How do I? - Page 273 - Burp Suite User Forum

Burp session handling in multiple scanner threads

Hi all, I just wanted to know how burp handles in-session detection and subsequent macro execution while scanning using multiple threads. Suppose the following scenario. I log in the application and get a valid...

Burp 2.0 Rest API documentation

Where can I get detailed documentation of the Burp 2.0 Rest API (https://portswigger.net/blog/burps-new-rest-api) particularly its usage. I tried using it by first invoking the SCAN method - I supplied the target url,...

HSTS

Hello Dear hsts is enable on my website but when checked hsts for my web site with burp suite 1.7.37 sometimes it works ,sometimes it does not work correctly. how can solve this problem?

Session expiry and passing of new session while scanning

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done: I have created a session validation under Projects->Sessions Under that, I have a...

Burp professional for automatic runs

Hi, Is this possible to setup automatic runs with "Burp Professional Scanner" ? Like - Run Burp professional scanner once in a week either using Jenkins or Simple Windows batch file or using Burp API's ?

Run Beta and Professional Edition Together on Windows box

How can we run 2 editions together on the same box ? currently it kills the license of the other edition and asks us to reactivate it again when run the beta while professional version is running ( or vice versa). Amit

Running Spider / Scanner Clobbers Server (or just CF service)

Hi there. I'm not blaming Burp Suite here, as we've encountered the same thing with some other web app scanners, but I'm hoping for some Burp-specific advice. When we run a typical, basic spidering / scanning of a...

Scanning doesnt stop when the session is invalid

How can I stop the scanning when the session has expired. My requirement is that, the scanning should stop as soon as the response has an invalid session and must continue only once it gets a valid session. How, can I...

Importing scan configuration in a headless mode

Hello, When running Burp in headless mode I can pass project configuration parameters, which include most of the settings except for scan configuration. Is it possible to import custom scan configuration (exists in...

Session dies while scanning

Guys, I have this very general problem. I did a search across the google, but did not find a proper solution. This is what I have done:

How can I run authenticated scan with 3 parameters on login page?

I am currently working on an automation and for that I need to run authenticated scan on our company's internal url with 3 parameters to login. I am using Enterprise edition and I would like to know the solution specific to...

Updating request programatically from a custom tab

When switching tabs in the HttpEditor (eg: from custom tab to raw), `IMessageEditorTab.getMessage` is invoked to update the request with user modified data. I would like to trigger the same behaviour programatically, so...

Burp Suite Pro to test 35 different websites

Hi , I got trail licence of BurpPro to explore more on Burp and was happy to use the rich features of Burp. My requirement is to perform scanning for 35 different WebApplication with more or less similar functionality....

Custom Header

I installed the Add Custom Header extension and everything is fine with it. However, I have a question. Can someone tell me the exact steps I need to take to change my default username to a custom username?

Chrome/Chromium/FireFox will not work with Burp Suite

Hello, I am running Kali Linux and am trying to use the Burp Version 1.7.36. I have imported the Burp certificate into each browser (Chrome/Chromium/FireFox). None of these browsers will work with Burp. Burp intercepts...

Integrating Burp Suite Enterprise with JIRA

Are there any example or docs on how to integrate with JIRA? The settings page has a URL, email address, and token fields, but can this be used with an onsite JIRA installation? JIRA API allows for basic auth too...

Recreate burp open redirection (dom-based) dynamic analysis

We have a number of 'Open Redirection (DOM-based)' findings. In each case, the reported Request and Response look perfectly normal. The Dynamic analysis (DA) shows something completely different. When I Repeat the DA GET...

Add an "options" tab like the one the Proxy tool has to an extension

Hello, i am looking on how can I add an options tab like the one appearing in the Proxy Tool (here -> https://i.imgur.com/rxerJ5P.png) to a new extension I am trying. The extension is similar to the one here...

Interpreting path info in "strict transport security not enforced" issues

Hi, In "target"->"site map"->"Issues" tab, I sometimes see reported issues labelled "Strict transport security not enforced" with a path set to "/", but when the request is shown, the path is actually something else....

Burp Headless Passive Scanning

Hi, new to Burp. I'm looking for a way to passively scan HTTP responses from a server to see if there are any vulnerabilities while burp is running headless, but not actively scan. I've found a few "headless"...