How do I? - Page 256 - Burp Suite User Forum

SSO with microsoftonline.com

I see an SSO mechanism relying on enterprise Office.com integration. A GET with (expired or logged out) Office and local app cookies to a local app's __LOCAL_SITE__/__LOCAL_PATH__ gets a 302 redirect to...

scanner active testing url path

hello, how can I use burp suite to perform the following check: I have a list of URLs: 1 http://www.dominio.com/public1/public2/index.html 2 http://www.dominio.com/otro1/sid2/pagina.html 3...

Depicting OpenID flow using a message sequence chart

Dear Burp, as part of a research group we are investigating possible ways of visualizing the OpenID communication from a tool we developed. It was suggested for this purpose to use BURP for its proxy capabilities and the...

DOM-based XSS

Hey, I've got an dynamic analysis from one of request intercepted thru burp proxy: "Data is read from input.value and passed to jQuery. The source element has name form_type. The following value was injected into the...

Burp Suite Anti-CSRF POST

I am trying to run intruder on an app that employs anti-CSRF tokens within forms. Each form has a unique token that must be submitted with a POST request otherwise the session is invalidated. The process is as...

Scan Configurations JSON : Enterprise

I am trying to figure out the API for CI/CD of automating Burp. We have Enterprise Edition, and I can not find the "Configuration Library" or any other place to create a custom configfuration (so that I can see the JSON for...

Dom Based XSS

I got a notification from burp scanner as The application may be vulnerable to DOM-based cross-site scripting. Data is read from document.URL and passed to the 'prepend()' function of JQuery via the following...

Making Burp Trust/Use Custom TLS Certificates

I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows...

Automatic Header Token Problem

Hello, Most websites are using header token. But token is changing after every payload. Tokens does not appear on the Response. How to generate automatic header token with Burp Suite? For example(request...

Feed response of first response for other request as input during scan

I am facing issue when I trigger the scan on few requests. The scenario is, many of the requests in my application required API key as authorization value and key the can be used only once per request. If I trigger the scan...

Edit scanning configuration

Hi Burp Support, I noticed that I couldn't edit "Issues Reported" and "Insertion Points Types" in the "Edit scanning configuration" for a single scan. For example, if I select "Select individual issues" in "Issues...

invisible proxy

I want to ask that while creating invisible proxy if we have different requests forwarding to different domains how we set proxy listeners on different virtual network interfaces? I mean burp doc suggests that while creating...

How do I exclude any issues that are marked as false positive in a consecutive scan?

We run Active scan regularly against full application. Since in every scan, there is a chance that the same false positives will be reported, we want to eliminate the activity of identifying the repeated false positives in...

Burp scan not getting started using headless mode

Hi, I'm trying to automate burp scanning for iOS mobile apps. Tried the below command java -Djava.awt.headless=true -Xmx1g -jar /path/to/burp.jar --project-file=filename1.burp After using the above command the Proxy...

Scanning a site with Platform authentication (Burp suite enterprise Rest API).

Hi, I can't scan the site with basic authentication on "Burp suite enterprise edition" (RestAPI (from site)). How do I compose curl request with basic authentication tokens? Than You! Kind Regards! Andrii

Can't save project

I'm getting error saving a project and it's most important for me to save this project please help ASAP https://prntscr.com/nwjs8y

How do I stop certain file types going to the active scanner?

This seems like it should be easy, but it's not working as I expected. I want to block all files of a certain type from going to the active scanner, even if it's otherwise in scope. For example, if I want to stop all CSS...

Burp is not intercepting request

Hi, I have been trying to configure Burp without success, as it is not intercepting requests from localhost. I have used Burp on another computer in the past but I can't get the correct setup to make it work again. My...

Web Server URL Clarification (Burp Suite Enterprise)

I'm a bit unclear about what the "Web Server URL" setting is in the Network settings of Burp Suite Enterprise. Is this to change it so that I don't have to access the admin console from "[IP Address]:8080"? If so, I tried...

Where is the firefox "plug-n-hack" plugin?????

There is extensive reference to it in the Burp documentation. I have seen forums elsewhere where people allude to it. Even saw somewhere a screenshot someone maybe 18 months ago of it installed in Firefox. But I can find...