How do I? - Page 255 - Burp Suite User Forum

DOM-based XSS

Hey, I've got an dynamic analysis from one of request intercepted thru burp proxy: "Data is read from input.value and passed to jQuery. The source element has name form_type. The following value was injected into the...

Burp Suite Anti-CSRF POST

I am trying to run intruder on an app that employs anti-CSRF tokens within forms. Each form has a unique token that must be submitted with a POST request otherwise the session is invalidated. The process is as...

Scan Configurations JSON : Enterprise

I am trying to figure out the API for CI/CD of automating Burp. We have Enterprise Edition, and I can not find the "Configuration Library" or any other place to create a custom configfuration (so that I can see the JSON for...

Dom Based XSS

I got a notification from burp scanner as The application may be vulnerable to DOM-based cross-site scripting. Data is read from document.URL and passed to the 'prepend()' function of JQuery via the following...

Making Burp Trust/Use Custom TLS Certificates

I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows...

Automatic Header Token Problem

Hello, Most websites are using header token. But token is changing after every payload. Tokens does not appear on the Response. How to generate automatic header token with Burp Suite? For example(request...

Feed response of first response for other request as input during scan

I am facing issue when I trigger the scan on few requests. The scenario is, many of the requests in my application required API key as authorization value and key the can be used only once per request. If I trigger the scan...

Edit scanning configuration

Hi Burp Support, I noticed that I couldn't edit "Issues Reported" and "Insertion Points Types" in the "Edit scanning configuration" for a single scan. For example, if I select "Select individual issues" in "Issues...

invisible proxy

I want to ask that while creating invisible proxy if we have different requests forwarding to different domains how we set proxy listeners on different virtual network interfaces? I mean burp doc suggests that while creating...

How do I exclude any issues that are marked as false positive in a consecutive scan?

We run Active scan regularly against full application. Since in every scan, there is a chance that the same false positives will be reported, we want to eliminate the activity of identifying the repeated false positives in...

Burp scan not getting started using headless mode

Hi, I'm trying to automate burp scanning for iOS mobile apps. Tried the below command java -Djava.awt.headless=true -Xmx1g -jar /path/to/burp.jar --project-file=filename1.burp After using the above command the Proxy...

Scanning a site with Platform authentication (Burp suite enterprise Rest API).

Hi, I can't scan the site with basic authentication on "Burp suite enterprise edition" (RestAPI (from site)). How do I compose curl request with basic authentication tokens? Than You! Kind Regards! Andrii

Can't save project

I'm getting error saving a project and it's most important for me to save this project please help ASAP https://prntscr.com/nwjs8y

How do I stop certain file types going to the active scanner?

This seems like it should be easy, but it's not working as I expected. I want to block all files of a certain type from going to the active scanner, even if it's otherwise in scope. For example, if I want to stop all CSS...

Burp is not intercepting request

Hi, I have been trying to configure Burp without success, as it is not intercepting requests from localhost. I have used Burp on another computer in the past but I can't get the correct setup to make it work again. My...

Web Server URL Clarification (Burp Suite Enterprise)

I'm a bit unclear about what the "Web Server URL" setting is in the Network settings of Burp Suite Enterprise. Is this to change it so that I don't have to access the admin console from "[IP Address]:8080"? If so, I tried...

Where is the firefox "plug-n-hack" plugin?????

There is extensive reference to it in the Burp documentation. I have seen forums elsewhere where people allude to it. Even saw somewhere a screenshot someone maybe 18 months ago of it installed in Firefox. But I can find...

Getting started: Failure because Firefox 67 changes always http: to https:

In the beginning 'Getting Start' you tell me: ... (don't use HTTPS for the moment) ... Firefox 67 changes every URL from http: to https: and nothing works. Several fixes found in the web do not work. Can you help?

Iterface to intercept requests/response before arriving/sending.

Im using processHttpMessage to intercept both requests and response and perform some custom encryption/decryption. I would like to modify the responses before they arrive on my burp history and I want the request body to get...

We want to renew our Brupsuit for $349. Request you to send the renewal payment link

We require Renewal payment link of Brup Suit Professional -1year License for $349. And we forgot our Password please reset password