How do I? - Page 282 - Burp Suite User Forum

Configured the Burp Proxy. Applications not working thru proxy

Hi Support, The Applications are not working through this proxy. I configured the same as per the instructions provided. I removed the proxy. It works fine. I could not use the Burp due to this. Kindly reply...

DOM-based XSS - help

Hello, Burp have found DOM-based XSS, i'm not much experienced with JS so i can't really tell how to trigger this XSS. Report looks like this: 1.st Higlight: $('a[id="future_' + spl[1] +...

Learn Burpsuite Tool

Hi, I am willing to learn this tool for attacking the website. Can u Please guide me to further steps. Regards, Prabhu.M

'Drop all out-of-scope requests' not behaving as expected

Hi there, I'm trying to use the 'Drop all out-of-scope requests' option in the Project Options but it's not behaving as expected - with intercepts on it continues to intercept requests to all hosts. Have I misunderstood...

Authentication Failure Alerts

Hi, I am doing an active scan on my application but I am constantly getting Authentication failure in alerts tab. I am able to navigate my application browser when scan is running. I have tried session handling to avoid...

Invisible Proxy + Host File problems

Hello, I am trying to get packets of a game and I need some help. I only get a few packets, but not all of the packets I want. However, another guy has got all the packets from Burp Suite, and he said to: Make a...

Hacking

Hello! I play a game called animal jam and someone recently scammed me. Can I use this app to hack into the persons account and get my item back? if so... how?

Using burp intruder to generate an ID

Hello, I need to iterate through a payload position. The payload position is an ID that looks like this "123456789A". 9 numbers followed by a letter. I want to use burp intruder in order to generate all possible...

Spider

Hi Spider can't see all site maps why? Site don't have any robots.txt what I doing wrong. I am looking for admin url https://example.com/admin. can I set manually regex ^admin* if yes where can I do this.

Unable to load library (PKCS#11 file) after updating Burp?

Hi all, I recently updated Burp to the latest version, as I was getting a notification to update each time I started up the tool. However, I am now having a problem with trying to manually select a library for the Client...

Is there a way to bring up burp in daemon mode

I need to automate burp and need a way to start burp in daemon mode. If there is a way please let me know

How to exploit external service interaction in real world applications?

Hi, I found a web application that made a dns lookup to burp collaborator but i don't know what is the direct exploitation scenario? Should we consider it SSRF vulnerability ? What is the real risk? Thanks

Unable to load library (PKCS#11 file) after updating Burp?

Hi all, I recently update Burp to the latest version, as I was getting a notification to update each time I started up the tool. However, I am now having a problem with trying to manually select a library for the Client...

Parameter scope questions

Hi, when I go to Session handling rule editor -> Scope -> Parameter Scope -> "Restrict to requests containing these parameters". I want to ask, when I specify multiple parameters at the same time => is there logical AND...

Issue report sequence

Hello support, Can you please help me regarding how burp tool pick the order for issue reporting in html report? I am assuming the order as : ("OS command injection", 1); ("SQL injection", 2); ("SQL injection (second...

Turkish character for Intruder

Hello, I've been using the Burp Suite professional for 6 years. I noticed for the first time. Payload Options [Simple list], Turkish character doesn't support. Incorrect characters: igs Thanks.

one web browser action but two request sending from client to server (session with tokens)

Hello Friends I have two questions. First: I would like to do bruteforce for user's password. I know how to set burp suite for it but the website which I testing, after I add username and password the request to server...

uninstalling burp suit free version from ubuntu 17.04

I have installed free burp suite version on ubuntu 17.04 . I have bought professional version license key. I wish uninstall this free burp suite and install the professional burp suite. I have failed to find any help on how...

https://portswigger.net/error/antiforgery

White attempting to retrieve initial password, sent with license purchase confirmation, got the error message below: "The anti forgery check failed, please try to refresh the page you were on and perform your actions...

Enable J2EEScan in burpsuite pro 2

I am trying to enable the J2EEScan extension. According to the readme.md on github (yay for clear instructions) I am supposed to enable it in a sessions/cookies configuration page. Even though the help documentation included...

Configured the Burp Proxy. Applications not working thru proxy

DOM-based XSS - help

Learn Burpsuite Tool

'Drop all out-of-scope requests' not behaving as expected

Authentication Failure Alerts

Invisible Proxy + Host File problems

Hacking

Using burp intruder to generate an ID

Spider

Unable to load library (PKCS#11 file) after updating Burp?

Is there a way to bring up burp in daemon mode

How to exploit external service interaction in real world applications?

Unable to load library (PKCS#11 file) after updating Burp?

Parameter scope questions

Issue report sequence

Turkish character for Intruder

one web browser action but two request sending from client to server (session with tokens)

uninstalling burp suit free version from ubuntu 17.04

https://portswigger.net/error/antiforgery

Enable J2EEScan in burpsuite pro 2

Burp Suite Support Center