How do I? - Page 269 - Burp Suite User Forum

Add custom XSS Payloads in Scanner

Hi, Is it possible to add custom XSS payloads in version 2 (scanner)? someone asked something similar a long time...

Active Scan from 1.7

I used to be able to click on scanner, and browse around the webapplication and vulnerbilities would populate inside of site map. But in 2.0 This seems to be different. I tried all Live Task options and nothing populates...

Intercept SSL traffic for Android Nougat 7 and above version.

Hi, do I need to decompile, add the security config xml file in application folder and recomiple every time while doing security testing in Android Nougat 7 and above versions ? As I am facing difficulty in testing android...

How addToSiteMap decides if there is any existing matching item in the site map?

I'm working on a burp extension to create a site map from burp logs saved in an XML file. The burp log may contain redundant logs in it. Hence, when adding IHttpRequestResponse to site map using...

Lab: HTTP request smuggling, basic CL.TE vulnerability (Help for a noob)

Hello, I'm new in this world and I already have an issue on the first lab (F****ng Hell) but i'm not down yet ! Even reading the solution I have issue on finding the "Unrecognized method GPOST" when using the Burp...

Problem With the certificate

I cannot acces the page http://burp/ , the page is not working, how to get the certificate?

Burp with VPN in mobile.

My android application works when it is connected to VPN only, I have installed VPN in my mobile and now my application is working fine. But problem is burp is not able to intercept request when mobile is connecting to...

JRE Warning

Hello When I start up Burp Suite, I get the error message, "Your JRE appears to be version 12.0.1 from Oracle Corporation. Burp has not been fully tested on this platform and you may experience problems." Should I be...

Viewing VIEWSTATE in responses as well as requests

The "Viewstate" tab shows up on requests with VIEWSTATE in them, and decodes them nicely. I can't seem to get it to show up for responses though. Whilst the next request nearly always contains the previous response, it...

headless xml report with

Hi Guys, Looking for quick help how can we get an XML report with base64 as false <request method="GET" base64="false">. I mean I need request and response in plain text rather than base64 encoded. I ran burp in headless...

encode xml payload ...

hello support and folk ... im trying to send an exploit to server vlun to : Apache Struts2 Remote Command Execution (S2-052) the payload is : <map> <entry> <jdk.nashorn.internal.objects.NativeString> ...

How to print out a report.

How to print out a report from Burp suite after a scan.

Queries or doubts regarding Web Security Academy

Hello Team, Hope you are doing well! Currently i am going through the training materials under Web Security Academy and i must say that you have explained the topics very well! I am also following up through Lab...

How to remove or encrypt passwords in Burp Pro v2.1?

Hello, I recently switched to Burp Pro v2.1 from v1.7.34 and I can't seem to find the "Passwords" option under the "Burp" drop down menu. I can't keep test credentials in the burp project file unprotected. Where is...

Jre requirements

Is there any issue with Jre10. I get this pop u: Burp is not tested for this edition. Some features may not work. And I do not get any RAW data in the RAW tab. But the data gets intercepted. I get intercepted...

Post request macro ingesting parameters from current request's JSON response?

I have a scenario where I am trying to take the output from an initial request's response and feed it into a second request. This can be done with traditional PARAM_BODY and PARAM_URL parameters using a macro (pre or post)...

Installation Burp Suite Professional

Good morning, we can´t burp suite enterprise installation because it show invalid user in login, our number of ref. is Qro0618. Thanks for your attention.

Burpsuite Pro v2.1 to intercept WebGoat via Proxy

I've been trying to intercept HTTP requests from WebGoat in both IE and Chrome via Burpsuite's proxy function the past few days. WebGoat is functioning as expected as I can see the site which is running on my host computer...

steps to configure the brupsuite enterprise into azure cicd pipeline

Am asking the very basic question but am looking to configure first build for security test , can you share sample script to configure the brup suite enterprise scanner into azure using powershell ..thank you I know you...

Macro with Dynamic URL

Hello Team, I need help. I have couple of login requests and only when the last request is fired, the server sends the cookie. But the problem here is my 3rd request out of 5 requests, contains a dynamic URL part which...