How do I? - Page 281 - Burp Suite User Forum

Not connection (proxy)

I'm working with VirtualBox, option "Network" - "Virtual adapter host" , because if I select other option nothing work. When I select the program (PORTSWIGGER) and change options (network) in browser - 127.0.0.1:8080 or...

Failed to connect to www.idealschoolandcollege.edu.bd:80

how to solve this error: Failed to connect to www.idealschoolandcollege.edu.bd:80 please help me!guys

Logon to a website behind an Incapsula firewall

Hello I am testing a website behind an Incapsula firewall. I can login to the website if I am not accessing it through Burp Proxy. If I try to logon through Burp (i.e. I enter the userid and password in the logon form and...

Burp Sequencer Help

Getting a valid session id in My application actually require 2 requests. First one will get a temporary session id from server and second request will have the fetched session id along with credentials. If the same temp...

request

Hi, i would like to know if it's possible using burp generate a list of usernames: i have a list of account id in this form: site.com/id=0001, in every account pages you can see the related username. Is possible to send the...

Logout after correct password

- burp intruder - i would like to know if it's possible to make an account logout every time the intruder find a correct password. I have an account and password list, and every time one of the account password is correct...

A big problem.

In the command prompt, you are supposed to type java -jar -Xmx2G /path/to/burp.jar but when I typed it and hit enter, it said 'Error: Unable to access jarfile /path/to/burp.jar' In the file I downloaded, there is no jar file...

Regarding REST API and Community Edition

Hello Support, If we upgrade to Burp Suite Professional 2.0 will we be able to access REST APIs or do we need to pay for that service. Also what is the difference between Professional and community Edition apart from...

How can I perform security tests on Soap web services that use WSS with Keystore

My webservice under test use encrypted and decrypted way to send the request and receive the request. This is performed via public and private keys embedded in the .JKS file. The request works fine for Incoming and outgoing...

Burp Macro extracted data parsing

is there any way in macros to encode(base64 or any) the custom parameter value extracted from response.?

Firewall gets activated when scanning

Hi, When am scanning one of my websites everytime my firewall gets activated. I know i can ask my hosting support to disable the firewall but is there an other way. What helped before is when i change my vpn's ip but...

burp scanner for responses

Hello, I would like to know how it is possible also use the capabilities of the Scanner for the intercepted responses. I would like to scan also the client application not only the server. Besides, I updated for the...

Unable to record Native App for Android & iOS

Currently i am trying to record the native app with Burp tool. The app is configured with ADFS containing login page. Each time i am configuring the app with proxy & trying to record with Burp, it is throwing me the error...

The web shows (Reason: CORS request did not succeed).

I use burp suite to record some functions. I setup proxy in browser and turn off the intercept in burp suite. When I send a request in web app the web app gives response as (Reason: CORS request did not succeed). How can...

Generate Report

I using Burp Suite Professional edition. I cannot seems to find an options to generate report. I go Target-> Site Map -> Issues but found nothing in there. Please help. Thanks.

how to upgrade

How can I auto upgrade my burp suite Pro whenever a new version came. I just want to know to is there any option available for this in burp suite Pro ?

Can we intercept request without doing browser proxy settings

spider for http basic auth w/o TLS

Hello all, http basic auth used in the clear (without TLS) is considered a security violation in my organization. We have a large number of web servers some with very deep levels of pages, so looking for this by hand is...

Intruder: Alternative Position Markers

Hello, How should I proceed if a request (e.g. in the body of a POST request) contains the character "§"? Since this character is the default intruder position marker, the intruder seems to get confused about that in...

Burp spider and archive.org

Is there any way to have the spider function NOT include files it finds on archive.org?