Burp Suite User Forum

Create new post

Carreras de caballlos

Hola ok

Last updated: Jun 16, 2019 12:57AM UTC | 0 Agent replies | 0 Community replies | How do I?

Carreras de caballlos

Hola ok

Last updated: Jun 16, 2019 12:55AM UTC | 0 Agent replies | 0 Community replies | How do I?

unable to get a request from webgoat to burp suite

i have installed weboat which is running on port 8080. i have installed burp suite . changes proxy settings 127.0.0. 1: 8089 i have changed the proxy settings in chrome to 127.0.0. 1: 8089. I am able to get other requests...

Last updated: Jun 14, 2019 09:23AM UTC | 1 Agent replies | 0 Community replies | How do I?

Is it possible to have different severities in issues with the same name / type ?

Hi team. I was working on the Dradis burp add-on, I wanted to know if when parsing a burp xml file, is it possible for 2 <issue> elements with the same <name> and <type> to have a different <severity> value. Like...

Last updated: Jun 13, 2019 01:56PM UTC | 1 Agent replies | 0 Community replies | How do I?

SSO with microsoftonline.com

I see an SSO mechanism relying on enterprise Office.com integration. A GET with (expired or logged out) Office and local app cookies to a local app's __LOCAL_SITE__/__LOCAL_PATH__ gets a 302 redirect to...

Last updated: Jun 11, 2019 02:26PM UTC | 1 Agent replies | 1 Community replies | How do I?

scanner active testing url path

hello, how can I use burp suite to perform the following check: I have a list of URLs: 1 http://www.dominio.com/public1/public2/index.html 2 http://www.dominio.com/otro1/sid2/pagina.html 3...

Last updated: Jun 11, 2019 01:25PM UTC | 1 Agent replies | 0 Community replies | How do I?

Depicting OpenID flow using a message sequence chart

Dear Burp, as part of a research group we are investigating possible ways of visualizing the OpenID communication from a tool we developed. It was suggested for this purpose to use BURP for its proxy capabilities and the...

Last updated: Jun 10, 2019 03:51PM UTC | 1 Agent replies | 0 Community replies | How do I?

DOM-based XSS

Hey, I've got an dynamic analysis from one of request intercepted thru burp proxy: "Data is read from input.value and passed to jQuery. The source element has name form_type. The following value was injected into the...

Last updated: Jun 10, 2019 10:01AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Anti-CSRF POST

I am trying to run intruder on an app that employs anti-CSRF tokens within forms. Each form has a unique token that must be submitted with a POST request otherwise the session is invalidated. The process is as...

Last updated: Jun 10, 2019 09:38AM UTC | 2 Agent replies | 1 Community replies | How do I?

Scan Configurations JSON : Enterprise

I am trying to figure out the API for CI/CD of automating Burp. We have Enterprise Edition, and I can not find the "Configuration Library" or any other place to create a custom configfuration (so that I can see the JSON for...

Last updated: Jun 10, 2019 09:14AM UTC | 1 Agent replies | 0 Community replies | How do I?

Dom Based XSS

I got a notification from burp scanner as The application may be vulnerable to DOM-based cross-site scripting. Data is read from document.URL and passed to the 'prepend()' function of JQuery via the following...

Last updated: Jun 10, 2019 08:59AM UTC | 1 Agent replies | 0 Community replies | How do I?

Making Burp Trust/Use Custom TLS Certificates

I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows...

Last updated: Jun 07, 2019 03:57PM UTC | 1 Agent replies | 0 Community replies | How do I?

Automatic Header Token Problem

Hello, Most websites are using header token. But token is changing after every payload. Tokens does not appear on the Response. How to generate automatic header token with Burp Suite? For example(request...

Last updated: Jun 07, 2019 12:51PM UTC | 2 Agent replies | 1 Community replies | How do I?

Feed response of first response for other request as input during scan

I am facing issue when I trigger the scan on few requests. The scenario is, many of the requests in my application required API key as authorization value and key the can be used only once per request. If I trigger the scan...

Last updated: Jun 06, 2019 10:28AM UTC | 2 Agent replies | 1 Community replies | How do I?

Edit scanning configuration

Hi Burp Support, I noticed that I couldn't edit "Issues Reported" and "Insertion Points Types" in the "Edit scanning configuration" for a single scan. For example, if I select "Select individual issues" in "Issues...

Last updated: Jun 05, 2019 05:13PM UTC | 1 Agent replies | 1 Community replies | How do I?

invisible proxy

I want to ask that while creating invisible proxy if we have different requests forwarding to different domains how we set proxy listeners on different virtual network interfaces? I mean burp doc suggests that while creating...

Last updated: Jun 05, 2019 04:40PM UTC | 3 Agent replies | 2 Community replies | How do I?

How do I exclude any issues that are marked as false positive in a consecutive scan?

We run Active scan regularly against full application. Since in every scan, there is a chance that the same false positives will be reported, we want to eliminate the activity of identifying the repeated false positives in...

Last updated: Jun 04, 2019 09:02AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp scan not getting started using headless mode

Hi, I'm trying to automate burp scanning for iOS mobile apps. Tried the below command java -Djava.awt.headless=true -Xmx1g -jar /path/to/burp.jar --project-file=filename1.burp After using the above command the Proxy...

Last updated: Jun 03, 2019 01:16PM UTC | 3 Agent replies | 2 Community replies | How do I?

Scanning a site with Platform authentication (Burp suite enterprise Rest API).

Hi, I can't scan the site with basic authentication on "Burp suite enterprise edition" (RestAPI (from site)). How do I compose curl request with basic authentication tokens? Than You! Kind Regards! Andrii

Last updated: Jun 03, 2019 01:08PM UTC | 1 Agent replies | 0 Community replies | How do I?

Can't save project

I'm getting error saving a project and it's most important for me to save this project please help ASAP https://prntscr.com/nwjs8y

Last updated: Jun 03, 2019 09:30AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 264 of 321

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image