability to change display or load the darkcula theme. Nor can I find any evidence of a darkcula theme on my...

How can I run authenticated scan with 3 parameters on login page?

I am currently working on an automation and for that I need to run authenticated scan on our company's internal url with 3 parameters to login. I am using Enterprise edition and I would like to know the solution specific to...

No errror is showing while scanning

I have been scanning many different website using burp 2.0 Professional Version but no error which is present is showing and i have scanned many different website with know vulnerabilites like sql and blind sql injection....

microsoft dynamics 365 NTLM authentication through Burp

I am pentesting MS dynamics on premise. I keep getting NTLM authentication through burp. Without burp is my NTLM authentication OK. Even through ZAP, my NTLM authentication is OK. I keep getting in response "Not Authorized"

My License

Its been 24 hours and I have not received my license yet.

Automatically Spider as i browse in Burp 2

I know you can right click on a site in the site map and have it crawl/spider the site and actually request pages. but how do i get it to do this as I browse? the passive crawl function lists the links in site map but they...

Burp with SSO which only works on organisations proxy

I am not able to change proxy, if i change proxy i cant access the site so no testing can be done using burp. What can be done?

Password seen in clear text on Burp tool

Hi , My website has login form. I have entered username and password and intercepted in Burp proxy. Password is seen in clear text in request body Is this vulnerability ? Also, please explain how is this possible...

License

Hi, im paid for license, but not received code yet. Mail kolynama11@gmail.com. https://i.imgur.com/xJeZGVo.png

Payload Now showing

I need to set more than 2 payload set, but I can't define more than 2 payload set.

Ho do I perform Load/Performance testing using Burp suite

Unable to connect the DB

First time is allowed to login. However second time try to login using the same credential. It's not allowed login. Used to the default database for burp suite.

Add custom XSS Payloads in Scanner

Hi, Is it possible to add custom XSS payloads in version 2 (scanner)? someone asked something similar a long time...

Active Scan from 1.7

I used to be able to click on scanner, and browse around the webapplication and vulnerbilities would populate inside of site map. But in 2.0 This seems to be different. I tried all Live Task options and nothing populates...

Intercept SSL traffic for Android Nougat 7 and above version.

Hi, do I need to decompile, add the security config xml file in application folder and recomiple every time while doing security testing in Android Nougat 7 and above versions ? As I am facing difficulty in testing android...

How addToSiteMap decides if there is any existing matching item in the site map?

I'm working on a burp extension to create a site map from burp logs saved in an XML file. The burp log may contain redundant logs in it. Hence, when adding IHttpRequestResponse to site map using...

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

Hello, I'm new in this world and I already have an issue on the first lab (F****ng Hell) but i'm not down yet ! Even reading the solution I have issue on finding the "Unrecognized method GPOST" when using the Burp...

Problem With the certificate

I cannot acces the page http://burp/ , the page is not working, how to get the certificate?

Burp with VPN in mobile.

My android application works when it is connected to VPN only, I have installed VPN in my mobile and now my application is working fine. But problem is burp is not able to intercept request when mobile is connecting to...