How do I? - Page 262 - Burp Suite User Forum

No Response to my request for BurpSuite Professional Trial

I sent request for Free Trial BurpSuite Professional on 12th November, but I got no response. Was my request rejected?

How to load a cert bundle, cert and key?

Has anyone had to load client certs for mutual tls into the latest burp recently? Basically, I am trying to replicate the following in Burp: curl https://domain.com/api/test --cacert ./api-trust.bundle --cert...

How to Use Macros?

Hello Support, I am in a situation where I need to automate my testing using Macros. I have a JSON POST request which submits the data on the server but I can't repeat the same request again due to the key-value used in...

Fraud

En français

HTTP History and patterns

Hi, Is there any mean to avoid a request with a pattern to be sent to HTTP history? I mean, being someone that deals a lot with HTTP history I want sometimes to avoid my HTTP history to be polluted with analytics paths such...

Get a list of Scanned URLs

Hi, I have two questions. Is it possible to get a list of scanned URLs ? Is it possible to send a notification after the scan complete? (e.g. send mail or call api for webhook) Regards,

cant release license

Hi, I work with Burp Pro, recently I lost the vm image (vm crash) on which Burp was running, as such I am unable to release the license, now I have bgot a new vm built for my work, but cant install the burp on it as its...

Intruder - Attack Types - How can I use dynamic numbers for only a param While attac okther params

I have a request that need to different attack type for example; register_user.php?name=[payload1]&address=[payload2]&mail=[payload3] And a Payload list with 100 line. Iwant to test results following: Payload1 =...

Migrating from Burp Suite professional v1.7.37 to 2.1.x

Our teams are currently using Burp Suite professional v1.7.37. As part of nightly automation workflow, we starts up Burp from commadline and pass pre-configured settings (user settings and project settings) e.g. using...

Lab: CORS vulnerability with internal network pivot attack - step 1 not working

Hi there, While attempting to follow the instructions for step 1 it does not appear that after "store" the exploit and then "deliver exploit to victim" that the victim is actually visiting the exploit link. There is...

Scan POST Parameter with REST API

Hi, I am currently testing the REST API of the Burpsuite Pro and trying to scan POST parameters. The scan starts but only the GET requests to the URL I entered in the scope are scanned. The POST request with...

No licenses or order update.

Hi, I purchase a professional license and I haven't recieved anything yet. I already sent an email to office@portswigger.net. But no answer, I expect to get the license fast or something. Hope to get an answer soon.

[Information Required] Number of follow-up passes performed on completion of each audit phase

Hi, I was wondering if anyone could help me with the "number of follow-up passes that are performed on completion of each audit phase" option configured in the Built-in Scan configuration (e.g. Audit Coverage-thorough,...

Burp 2 - v2.1.06 - Scan / Crawl sends four times the same HTTP request for each entry

Hello, While doing a scan / crawl of a website, I noticed that Burp 2 makes 4x time the same HTTP requests for each crawl action. for instance it will query /robots.txt four times, this happens also when setting the...

More info on "Identify Backend Parameters"

During a scan I have found an endpoint with the issue "Interesting input handling: Backend Parameter Injection". In the advisory there is the suggestion to click on the "Identify Backend Parameters" entry of the context...

Monitoring Traffic for Android Device Not Connected to same WIFI as my Laptop

Hi, I want to intercept traffic for an Android device to test security variabilities in different Android Apps. I am planning to use a Genymotion emulator which will be hosted on Amazon Web Service E2C...

Can we use Burp Tool for testing "netty socket server"

We have an application which is send request and give response if it's valid which use netty socket server to do this. My organization is doing R&D weather we can use 'BURP Tool' for atchiving this can you please provide...

Scan Status

What are the different status of scan in burp ? Out of my 100 urls, to some of the urls i get the status as DONE and for others i get as request timed out. Should i expect the status as DONE for all the URl i produce to burp...

How to configure Burp Suite for traffic to/from Docker container?

As titled really. I have it setup correctly to monitor all browser traffic, however when I'm hitting a local container web app at localhost, it isn't intercepting. Can you offer any guidance?

How do i get CWE references from /scan response

I have noticed that Burp Suite Enterprise Edition web app has CWE references included under ‘Vulnerability classifications’ in every scan result. however, API json scan output doesn’t contain it. I would like to have these...