How do I? - Page 270 - Burp Suite User Forum

Burp update HTTP header

Hi, I'm wondering if there is a simple way to update the HTTP header. Basically when a specific request is made a new token is sent in the response. How can I take that value from the response and put it into the header...

Static and Dynamic scan of .NET MVC web application coding in development environment

Hi, I am planning to buy two licenses of Burp Professional. Does Burp professional license includes all the modules/functionalities including static/dynamic scanning of developers actual coding. If not what should I need to...

PLS HELP

How do i use it pls send a video for understanding pls tell..... i have a latest laptop...SO PLS HELP....BY GIVING TRAINING

Spider request queue not stopping.

Hi, I have stopped the spider from running and cleared the queues. This was roughly 30 minutes ago. However, more and more requests are still getting queued. Why is this happening and how do I stop it?

Reroute Domain on Game Client

Hello, i’m working on a game called Marvel Contest of Champions, and i can intercept its proxy with Burp Suite and it gives me the different cloud servers that the data is stored on(mcoc-1800-fbaem.sparxcdn.net) and many...

Scanner: Ignore errors and continue

I am testing a target which intentionally resets the TCP connection if it receives certain kinds of invalid inputs. When performing an active scan, Burp will only perform so many requests before it aborts and reports...

How do I download a list of payloads

Where can I get a list of payloads?

export spider traffic

After spider the host, how can I export the traffic of spider to other tools ?

Authentication Failure from xyx.com

Hi All, Need urgent help, We have a financial Application(xyz) and we are running burp suite for that. And After capturing the target site. i.e.. Login to application >> Navigating entire application links and navigation...

Scanning abandoned due to too many errors

Hi, I am trying to scan and almost all the requests are getting abandoned due to errors and when checked in Alerts tabs it says "Timeout in transmission from xyz.com" What is missing here?

Repeat spidering with corrected authentication

I spidered a site, and many of the pages returned 401s. I've since fixed the project authentication settings, and I want to re-spider the pages that returned 401s. If I select the target and send it to spider, nothing...

Burp's CA certificate was blocked from server

I'm having a problem creating an api for my application https://imgur.com/a/gFxGTZQ - In the above image I used the same request for burp suite and post man. Post man working and burp suite is not - when i use burp...

Testing web services

Is burp capable of testing web services - can all test cases defined in OWASP cheat sheet be tested ? https://www.owasp.org/index.php/Web_Service_Security_Testing_Cheat_Sheet

How to only scan once for one url or one host

in some situation, the scanner only need send one request per one URL or one host to detect the vulnerability. but doActiveScan function in IScannerCheck called per insertPoint. that's say:doActiveScan called multiple...

How do I get burp pro to listen on eth0?

I have installed burp on Azure / Ubuntu server and am trying to get it to listen on eth0 so I can access it remotely from my laptop or my workstation. Maybe my expectations are wrong, but it seems this should be an easy...

Unable to intercept with Android mobile app using Burpsuite

1.i am using genymotion virtual android device. 2.I have download Google Nexus 5X-7.1.0 3.I have set the necessary proxy setting for burp suite ,as well as wifi proxy connection in genymotion. 4.I have download and...

Need steps to Record the Jmeter REST API Request

Hi Team - I want to perform security test on REST API services and i'm planning to use burp suite so that it listens to jmeter and capture the web service request which jmeter is sending to server . Also let me know what...

session id

hi I am creating a web application which will b used by many customers of my company.In this application I want to track my session id and protect it from 3rd party users (who act as man in middle and attack session id and...

Headless scan in BURP with bearer token

I am trying to do some automated scanning with BURP in an ervironment that requires token authentication. For this purpose I need to login before each session to get a bearer token. This token is in the body of the login...

No internet connection error when attempting to connect to Google Play Store.

Have cacert.cer installed on Android device and surfing web http and https sites. However when attempting to go to Google Play Store a message there is "No internet connection. Make sure WiFi or cellular data is turned on,...