How do I? - Page 267 - Burp Suite User Forum

burp problem

hi dear : i have problem with the burp suite 1- i download CA Certificate 2- i import the Certificate in my Browser's authority certificate 3- i get permission for trust but is not work i don't know why

Unable to configure Burp with a web application which prompts 3 certificates while accessing

Hello Team, We are working on a web application where the application requires 3 certificates (with .p12 extension) which are related to Admin user 1, 2 & 3 are to be installed post that the application will be accessible...

Burp new rest api feature

Hi, I am trying to use rest api feature on my professional. But getting the problem with the POST call, when I send the post request with the URL, it is not doing the proper crawling and scan. And when I am sending data for...

How do I intercept and Add to Site Map requests PUT/UPDATE/HEAD/DELETE

Hello, I am just in the middle of Web Service Pentest - REST API. I received Swagger documentation and right now I am trying to spider all the endpoints and methods to Burp. Problem is, I am not able to intercept any...

BurpSuite Enterprise - Agent does not use upstream proxy server

Hi everyone, I am currently evaluating Burp Enterprise. I installed all components on the same machine. On this machine I need to use a proxy to reach the Internet. This proxy listens on the loopback interface. I've...

SnipSegment

Dear Support Center, Now I`m using REST API to check a happend issue and its response and request. But the data we`ve got the following API command does not have the all response. curl -vgw "\n" -X GET...

Download zip files for further testing from an intruder attack

I am running an intruder attack where the response is a zip file. How can I save the zip files into a folder automatically so that I can do further custom testing using them? Thank you.

Cross-site scripting (DOM-based)

Hi, When I am doing an active scan on a website, I got an issue name Cross-site scripting (DOM-based) with Severity: High Confidence: Tentative Issue detail The application may be vulnerable to DOM-based...

Burp CA in System and Google Play Store still report No internet connection

Burp CA installed as trusted on the Android Nougat OS level rooted device, but Google Play Store still inform that there is "No internet connection. Make sure WiFi or cellular data is turned on, then try again". Other app...

Burp scan time duration

Hello Team, Is there any way to calculate the live scan time or duration, I mean how much time will take for the scan. please implement this in the scanner, that people get to know how much will take in the live scan

Integration of Burp with Jenkins

Hi, I'm using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool...

Burp Suite is corrupt is always corrupted when I download the file.

I try two times download the *.sh file for linux https://portswigger.net/burp/communitydownload But always I download the file this happens gzip: sfx_archive.tar.gz: not in gzip format I am sorry, but the installer...

How to test External service interaction (DNS) & (HTTP) vulnerability ?

I got the vulnerabilities External service interaction (DNS) & External service interaction (HTTP) from burp scan. How can i test whether this is a false positive or not ? I have to add the POC in the report.

why my base response in scanner is incorrect

I have a POST request POST /request/<ID> which gives successful response(200 OK) for a unique id value. But if the same id value is used again, then we get 4XX series of response with an error stating ID already...

Identifying presence of mobile code (STIG assessment)

Is there a list/suite of signatures to check for the presence of mobile code?

Importing Certificates

When attempting to import a certificate and key in DER format the following message appears. "Failed to import certificate: java.security:InvalidKeyException: IO Exception: DERInputStream: getLength(): lengthtag = 127....

Interception Not Working.

Websites aren't loading and I am not receiving the request in the interceptions tab. URLs appear in the history, I have the settings set to default; I have no idea what's wrong, obviously.

1539392247666 Proxy [3] The client failed to negotiate an SSL connection to gateway-carry.icloud.co

Hello, I am trying to connect burp to my phone. I make proxy listener on all interfaces and on port 8080. I then go to my ios device and connect to that proxy. I open up anything and it says "1539392247666 Proxy [3] The...

what payload type I should use in intruder , if password pattern has characters that are known

I am trying to brute forcing a login page using the intruder , attack type cluster bomb , I have defined the payload set 1 for username , in payload set 2 I want to brute the password , noting that I know that the pass...

I can get response in browser but can't when go through Burp

I'm using Burp to find the real video file URL of a web page. I can play the video without any issue in the browser. However, when I set the browser to go through Burp, it simply didn't get the response and wait...