How do I? - Page 250 - Burp Suite User Forum

No errror is showing while scanning

I have been scanning many different website using burp 2.0 Professional Version but no error which is present is showing and i have scanned many different website with know vulnerabilites like sql and blind sql injection....

microsoft dynamics 365 NTLM authentication through Burp

I am pentesting MS dynamics on premise. I keep getting NTLM authentication through burp. Without burp is my NTLM authentication OK. Even through ZAP, my NTLM authentication is OK. I keep getting in response "Not Authorized"

My License

Its been 24 hours and I have not received my license yet.

Automatically Spider as i browse in Burp 2

I know you can right click on a site in the site map and have it crawl/spider the site and actually request pages. but how do i get it to do this as I browse? the passive crawl function lists the links in site map but they...

Burp with SSO which only works on organisations proxy

I am not able to change proxy, if i change proxy i cant access the site so no testing can be done using burp. What can be done?

Password seen in clear text on Burp tool

Hi , My website has login form. I have entered username and password and intercepted in Burp proxy. Password is seen in clear text in request body Is this vulnerability ? Also, please explain how is this possible...

License

Hi, im paid for license, but not received code yet. Mail kolynama11@gmail.com. https://i.imgur.com/xJeZGVo.png

Payload Now showing

I need to set more than 2 payload set, but I can't define more than 2 payload set.

Ho do I perform Load/Performance testing using Burp suite

Unable to connect the DB

First time is allowed to login. However second time try to login using the same credential. It's not allowed login. Used to the default database for burp suite.

Add custom XSS Payloads in Scanner

Hi, Is it possible to add custom XSS payloads in version 2 (scanner)? someone asked something similar a long time...

Active Scan from 1.7

I used to be able to click on scanner, and browse around the webapplication and vulnerbilities would populate inside of site map. But in 2.0 This seems to be different. I tried all Live Task options and nothing populates...

Intercept SSL traffic for Android Nougat 7 and above version.

Hi, do I need to decompile, add the security config xml file in application folder and recomiple every time while doing security testing in Android Nougat 7 and above versions ? As I am facing difficulty in testing android...

How addToSiteMap decides if there is any existing matching item in the site map?

I'm working on a burp extension to create a site map from burp logs saved in an XML file. The burp log may contain redundant logs in it. Hence, when adding IHttpRequestResponse to site map using...

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

Hello, I'm new in this world and I already have an issue on the first lab (F****ng Hell) but i'm not down yet ! Even reading the solution I have issue on finding the "Unrecognized method GPOST" when using the Burp...

Problem With the certificate

I cannot acces the page http://burp/ , the page is not working, how to get the certificate?

Burp with VPN in mobile.

My android application works when it is connected to VPN only, I have installed VPN in my mobile and now my application is working fine. But problem is burp is not able to intercept request when mobile is connecting to...

JRE Warning

Hello When I start up Burp Suite, I get the error message, "Your JRE appears to be version 12.0.1 from Oracle Corporation. Burp has not been fully tested on this platform and you may experience problems." Should I be...

Viewing VIEWSTATE in responses as well as requests

The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it...

headless xml report with

Hi Guys, Looking for quick help how can we get an XML report with base64 as false <request method="GET" base64="false">. I mean I need request and response in plain text rather than base64 encoded. I ran burp in headless...