How do I? - Page 287 - Burp Suite User Forum

Use Firefox browser as a proxy.

This may not be correct platform to ask the question. I had given a presentation on Burp suite, One question came to me that "Why Firefox is preferred browser to set proxy with ? " What to answer this question ? I am...

Compare site maps with different Cookies

I have an application with Basic Authentication as login. If access is granted, the user is tracked by cookie (PHPSESSID). The application was spidered and scanned as admin user. Now I want to compare the site map with...

How to know if spider has been done completely.

There are only 2 states of spider "Spider is running" or "Spider is paused". How I would be knowing that crawling has been completed ? Since it is not toggling automatically.

How can I uninstall Burp's extension ? I dont need a few now

Recently we had a pen test cycle to run, I had install a few extenders through Bapp store, Now I don't need them. From where I can uninstall them ? I don't want them to be shown in grid anymore.

Potential False Positive DOM Based XSS - 2

Hi, Burp reported this below lines as Dom Based XSS vulnerability with Severity: High, Confidence: Firm. I didn't find a way to exploit this lines within a scenario since document.body.classList.add function is used only...

HOW I DO

hi team can u tell me how i set up and run the burp suite. i already download burp suite community edition .

Potential False Positive DOM Based XSS

Hi, Burp reported just this below line as Dom Based XSS vulnerability as Severity: High, Confidence: Tentative. I didn't find a way to exploit this line within a scenario since there is no parameter exists that can be...

Bypass racaptcha on website login

How do i bypass recaptcha on website login/signup page at the time of making intruder attack?

Can you implement the Send Intruder technique to a project in Java, Android Studio or php??

I would like to know how Burp Suite performs the capture of the http request and how it is modified and how it is sent back to the destination server with the POST method. And I would also like to know if that attack can...

Captcha

Hi. I am trying to use burp suite for testing on a site but the site has a captcha and not sure how I can make burp suite bypass it ? The captcha is a image with 4 digits. I assume every time the page is loaded it changes...

Burp workings

Hii...I have tomcat server running which has vulnerable websites for the purpose of learning how to hack them..I have installed burp suite and now it is intercepting the requests but not forwarding the requests to tomcat...

Delete issues through extension

I created a burp extension in python that scans from a list of URLs and generates a report after it is done. I'm not able to find a method in the API that allows me to clear all reported issues. Is this possible? If so it...

WCF binary decode failure

I'm testing a fat client application that passes all its traffic through SSL, WCF binary encoded. It also looks like it is being compressed (Content-Type: x-deflate) which adds another level of PiTA. I'm using the "WCF...

How do I calculate the length in the proxy http history

I was wondering about the size in the length column (in proxy http history),it has been said in the documentation that the length refer to the response length but it dose not seems like this, for example I have length is...

Scanner very slow

Hi - I'm attempting a non-authenticated point and click scan of our SaaS application. There are over 1,300 items, many of which are 404.aspx and the help system. Why is it so slow? When I started it 12 hours ago, it seemed...

Basic Intruder Question using Base64 Encode

Im trying to use Burp to access my base64 protected site to see if it is possible, however I am having a problem learning about where positions should be tagged at in a base64 string. User-Agent: Mozilla/5.0 (Windows NT...

Enable parameters to be identified in a Target Analysis

I am running an instance of BURP Pro (v1.7.32) with both Passive and Active scanning enabled. When I run a Target Analysis and review what parameters were identified no of the password parameters were identified. Which...

XSS in text/javascript Content-Type

Burp scanner reports that on the text/javascript content type, XSS is possible with Severity: High, Confidence: Certain but I didn't find a way to prove it with a PoC. All modern browsers behave text/javascript files not as...

Change part of a URL in a project

Hi, We have extensively done browsing to record as most URLs as possible for a particular website, and tested that version, which resides in: www.mydomain.com/uat/application. Now we've moved the same website to...

Http headers manipulation

Burp tool is manipulating my http origin and referrer header. Please provide a way around to disable that