Burp Suite User Forum

Create new post

How can I run authenticated scan with 3 parameters on login page?

I am currently working on an automation and for that I need to run authenticated scan on our company's internal url with 3 parameters to login. I am using Enterprise edition and I would like to know the solution specific to...

Last updated: Jun 27, 2019 07:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Updating request programatically from a custom tab

When switching tabs in the HttpEditor (eg: from custom tab to raw), `IMessageEditorTab.getMessage` is invoked to update the request with user modified data. I would like to trigger the same behaviour programatically, so...

Last updated: Jun 26, 2019 01:53PM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Pro to test 35 different websites

Hi , I got trail licence of BurpPro to explore more on Burp and was happy to use the rich features of Burp. My requirement is to perform scanning for 35 different WebApplication with more or less similar functionality....

Last updated: Jun 26, 2019 10:11AM UTC | 1 Agent replies | 0 Community replies | How do I?

Custom Header

I installed the Add Custom Header extension and everything is fine with it. However, I have a question. Can someone tell me the exact steps I need to take to change my default username to a custom username?

Last updated: Jun 25, 2019 01:54PM UTC | 1 Agent replies | 1 Community replies | How do I?

Chrome/Chromium/FireFox will not work with Burp Suite

Hello, I am running Kali Linux and am trying to use the Burp Version 1.7.36. I have imported the Burp certificate into each browser (Chrome/Chromium/FireFox). None of these browsers will work with Burp. Burp intercepts...

Last updated: Jun 25, 2019 11:36AM UTC | 4 Agent replies | 4 Community replies | How do I?

Integrating Burp Suite Enterprise with JIRA

Are there any example or docs on how to integrate with JIRA? The settings page has a URL, email address, and token fields, but can this be used with an onsite JIRA installation? JIRA API allows for basic auth too...

Last updated: Jun 25, 2019 10:26AM UTC | 7 Agent replies | 5 Community replies | How do I?

Recreate burp open redirection (dom-based) dynamic analysis

We have a number of 'Open Redirection (DOM-based)' findings. In each case, the reported Request and Response look perfectly normal. The Dynamic analysis (DA) shows something completely different. When I Repeat the DA GET...

Last updated: Jun 24, 2019 10:18AM UTC | 1 Agent replies | 0 Community replies | How do I?

Add an "options" tab like the one the Proxy tool has to an extension

Hello, i am looking on how can I add an options tab like the one appearing in the Proxy Tool (here -> https://i.imgur.com/rxerJ5P.png) to a new extension I am trying. The extension is similar to the one here...

Last updated: Jun 24, 2019 09:18AM UTC | 3 Agent replies | 2 Community replies | How do I?

Interpreting path info in "strict transport security not enforced" issues

Hi, In "target"->"site map"->"Issues" tab, I sometimes see reported issues labelled "Strict transport security not enforced" with a path set to "/", but when the request is shown, the path is actually something else....

Last updated: Jun 21, 2019 12:20PM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp Headless Passive Scanning

Hi, new to Burp. I'm looking for a way to passively scan HTTP responses from a server to see if there are any vulnerabilities while burp is running headless, but not actively scan. I've found a few "headless"...

Last updated: Jun 21, 2019 09:05AM UTC | 2 Agent replies | 1 Community replies | How do I?

Scan Targets behind CAS

Hi, I want to run the scanner on a target that is behind CAS. How do I setup authentication for this scenario? Thank you Anup

Last updated: Jun 20, 2019 09:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Make subdomain bruteforce

Hi! How i can bruteforce subdomains with burp suite?

Last updated: Jun 19, 2019 12:25PM UTC | 0 Agent replies | 1 Community replies | How do I?

Replace expired access token in scanner request headers with the valid access token all at once

Hi Background : I am trying to scan our website using Burp scanner. I am able to configure session handling rules...

Last updated: Jun 19, 2019 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

I can't see a POST Requet in Proxy Intercept menu but it is in the HTTP history menu

I should find out a specific POST REQUEST in Proxy Intercept menu.. I couldn't find this in the menu but it was in HTTP HISTORY menu.. How can I find this in intercept menu..?

Last updated: Jun 18, 2019 07:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp collaborator server domain

hello, I have a looked at the documentation but could'nt find any reference. What is the domain name of the collaborator server that burp checks the interactions (when I click poll button)? I need to take a firewall...

Last updated: Jun 18, 2019 07:25AM UTC | 1 Agent replies | 1 Community replies | How do I?

asterisk platform authentication

hi, I need to put entry in platform authentication (user options-connections) for some domains. When I use a.foo.com, burp still asks another entry for b.foo.com. I want to use one entry for all *.foo.com. * doesn't seem...

Last updated: Jun 18, 2019 07:09AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Scan plugin Post Build Actions Report

Hello, We are using 'Burp Scan' plugin to integrate the Burp Enterprise with Jenkins. In the 'Post-build Actions' we are not able to find any options that would show the execution report that we can share with stake...

Last updated: Jun 17, 2019 12:20PM UTC | 1 Agent replies | 0 Community replies | How do I?

How to create a tab like the proxy tab

Hello, i would like to create a tab similar to the "Proxy" one where I can have "intercept on/off" and to forward or drop a package but to only capture communication between specific domains. How would i start something...

Last updated: Jun 17, 2019 09:51AM UTC | 2 Agent replies | 1 Community replies | How do I?

See the crawled URLs in Burp enterprise

Hi, we just set up a scan for one of our projects which was running for about 6 hours. But we did not find any output or finding which seems a bit unlikely due ot the number of requests issued (several thousand) To verify...

Last updated: Jun 17, 2019 09:09AM UTC | 3 Agent replies | 2 Community replies | How do I?

Session Handling with 2 CSRF Tokens

Hi I am trying to create a session handling rule for the request having 2 CSRF Tokens. My GET Request has 2 parameters of CSRF Tokens in the response. I am extracting those while creating my macro. but it is still now...

Last updated: Jun 17, 2019 08:17AM UTC | 2 Agent replies | 1 Community replies | How do I?

Page 263 of 321

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image