Burp Suite User Forum
For support requests, go to the Support Centre. To discuss with other Burp users, head to our Discord page.
i have installed weboat which is running on port 8080. i have installed burp suite . changes proxy settings 127.0.0. 1: 8089 i have changed the proxy settings in chrome to 127.0.0. 1: 8089. I am able to get other requests...
Hi team. I was working on the Dradis burp add-on, I wanted to know if when parsing a burp xml file, is it possible for 2 <issue> elements with the same <name> and <type> to have a different <severity> value. Like...
I see an SSO mechanism relying on enterprise Office.com integration. A GET with (expired or logged out) Office and local app cookies to a local app's __LOCAL_SITE__/__LOCAL_PATH__ gets a 302 redirect to...
hello, how can I use burp suite to perform the following check: I have a list of URLs: 1 http://www.dominio.com/public1/public2/index.html 2 http://www.dominio.com/otro1/sid2/pagina.html 3...
Dear Burp, as part of a research group we are investigating possible ways of visualizing the OpenID communication from a tool we developed. It was suggested for this purpose to use BURP for its proxy capabilities and the...
Hey, I've got an dynamic analysis from one of request intercepted thru burp proxy: "Data is read from input.value and passed to jQuery. The source element has name form_type. The following value was injected into the...
I am trying to run intruder on an app that employs anti-CSRF tokens within forms. Each form has a unique token that must be submitted with a POST request otherwise the session is invalidated. The process is as...
I am trying to figure out the API for CI/CD of automating Burp. We have Enterprise Edition, and I can not find the "Configuration Library" or any other place to create a custom configfuration (so that I can see the JSON for...
I got a notification from burp scanner as The application may be vulnerable to DOM-based cross-site scripting. Data is read from document.URL and passed to the 'prepend()' function of JQuery via the following...
I'm testing in an environment that has forced TLS decryption (MitM) to allow inspection of HTTPS traffic. In this environment it seems anything I try to do in Burp that involves contacting portswigger.net breaks. My Windows...
Hello, Most websites are using header token. But token is changing after every payload. Tokens does not appear on the Response. How to generate automatic header token with Burp Suite? For example(request...
I am facing issue when I trigger the scan on few requests. The scenario is, many of the requests in my application required API key as authorization value and key the can be used only once per request. If I trigger the scan...
Hi Burp Support, I noticed that I couldn't edit "Issues Reported" and "Insertion Points Types" in the "Edit scanning configuration" for a single scan. For example, if I select "Select individual issues" in "Issues...
I want to ask that while creating invisible proxy if we have different requests forwarding to different domains how we set proxy listeners on different virtual network interfaces? I mean burp doc suggests that while creating...
We run Active scan regularly against full application. Since in every scan, there is a chance that the same false positives will be reported, we want to eliminate the activity of identifying the repeated false positives in...
Hi, I'm trying to automate burp scanning for iOS mobile apps. Tried the below command java -Djava.awt.headless=true -Xmx1g -jar /path/to/burp.jar --project-file=filename1.burp After using the above command the Proxy...
Hi, I can't scan the site with basic authentication on "Burp suite enterprise edition" (RestAPI (from site)). How do I compose curl request with basic authentication tokens? Than You! Kind Regards! Andrii
I'm getting error saving a project and it's most important for me to save this project please help ASAP https://prntscr.com/nwjs8y
This seems like it should be easy, but it's not working as I expected. I want to block all files of a certain type from going to the active scanner, even if it's otherwise in scope. For example, if I want to stop all CSS...
Hi, I have been trying to configure Burp without success, as it is not intercepting requests from localhost. I have used Burp on another computer in the past but I can't get the correct setup to make it work again. My...
Page 274 of 331
Your source for help and advice on all things Burp-related.