How do I? - Page 263 - Burp Suite User Forum

how do i convert multipart gzip to original file

during my research i'm intercepting some packages like this: Content-Type: multipart/form-data; boundary=cLXA2xHy63hD9QS92t_yJwlwnL8vVb Accept-Encoding: gzip, deflate X-FB-HTTP-Engine: Liger Connection:...

Crawling and Auditing a Shibboleth Protected website

We are trying to crawl and audit a shibboleth protected site and am only seeing the public facing pages being crawled and audited.We can see the sitemaps and items when manually traversing the site via the proxy and browser....

http://burp/ not reachable

hi folks I am trying to install the CA for firefox and the suggestion to download from http://burp/ results in the site not being reachable. Is the site down? I have tried this from multiple computers and networks and...

IPV6 scanning through Burp 2.1.5 tool

Hi Team, I need to do IPV6 scanning using latest Burp 2.1.5 tool on windows. steps 1: https://[IPV6]/ entered in the browser. step2 . At Burp side Intercept is On on windows Machine. Step3: Burp cannot able to get...

Pass the Build in Jenkins even Burp_scan shows vulnerabilities for Burp Enterprise

Team, Could you please let me know how to pass the build in Jenkins despite vulnerabilities being identified using the burp enterprise edition? The BURP_SCAN_STATUS is succeeded in Jenkins but Build is marked as Failure...

How to run active scan from burp command line for burp 2.1

I am taking help of headless burp extension and running the below command java -jar -Xmx1g -Djava.awt.headless=true "C:\Program Files\BurpSuitePro\burpsuite_pro.jar" --project-file=project.burp -c config.xml but this will...

Not able to intercept specific HTTPS traffic

Hello, I am not able to intercept the HTTPS traffic using burp. I have installed certificate. I able to intercept the https://www.google.com but not able to intercept one specific URL. When i set the proxy, URL main page...

Can I passively scan some specific words?

Hi, I would like to scan some specific words such as "Storage" or "DB" in JS files. Can I do the same using passive scan function in Burp?

lab question

how am i supposed to steal cookies from this lab "Lab: Exploiting cross-site scripting to steal cookies" without having burp professional and without using Burp Collaborator client I've tried redirecting users to my site...

Exporting site map

Hi, I am developing an extension that will perform the same functionality as it can be done manually by right clicking on items in Target's site map or Proxy history and then selecting "Save items". Using manual process I...

Burp API

Hi, team! I want to automate BurpSuite scans using burp's REST API (https://portswigger.net/blog/burps-new-rest-api) but receive errors when sending requests to start the scan. I run burp in headless mode. My request...

Turn off crawling in enterprise?

Is there a configuration which will let me not crawl the site I'm crawling at all and JUST scan the URL(s) provided? I have an application which contains the ability to self-register a user, and I'd like to be able to...

JSON Response hidden data

Hey there burp community, Here is my question : I was using the repeater tool to send requests and in the response some of the data was hidden/censored by an asterix (*) (eg....

i can get in 'http://burp/' but other websites

i run proxy 127.0.0.1:8080 with burp suite and set chrome or firefox proxy at 127.0.0.1:8080, finally,i just can enter 'http://burp/' to download certificate . and all the other websites, i couldn't get in .why? why?

How do I run passive scan on a specific request

It does not appear to be possible to run _passive_ scan rules on one or multiple requests. There used to be an option in the right-click menu in proxy, target and other.

How to use burpsuite pro shipped with burp enterprise

Hi Team, I want to know how to use burpsuite pro shipped with burp enterprise version. Is it possible to use it or trigger it with vmware/burp-rest-api. Kindly let me know how this can be worked on?

Burp Extender support in Free Edition

We currently pay for the Pro Edition however numerous cases have arisen to develop tools for continued use by other individuals who currently do not pay for the Professional Edition. Is there any support for Extensions in...

how burpsuit pro track this 'stranger' or assessment my PC to prove my PC have been hacked ?

hi, i have PC for penetration test for internal application. but i suspect my PC has been hacked by other stranger. how burpsuit pro track this 'stranger' or assessment my PC to prove my PC have been hacked ?

Web Security Academy - Blind XXE Lab 3 ("Exploiting blind XXE to exfiltrate data using a malicious")

Dear Support, I tried the challenge to receive the /etc/hostname using the following: Initial XML in HTTP request: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE foo [ <!ENTITY % xxe SYSTEM...

OWASP top 10 reporting?

Is there a way to customize the reporting to show OWASP top 10 report or how can we get OWASP top 10 reporting? Thanks