Burp Suite User Forum

Create new post

Test thick client which is hard coded with server IP address?

I understand that the Invisible Proxy mode can be used to proxy thick client's HTTP request. However, is this approach feasible for thick client that is hard-coded with server's IP address? The reference below is only...

Last updated: Aug 29, 2017 08:28AM UTC | 1 Agent replies | 0 Community replies | How do I?

Prodigy math game?

When I edit an Item ID, Nothing works, such as when I change the ID for my boots, I just change the code that is the actual item id, and it doesn't change my boots. Am I doing something wrong? Do I have to change anything...

Last updated: Aug 23, 2017 06:24PM UTC | 0 Agent replies | 0 Community replies | How do I?

The Inferred Items in Site Map

Hi, As you know, in the Site Map View, the inferred items are displayed in gray, as they are not actually requested, but Burp discovered links to them in the content requested. My question is: for a specific inferred...

Last updated: Aug 22, 2017 03:44PM UTC | 1 Agent replies | 0 Community replies | How do I?

Configure Burp to recoginze traffic from a Visual Studio debug (Start)

When I start up my application from Visual Studio and I hit "Intercept is on" in Burp, it doesn't seem to see what is happening in the web application. Any help on how to do this?

Last updated: Aug 18, 2017 09:30AM UTC | 1 Agent replies | 0 Community replies | How do I?

Autoscan Insertion points

I am trying to make an extension for burp that provides request and insertion points for scan via command line. I can perform scan on the request with default insertion points of that is by not passing anything for the...

Last updated: Aug 09, 2017 05:42PM UTC | 0 Agent replies | 0 Community replies | How do I?

XSS in json parameters

Hello? I have got several XSS issues from the Burp Scanning but they couldn't be exploitable as the response messages have 'Content-Type: application/json' header. I investigated this with old browsers (e.g. IE8) but...

Last updated: Aug 09, 2017 10:00AM UTC | 3 Agent replies | 2 Community replies | How do I?

BSON Format

Does anyone have experience testing endpoints that expect BSON content? Is it possible to implement a plugin that encodes the Active Scan payloads as to be able to stress these endpoints from Burp Pro? Thanks in advance.

Last updated: Aug 09, 2017 07:19AM UTC | 1 Agent replies | 0 Community replies | How do I?

Intercepting iOS traffic

Burp is giving unkonown certificate errror while intercepting traffic for an ios app which is on https. The certificate has been added the trusted profiles and also app doesn't use certificate pinning .

Last updated: Aug 09, 2017 04:33AM UTC | 1 Agent replies | 1 Community replies | How do I?

Target Scope scan

Good Day May I ask, how can I manually initiate a scan using the Target scope What I have is txt file with urls that has been loaded onto the Target Scope but I'm not sure how the scan is started Thank you Jabu

Last updated: Aug 08, 2017 09:15AM UTC | 1 Agent replies | 0 Community replies | How do I?

Find the actively scan defined insertion points

How do I find which parameter I selected on "actively scan defined insertion points" feature in the context menu of the Intruder? If you go to Scanner tab there will be an item there but no information at all which...

Last updated: Aug 07, 2017 06:44AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp appears not to be working with HTTPS

I have been through every guide on this site. installed and reinstalled certificates. configured burp and browser to work together to generate certificate. checked all settings installed, un-installed and...

Last updated: Aug 03, 2017 12:19AM UTC | 0 Agent replies | 1 Community replies | How do I?

How to test Cross Site

We have bought Burpsuite professional edition .Kindly let us know how to test cross site in our Application. In your tool it is not detecting Cross site in our application but other tool are detecting .Please tell us proper...

Last updated: Aug 02, 2017 08:34AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Collaborator Results & Errors

Hi all, I was checking this one app, where, while using Collaborator feature, I noticed a seemingly inconsistent behavior. The app is protected by Cloudflare, and it is possible that WAF is also in use. I am using...

Last updated: Aug 02, 2017 07:49AM UTC | 1 Agent replies | 0 Community replies | How do I?

issue - license key asking before expiry date

My system asking again and again license key before expiry date

Last updated: Aug 01, 2017 10:23AM UTC | 0 Agent replies | 0 Community replies | How do I?

set up burp suite on a remote host in order for

Hello support... I am looking to have burp suite set up on a remote host in order and our teams connect using a web browser if possible to run pentests on webapps? Thanks, Sam

Last updated: Aug 01, 2017 05:07AM UTC | 1 Agent replies | 1 Community replies | How do I?

Why the content discovery always check the .gif file?

When I use the content discovery,I found this will genered a ton of task to check .gif filetype?maybe I missed some setting? Queued Tasks Path /Tasks /requests /xx/xx/images/ Test...

Last updated: Jul 31, 2017 03:00PM UTC | 1 Agent replies | 0 Community replies | How do I?

Getting err_cert_authority_invalid after following the instruction to configure in Android

Hi, I am getting the error: err_cert_authority_invalid after i installing cacert in Android device. I follow the step that is available here and still getting this error. Please help. Thank you!

Last updated: Jul 31, 2017 07:43AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Proxy and Microsoft Office Plugin?

Trying to test a new app we're developing which has a plugin for Office that is a browser that allows for a template like builder pulling data from auth'd server. Tyring to figure out how to proxy that plugin w/in MS Office...

Last updated: Jul 31, 2017 06:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

JSON and form-urlencoded encoded payloads in Burp Intruder

The application I'm running a security assessment on encodes POST requests as a URL encoded parameter containing...

Last updated: Jul 28, 2017 03:45PM UTC | 2 Agent replies | 3 Community replies | How do I?

Recovery Upon Burp Crash

Burp crashes and I need to recover results/findings of the scan. Burp used to offer automatic backups but that's no longer available in v1.7.x. Is there a way to recover the many hours of lost scan results ? I'm using the...

Last updated: Jul 26, 2017 08:13AM UTC | 4 Agent replies | 4 Community replies | How do I?

Page 287 of 313

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image