How do I? - Page 283 - Burp Suite User Forum

Can you restrict scans in Burp Enterprise

Is there a way to restrict scans in any of the following ways: 1. Restrict Agent to Specific IP Blocks 2. Restrict Scan to a specific Agent 3. Restrict Agents available to logged in User Thanks Carlos

Training Burp's crawler

In the 1.x version, an approach to ensuring good coverage in complex apps was to add the site to the scope, start the spider, and then start manually browsing the site to ensure that all those components that the spider...

False positive flag - Burp Enterprise

Hi, Does Burp Enterprise allow to flag the false positives ? Thank you.

failed to start Burp Suit Professional

Hi there, We are currently evaluating Burp. I registered myself using my company account and downloaded "burpsuite_enterprise_windows-x64_v1_0_12beta" and associated license key from that account. I installed the software...

Burp Extender Authentication Failure

While doing a scan, in the alert section, there is this message: Authentication failure from .... . Under the Tool column there is written "Extender". How can I know which extender tool is causing the authentication...

Burp Compatibility with GWT(Google Web Toolkit)

While doing the Burp(v1.7.27) Scan URLs using GWT plugin(Gwtscan.jar), Downloaded from the given location: https://www.gremwell.com/burp_plugin_for_scanning_gwt_and_json I am getting the following error: [4]...

How to see the documentation of rest api

II installed the beta version of burp , and able to access http://localhost:1337/v0.1/ using key. But I want to see the documentation of rest api , how do I do that I tried http://localhost:1337/v0.1/<key>/api-docs it does...

Opening saved project using CLI

I have saved my burp project in the .json format (Burp menu-->Save a copy of project). Now i have to open the saved project in burp suite using CLI and scan the url of the project.Could you provide the steps to execute it?

Burp Enterprise Basic Authentication

I'm evaluating Burp Suite Enterprise and struggle to authenticate the scanner. I added the credentials to the site's application log configuration. But the scanner does not recognize them or create a "Basic Authentication"...

How to intercept responses from Oracle ADF

I am trying to intercept traffic on an application that has been built using Oracle ADF. I am observing in the Proxy history that some URLs are being rapidly replaced/deleted. When they get replaced, it looks like there is a...

smart card client certificate Error signing certificate verify

Hello! I want to test a a web page which uses client certificate for authentication (smart card -pkcs11). If I connect to the page without Burp proxy I can log in. If I set the client certificate in Burp's User...

Crawling is Incomplete

I have a site where / redirects to a maintenance page. I've used the Discover Content tool to enumerate a number of pages on the site. I now want to crawl all of the enumerated pages to discover more content. When I start a...

position marker issue

Position marker is getting set wrongly by default... see the screenshot in below pic... https://photos.app.goo.gl/Xmxfjk6afmVAKN8DA how do i fix this issue ?

Order number: FAB0EF2C4E

Just placed a Reseller Order. Just need help with the processing of the order.

Link Manipulation (DOM-based)

Hello, I'm scanning a website using Burp and I got the following issue, which I'm trying to replicate. However, I'm not really understanding what was injected and the supposed response. Could anybody help me clear this...

Showing insecure connection in firefox even after installing burpsuite certific

Hi All, I am trying to work in burp suite and have configured it with the latest firefox. After that I installed/imported the burp suite certificate and it is showing under the view certificate section. Next, when I try to...

Problem on reproducing the issue BurpSuite Reported

I am working on a project in which the BurpSuite's scanners report me there is a reflected xss vuln in there . The payloads is as : zhenw'-alert(1)-'xcwq The payload is working without any problem till I use "Show...

Burp Suite Enterprise Crawling

How do I verify that it is actually crawling the website and finding the correct logins or resources? We have a site that hosts a variety of different tools with the need to login. Where do I see if it gets to the subdomain,...

[Android] Intercept Traffic Issue

ok straight to the point : Device : Android 5 (Already Inject Certificate from burp suite) Burpsuite : 1.7.37 i try browsing to google to make sure certificate installed correctly by NOT displaying "your connection...

Close http request if time takes more than limit.

I'm using intruder attack to check if otp is valid and then use that otp for different transaction. but one otp is allowed for single transaction. if otp is validated then i get response 'otp already consumed' else i get...