Burp Suite User Forum

Create new post

Form action hijacking

Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the...

Last updated: Jun 21, 2017 03:31PM UTC | 2 Agent replies | 2 Community replies | How do I?

Https not working on new phone

Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device...

Last updated: Jun 13, 2017 07:17AM UTC | 1 Agent replies | 0 Community replies | How do I?

Private Burp Collaborator Server is not working only for me apparently

I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar...

Last updated: Jun 09, 2017 01:55PM UTC | 1 Agent replies | 1 Community replies | How do I?

security testing

Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing...

Last updated: Jun 09, 2017 07:32AM UTC | 1 Agent replies | 0 Community replies | How do I?

Analysing a token in hex format with sequencer

Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is...

Last updated: Jun 07, 2017 09:12AM UTC | 2 Agent replies | 2 Community replies | How do I?

How do I use burp suite to scan hidden fields automatically

How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use...

Last updated: Jun 07, 2017 07:04AM UTC | 4 Agent replies | 3 Community replies | How do I?

not able access the mobile request after a successful configuration.

Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.

Last updated: Jun 01, 2017 08:15AM UTC | 1 Agent replies | 0 Community replies | How do I?

Sequencer

I have a question on how the sequencer works. Are the tests (monotest, poker, etc) executed on each token and then averaged? So with, for example, 5000 tokens you would have a "decent" average? I know that by definition the...

Last updated: May 30, 2017 03:32PM UTC | 3 Agent replies | 2 Community replies | How do I?

JRE Install didn't work.

I followed the "Getting Started" instructions. Checked for Java, did not find it, downloaded latest JRE, tried to install it and got error message to run SxsTrace. Not sure what to do next and finding nothing in any of your...

Last updated: May 30, 2017 10:32AM UTC | 1 Agent replies | 0 Community replies | How do I?

hi

Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote

Last updated: May 30, 2017 08:41AM UTC | 1 Agent replies | 0 Community replies | How do I?

How Do I: Tell Intruder that a particular field must be unique for every request?

Hey, I have a web app that has an "Add User" feature. The form submission includes lots of details (about 150) and one of the fields submitted is the "Username" field. I have used the pitchfork attack type and this...

Last updated: May 25, 2017 02:22PM UTC | 1 Agent replies | 0 Community replies | How do I?

http://burp problem. help plz

hello, After proxy connection, http://burp Only proxy history is shown at the time of input CA Certificate Icons do not exist in upper right corner Help plz

Last updated: May 25, 2017 09:52AM UTC | 1 Agent replies | 0 Community replies | How do I?

Trying to connect different proxy instead of localhost.. How can i do it?

Hi, I am accessing my application through some different proxy and port (not local) and also connected via VPN. Now i need to do security test of that application using Burp. Could you please give me the detailed...

Last updated: May 25, 2017 08:11AM UTC | 1 Agent replies | 0 Community replies | How do I?

How to write macro for JSF login page

I have a problem with writting macro for JSF login page. I have done every possible things (remove cookies, javax.faces.ViewState etc.) but I havent figured it out. Any ideas for this problem? Thank you in...

Last updated: May 23, 2017 01:50PM UTC | 1 Agent replies | 2 Community replies | How do I?

burp intruder

<script>alert(1)</script> How burp insert this payload

Last updated: May 19, 2017 12:06PM UTC | 1 Agent replies | 1 Community replies | How do I?

Deleting target, proxy, scanner and spider per domain

Hi, Is it possible from a custom plugin to delete target, proxy, scanner and spider information per domain? e.g. delete and target, proxy, scanner or spider information for www.abc.com, but keep rest? Many thanks, ...

Last updated: May 19, 2017 09:30AM UTC | 2 Agent replies | 1 Community replies | How do I?

How do I detect the current SSL protocol

Hi, I'm using Burp Suite Free Edition v1.7.22 Is there any way to view the current SSL protocol in use while intercepting traffic? SSL 3 vs TLS 1.1, etc.

Last updated: May 18, 2017 01:25PM UTC | 2 Agent replies | 1 Community replies | How do I?

Modify a response status code

Hi, Is it possible within a burp extension to change a responses status code? Or if not, is it possible within a burp extension to intercept a request (not a response) and generate an entire fake response instead of...

Last updated: May 18, 2017 07:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

intruder Chinese garbled

when I run intruder in chinese website and use Grep-Extract to filter what I want,If I filter the part is included in the Chinese, then the results will appear in the column distortion,help~

Last updated: May 17, 2017 01:21PM UTC | 1 Agent replies | 0 Community replies | How do I?

interact with a site that uses PKCS#12 certificates for protection

Hello Support, I am trying to interact with a site through Burp PRO version 1.7.22 that is using PCKS#12 certificates. I have a valid certificate and I am able to access the site when I use the SSL-bypass. However, when I...

Last updated: May 15, 2017 09:49AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 285 of 310

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image