Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Burp Headless Passive Scanning

Hi, new to Burp. I'm looking for a way to passively scan HTTP responses from a server to see if there are any vulnerabilities while burp is running headless, but not actively scan. I've found a few "headless"...

Last updated: Jun 21, 2019 09:05AM UTC | 2 Agent replies | 1 Community replies | How do I?

Scan Targets behind CAS

Hi, I want to run the scanner on a target that is behind CAS. How do I setup authentication for this scenario? Thank you Anup

Last updated: Jun 20, 2019 09:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Make subdomain bruteforce

Hi! How i can bruteforce subdomains with burp suite?

Last updated: Jun 19, 2019 12:25PM UTC | 0 Agent replies | 1 Community replies | How do I?

Replace expired access token in scanner request headers with the valid access token all at once

Hi Background : I am trying to scan our website using Burp scanner. I am able to configure session handling rules...

Last updated: Jun 19, 2019 09:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

I can't see a POST Requet in Proxy Intercept menu but it is in the HTTP history menu

I should find out a specific POST REQUEST in Proxy Intercept menu.. I couldn't find this in the menu but it was in HTTP HISTORY menu.. How can I find this in intercept menu..?

Last updated: Jun 18, 2019 07:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp collaborator server domain

hello, I have a looked at the documentation but could'nt find any reference. What is the domain name of the collaborator server that burp checks the interactions (when I click poll button)? I need to take a firewall...

Last updated: Jun 18, 2019 07:25AM UTC | 1 Agent replies | 1 Community replies | How do I?

asterisk platform authentication

hi, I need to put entry in platform authentication (user options-connections) for some domains. When I use a.foo.com, burp still asks another entry for b.foo.com. I want to use one entry for all *.foo.com. * doesn't seem...

Last updated: Jun 18, 2019 07:09AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Scan plugin Post Build Actions Report

Hello, We are using 'Burp Scan' plugin to integrate the Burp Enterprise with Jenkins. In the 'Post-build Actions' we are not able to find any options that would show the execution report that we can share with stake...

Last updated: Jun 17, 2019 12:20PM UTC | 1 Agent replies | 0 Community replies | How do I?

How to create a tab like the proxy tab

Hello, i would like to create a tab similar to the "Proxy" one where I can have "intercept on/off" and to forward or drop a package but to only capture communication between specific domains. How would i start something...

Last updated: Jun 17, 2019 09:51AM UTC | 2 Agent replies | 1 Community replies | How do I?

See the crawled URLs in Burp enterprise

Hi, we just set up a scan for one of our projects which was running for about 6 hours. But we did not find any output or finding which seems a bit unlikely due ot the number of requests issued (several thousand) To verify...

Last updated: Jun 17, 2019 09:09AM UTC | 3 Agent replies | 2 Community replies | How do I?

Session Handling with 2 CSRF Tokens

Hi I am trying to create a session handling rule for the request having 2 CSRF Tokens. My GET Request has 2 parameters of CSRF Tokens in the response. I am extracting those while creating my macro. but it is still now...

Last updated: Jun 17, 2019 08:17AM UTC | 2 Agent replies | 1 Community replies | How do I?

Carreras de caballlos

Hola ok

Last updated: Jun 16, 2019 12:57AM UTC | 0 Agent replies | 0 Community replies | How do I?

Carreras de caballlos

Hola ok

Last updated: Jun 16, 2019 12:55AM UTC | 0 Agent replies | 0 Community replies | How do I?

unable to get a request from webgoat to burp suite

i have installed weboat which is running on port 8080. i have installed burp suite . changes proxy settings 127.0.0. 1: 8089 i have changed the proxy settings in chrome to 127.0.0. 1: 8089. I am able to get other requests...

Last updated: Jun 14, 2019 09:23AM UTC | 1 Agent replies | 0 Community replies | How do I?

Is it possible to have different severities in issues with the same name / type ?

Hi team. I was working on the Dradis burp add-on, I wanted to know if when parsing a burp xml file, is it possible for 2 <issue> elements with the same <name> and <type> to have a different <severity> value. Like...

Last updated: Jun 13, 2019 01:56PM UTC | 1 Agent replies | 0 Community replies | How do I?

SSO with microsoftonline.com

I see an SSO mechanism relying on enterprise Office.com integration. A GET with (expired or logged out) Office and local app cookies to a local app's __LOCAL_SITE__/__LOCAL_PATH__ gets a 302 redirect to...

Last updated: Jun 11, 2019 02:26PM UTC | 1 Agent replies | 1 Community replies | How do I?

scanner active testing url path

hello, how can I use burp suite to perform the following check: I have a list of URLs: 1 http://www.dominio.com/public1/public2/index.html 2 http://www.dominio.com/otro1/sid2/pagina.html 3...

Last updated: Jun 11, 2019 01:25PM UTC | 1 Agent replies | 0 Community replies | How do I?

Depicting OpenID flow using a message sequence chart

Dear Burp, as part of a research group we are investigating possible ways of visualizing the OpenID communication from a tool we developed. It was suggested for this purpose to use BURP for its proxy capabilities and the...

Last updated: Jun 10, 2019 03:51PM UTC | 1 Agent replies | 0 Community replies | How do I?

DOM-based XSS

Hey, I've got an dynamic analysis from one of request intercepted thru burp proxy: "Data is read from input.value and passed to jQuery. The source element has name form_type. The following value was injected into the...

Last updated: Jun 10, 2019 10:01AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Suite Anti-CSRF POST

I am trying to run intruder on an app that employs anti-CSRF tokens within forms. Each form has a unique token that must be submitted with a POST request otherwise the session is invalidated. The process is as...

Last updated: Jun 10, 2019 09:38AM UTC | 2 Agent replies | 1 Community replies | How do I?

266 267
268
269 270

Page 268 of 326

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image