How do I? - Page 288 - Burp Suite User Forum

How to handle JWT sessions in burp.

What about applications which is having JWT as authentication, Session expires quickly in that, How to handle that ?

Unable to access server after adding same server and port in Burp Proxy settings

Hi I have added server ip and port being used in firefox proxy settings as well as in Burp Proxy settings, but I am unable to access server in browser. Each time I try to open server page, it open up the Burp Suite...

Use Burp Suite Community in compagny context

Hello, Can I use Burp Suite Community Edition in my compagny or I must purchase de Professionnal Edition ? Thanks in advance for your reply. Regards,

SOCKS proxy runs very slow

I configured my burp suite by default port (127.0.0.1:8080). I'm running Firefox 48, Java 8_101 (Both Latest versions) CA certificate is already installed. The problem is: When I use SOCKS proxy in User...

Replacement of XML value in the body

Hello, I would like to replace two different values in a SOAP request by the result of a local python script and thus for all SOAP requests that Burp proceeds (intruder, scanner...). Should I develop my own extension? If...

Get Spider Status thru API

I don't think, there is a way we can get the status of Spider tool thru API. Is this something that can be done in future updates?

testing an iPad application that uses Mobile Iron Tunnel VPN software

HI, Just wondering has anyone any security experience of testing iPad applications which use VPN Tunnel functionality on an iPad? What should I check? how I can intercept traffic using the VPN? Im looking to test to see...

Transparent proxy to intercept pgsql

Hi, how can i intercept pgsql traffic (client software <-> pgsql server) with burp? I tried this: - Burp Proxy Listener <IP>:8080, Invisible: check bind to specific address <my IP> - arpspoofing (because systemwide...

The client failed to negotiate an SSL connection to xxx.xxx:443: Received fatal alert: unknown_ca

I able to see all the traffic but I still this alert almost per request sent

Automatic Backup

When automatically backing up the state of Burp Suite it creates a new file each time it saves the state at whatever time interval you set. Is there a way to overwrite the saved state file each time it saves? We currently...

Security assessment of few REST APIs using BurpSuite Pro

I need to do security assessment of few REST APIs and I have BurpSuite Pro tool. 1. If I setup the burp proxy on browser to capture all request / response and scan, is BurpSuite Pro capable of identifying the...

Testing through Cisco Smart Tunnel

Has anyone ever tested an application that required them to use Cisco's Smart Tunnel SSL VPN? This is the quick one liner from Cisco discussing this solution: "A smart tunnel is a connection between a TCP-based application...

Remove URLs from Running "Active Scan".

How can I remove or exclude the URLs from the running "Active Scan". If it is not there, it would be appreciated to add.

How do I disable ALL checks on the new scanner?

I need for example to check only for ONE vulnerability. How do I do that in your new scanner?

Burp Scanner Unique Param Validation

How do you deal with forms that require a unique param value in Burp Scanner? For example, registration forms require a unique email address to pass validation. Burp submits the form, fuzzing 1 param at a time. The...

How do i SAVE the ongoing Scan?

Hi all, I've noticed the Burpsuite is discouraging the usage of the "Legacy State" files. But then when i tried to use "Project State" files instead, my previously ONGOING scan states aren't resumed anymore. In fact the...

Don't allow Set-Cookie to add cookies to Requests

Hi, I have a scenario and only discovered when using Logger++. When using the Burp scanner, the response will give a 400 straight away because the HTTP request is too large (Multiple Cookies). The repeater works multiple...

error proxy

I've been trying to set up the burp suite, but no matter what I do it always gives error. I open the browser and say that my connection has been interrupted or my browser is not authorized to use the proxy, it always asks me...

Can I customize the information stored in the project file?

Hi there! I have created 2 macros that have registered about 5 items. By a session handling rules, I have run one macro before scanning and another macros running after scanning. Then, the project file have become very...

Dropping requests to specific domains or hostnames without the Out-of-scope feature

I have a handful of hostnames / domains that I want requests to those domains dropped. Most of the requests are automated in nature e.g. browser requests to ^detectportal\.firefox\.com$ or ^apis\.google\.com$, hence, they...