How do I? - Page 273 - Burp Suite User Forum

The type element in the XML report

From manual about Reporting: >> The type element contains an integer that uniquely identifies the issue type (SQL injection, XSS, etc.) For example, for SQL injection Type index is 0x00100200 (from here: ...

"failed to save project burp.czi"

Hey. When you save the project, here comes this error, tell me how to fix it error screenshot http://prntscr.com/j7d1wd

download sarfari CA certificate

According to the instructions, it says: In Safari, visit https://portswigger.net.In the warning dialog titled "Safari can't verify the identity ..." click "Show Certificate". Well, i go to to that site, using Safari, and...

Scanning abandoned due to too many errors (0% complete)

Hi, I am trying to scan and almost all the requests are getting abandoned due to errors and when checked in Alerts tabs it says "Timeout in transmission from xyz.com". Initially my application was accessible,and after...

Disable autocomplete inside Burp

Is it possible to disable Burp's autocomplete when entering in fields such as search term box in HTTP history? I have issues where it doesn't go away and leaves a blank box or I have to enter what I want and delete it...

XSS DOM-Based

Hi, I'm a relative n00b trying to understand DOM-based XSS from the following issue reported by Burp. I'm trying to figure out if this is false-positive or not. Having difficulty putting together a POC, identifying the...

Needs to know the kind of Security Pen-test in Prod Environment -Web AppSec

Can someone tell me about the various security testing in Web Application involved without creating any junk data in DB or collapsing Duplicating data with original data present and testing will be done in Production...

about web sockets

we are using web socket to connect multiple systems, so one of my pc is having to capture the login request for an application so in that time when i capturing the request automatically it is capturing another url of...

How do I run and existing project with saved target on command line

I captured traffic from the Buite Suite. Then I go from Target > Site Map > I righted click and did a active scan on the host I captured. I export the result manually and saved my project to my_captured_project.burp My...

alert(1)

"><img src=x onerror=prompt(1)>

updates

Why is it so that every time I open a new Burp session I get a pop screen stating that a new update is available. This happens even after updating it a few moments earlier. I'm trying to automate the scanning process and...

Target for scan

hey, if my target for scanning is https://xx.com, how would i create a rule or a policy to scan every sub-domain under the domain??

%3cdiv Onload=alert() autofocus%3E%3c/div%3E

Ignore this

localhost in waiting forever

Hi all, im trying to use burp suite with DVWA in order to make some experiments. Burp Suite is configured as written in the guide available in the website. 127.0.0.1 and 8080 as a port. My localhost as well works fine. Proxy...

Repeater Connection reset

Hi Trying to test payload coming into one of our server (GET /producer/research_display.php?ID=-null+UNiON+ALL+SELECT+null,null,null,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54657374,n HTTP/1.1) and receiving...

Stored XSS - detection tweaks

Hi, Usually, when I'm going through some wizard, e.g. "Create new XXX", all that is required is to create new item XXX is to do a simple POST with all data included. I can then send this POST into the Burp and run active...

Burp Collaborator disappeared from default dropdown menu?

Hello, I am suddenly unable to find Burp Collaborator on dropdown menu. I am already familiar with using Burp Collab, but ever since my license recently expired and I updated Burp, I am unable to find a way to launch the...

Getting Scan result report

I have added scans to the burp suite professional and notice that under my scanner and scan queue tab that issues have been identified, however I am unable to view or print out a report on what the vulnerability were....

Scope Control

Domains can be in one of three states: in scope, out of scope, or undecided. A domain is undecided if it is not mentioned by any of the in/out of scope rules. In the site map, I would like Burp Suite to hide domains that I...

VPN Connection - No Proxy Results

I'm having trouble with getting results from a website I am connecting to over a VPN. I can get results in the Burp Proxy without the VPN going to Google or some other public site. When the VPN is on in get no results...