How do I? - Page 254 - Burp Suite User Forum

Unable to getting API hits of my xamarin iOS app in burp while browser activity is getting record

I have xamarin iOS and I have done all my configuration in burp as well as in device 1. IOS version 12.3.1 2. Burp Suit professional v2.1 3. Added proxy listeners 4. Added same proxy listeners in my iPad 5. Try with...

Dark/Alternate Java Look and Feel

Hello, Is there any way to change the look and feel to anything other than the four in options? If not, are there plans to implement the dark metal/nimbus themes? Thanks! Colin

How do I configure a test with customised 3 criteria login details

How do I configure a test with customised 3 criteria login details. Essentially to login into the application I have to enter an username, a password and my Client name. In your application I can only enter the username and...

Insertion Points [x skipped]

Sorry, but I couldn't find this explained anywhere. When the Scan queue reports "[x skipped]" under Insertion points, what does that mean? Thanks.

"No response received from remote server"

After I make a few requests to the web server, I received an error "No response received from remote server" in browser. The alerts tab also shows the same error message. I saw a solution which is to resolve by reloading CA...

How can I intercept traffic on iOS 10?

Always when I try to intercept traffic from some specific Apps on iOS 10 I get the error below. The client failed to negotiate an SSL connection to graph.facebook.com:443: Received fatal alert: unknown_ca I did some...

Invalid Directory Structures found during scans

Hi Team, With the new upgrade to v2.1 Prof Edition, i ran a crawl and audit and i see lot of invalid directory structures (Image link: http://prntscr.com/o8uto8) now in my website. Unable to find out how to disable...

Can we install Burp Suite Professional version in server

What's the difference between "Normal" and "Open-ended responses" timeout?

I see that I can configure timeout. What's does the "Normal" and "Open-ended responses" timeout mean? I have a request that took server very long time to response because it need to query a very large database. Which one...

Burp session handling in multiple scanner threads

Hi all, I just wanted to know how burp handles in-session detection and subsequent macro execution while scanning using multiple threads. Suppose the following scenario. I log in the application and get a valid...

Burp 2.0 Rest API documentation

Where can I get detailed documentation of the Burp 2.0 Rest API (https://portswigger.net/blog/burps-new-rest-api) particularly its usage. I tried using it by first invoking the SCAN method - I supplied the target url,...

HSTS

Hello Dear hsts is enable on my website but when checked hsts for my web site with burp suite 1.7.37 sometimes it works ,sometimes it does not work correctly. how can solve this problem?

Session expiry and passing of new session while scanning

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a...

Burp professional for automatic runs

Hi, Is this possible to setup automatic runs with "Burp Professional Scanner" ? Like - Run Burp professional scanner once in a week either using Jenkins or Simple Windows batch file or using Burp API's ?

Run Beta and Professional Edition Together on Windows box

How can we run 2 editions together on the same box ? currently it kills the license of the other edition and asks us to reactivate it again when run the beta while professional version is running ( or vice versa). Amit

Running Spider / Scanner Clobbers Server (or just CF service)

Hi there. I'm not blaming Burp Suite here, as we've encountered the same thing with some other web app scanners, but I'm hoping for some Burp-specific advice. When we run a typical, basic spidering / scanning of a...

Scanning doesnt stop when the session is invalid

How can I stop the scanning when the session has expired. My requirement is that, the scanning should stop as soon as the response has an invalid session and must continue only once it gets a valid session. How, can I...

Importing scan configuration in a headless mode

Hello, When running Burp in headless mode I can pass project configuration parameters, which include most of the settings except for scan configuration. Is it possible to import custom scan configuration (exists in...

Session dies while scanning

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done:

How can I run authenticated scan with 3 parameters on login page?

I am currently working on an automation and for that I need to run authenticated scan on our company's internal url with 3 parameters to login. I am using Enterprise edition and I would like to know the solution specific to...