How do I? - Page 266 - Burp Suite User Forum

Problem in Exploiting HTTP request smuggling to capture other users' requests, victim not requesting

I am perfectly able to capture requests and get them shown as comment, but the victim this lab is talking about is not making any request. I have tried making the same post request at different throttles multiple times but...

Automatically accept agent

Hi, I am trying to silent install the agents (this works), but now I have run into two issues: 1) I have to manually authorize an agent in the enterprise/webserver. 2) The agent is names 'new agent x'; Is there a...

new scan and task dif

may I know the difference between new scan and new live task? in the new scan//scan configuration/crawling/login functions, there are only two checkbox(1) attempt to self-register (2) trigger login failures, where to...

Initiating scans through API

Hi, Every scan initiated via Burp's API initiates a crawling and auditing stage. It is possible to pre-configure an audit configuration and use it for the scan. However, I don't see an option to do that for a crawling...

OWASP and issue

in burp pro version, we have find many issue : , but in the advisory tab, there is no OWASP 2017 category (for example A1: injection, A2: broken authen)mentioned, so how to find OWASP category in burp? I have around 20 issues

Status "Errors: Unknown"

This is my first time running Burp. Our version is Burp Pro 2.1.04. I have followed the installation tutorials and configure it on windows server 2012 R2 with firefox. Firefox is successfully using burp as the proxy. During...

web server fingerprint

Dear expert, can we do web server fingerprint in professional V2.1, for example list of the web server platform, technology, apache version, DNS record, bind information, under which menu can I find these info?

authent scan and un-authent scan in one project file

we need to scan www.zzz.com(unauthen scan) and www.zzz.com/abc(authent scan), i'm given credentials under www.zzz.com/abc in user options/platform authen, I configure user credentials basic authen for www.zzz.com(host), but...

License usage

How do I check my team's license usage. I am new to Burp. Thanks, Jay

How to setup Burp to intercept a client apps?

I have a .exe client installer and I am wondering whether I can use Burp to intercept the traffic of this client application after I install it on my laptop? If yes, how can I do that?

Crawl and Audit Scan with Authentication

I'm using Burp Pro and configured New Scan with Crawl and Audit with Application Login , but Crawl and Audit is only happening without authentication , scanner is not doing an authenticated Crawl and Scan inspite of giving...

authent scan with client ssl

I need to do authent scan for a website, I configure credential in user options, is it enough? do I need to configure session handling rules? do I need to configure browser to use burp root certificate? do I need to...

Report should include the Audit Items

Hi Team, I'm using Burp Suite Professional and I'm looking for an option to add the list of audit items to the issue report. The goal is to have an evidence about the scan of the website site for my customer. Any hints or...

https: url scan and report generation

we have scan normal http url. we are using burp pro2.1, to scan url with https://...., we just paste https link in the target, is there any more configuration compared to http url we need to do? after scan and audit,...

Web Credentialed Scanning

Hi all, probably asked a bunch, but I am trying to do web credentialed scanning of an application. Burp Suite Pro does not appear to 'see' the login page. It will scan the login page, but not actually login.

test xpath injection, cookies attributes, exposed session variables and session fixation

how to test test xpath injection, cookies attributes, exposed session variables and session fixation and doing PoC (proof of concept)

Converting Python List to java.util.List

Using Python, I am trying to get the result of invocation.getSelectedMessages() to be passed into the function sendToIntruder() as the payloadPositionOffsets Parameter. I can't seem to get the right format to put into...

save state in burp pro

in burp pro2.1 the save state missing, so how to save the state?

Burpsuite username and password dictionary files

we are using burp intruder, we need user name and password emulation. does portswigger provide username and password dictionary files , so we can use it as payload, where can I download such files

2.1 Load from Configuration File help

I trying to get user setting to work like I had in the older version 1.7.37 Does not work at all. I try to create a new one that did not save any settings, example Proxy tab having the Intercept is off not on. I try to...