How do I? - Page 280 - Burp Suite User Forum

Burp Scanner Unique Param Validation

How do you deal with forms that require a unique param value in Burp Scanner? For example, registration forms require a unique email address to pass validation. Burp submits the form, fuzzing 1 param at a time. The...

How do i SAVE the ongoing Scan?

Hi all, I've noticed the Burpsuite is discouraging the usage of the "Legacy State" files. But then when i tried to use "Project State" files instead, my previously ONGOING scan states aren't resumed anymore. In fact the...

Don't allow Set-Cookie to add cookies to Requests

Hi, I have a scenario and only discovered when using Logger++. When using the Burp scanner, the response will give a 400 straight away because the HTTP request is too large (Multiple Cookies). The repeater works multiple...

error proxy

I've been trying to set up the burp suite, but no matter what I do it always gives error. I open the browser and say that my connection has been interrupted or my browser is not authorized to use the proxy, it always asks me...

Can I customize the information stored in the project file?

Hi there! I have created 2 macros that have registered about 5 items. By a session handling rules, I have run one macro before scanning and another macros running after scanning. Then, the project file have become very...

Dropping requests to specific domains or hostnames without the Out-of-scope feature

I have a handful of hostnames / domains that I want requests to those domains dropped. Most of the requests are automated in nature e.g. browser requests to ^detectportal\.firefox\.com$ or ^apis\.google\.com$, hence, they...

Setting up Burp non-interactively (Docker)

Hi, So I was looking to make a docker image of burp (free) and had a quick question. Is there a switch I can pass to the burp JAR file on first run to automate the acceptance of the license agreement? This would be...

Intercepting Traffic

I have a problem and I hope you can assist me. My burp suite can successfully intercept both http/https originated from my browser (CA already installed) but whenever I try an arpspoof attack it doesn't intercept anything...

How do I change a http header value for active scan with stored state file?

Hi, One of applications I am testing is using authorization header for authentication. I stored the state and want to use it for active-scan next time. Would you advise me how to change the authorization header...

burp web interface

I am fresh new burp user, and already completed some of courses but now I cannot reach the burp web interface. Currently burp is working well but when I type http://burp it automatically sends me to tomcat it works page, not...

New license

How long does it take for a new license to get setup? I've been waiting for about 18 hours since purchase and I've had no confirmation by email just yet.

Extension priority during processHttpMessage()

Say you have multiple extensions which implement processHttpMessage(). How is the extension priority defined? For an example imagine a SOC team asks you to make all your requests with the same user agent, how do you make...

Unable to connect www.google.com or www.microsoft.com

Hi, My system IPv4 address : 196.196.9.197 and default gateway : 196.196.0.1 Broswer : Firefox Manual Proxy Setting 196.196.9.197 Port : 8080 In Burp Suite In tab Proxy > Options > Added Interface 196.196.9.197:80...

burp suite not capturing HTTPS in proxy

Hi, i followed all the setting ,and infact able to capture the request in proxy using other tool and i dont know why am not able to capture https request in proxy setting through burp suite. in proxy setting its endlessly...

Server configurations requirement for Burp suite Pro

Hi Team, We would like to use Burp suite Pro to run the source code scan for web application. But we are not sure to calculate how much size of hard disk is required to run VA / PT and RAM requirement and OS requirements....

Merge multiple servers' target info into one server/group

Hi, I'm running automation scripts against 5 different servers. All five servers are virtual machines that are clones of each other and have the exact same version of our software under test on them. When I run my...

Is their restrictions on testing Video upload with Generate CRSF PoC ?

I am using the Generate CRSF PoC to test the CSRF vulnerabilities of my site. But the Submit Request button seems to be disabled or inactive when I create a HTML to retest the upload of a video to my site? Is their...

Burp Suite Proxy will not intercept the site after Intercept mode is on

Even when intercept is turned on, burp suite does not intercept the request. I am able to see the HTTP request made under HTTP history and do an active scan but the status in scan queue gets stuck at 0% complete. Please...

How to resolve error code sec_error_unknown_issuer

How to resolve error code sec_error_unknown_issuer? Why this error occured ? I am using mozilla as well as chrome. Its not working on any of those.

Start Active Scan through Extension

I'm trying to write an extension that starts an Active Scan of a spider crawled URL. Is this possible? I tried calling the doActiveScan method in registerExtenderCallbacks method but it doesn't seem start Active Scan. In...