How do I? - Page 289 - Burp Suite User Forum

Integration of Burp with Jenkins

Hi, I'm using Burp suite pro version. Is it possible to automate the Burp scanning so that we can integrate with the build? Like we have automation testing scripts which we integrated with the build using CI tool...

Burp Suite is corrupt is always corrupted when I download the file.

I try two times download the *.sh file for linux https://portswigger.net/burp/communitydownload But always I download the file this happens gzip: sfx_archive.tar.gz: not in gzip format I am sorry, but the installer...

How to test External service interaction (DNS) & (HTTP) vulnerability ?

I got the vulnerabilities External service interaction (DNS) & External service interaction (HTTP) from burp scan. How can i test whether this is a false positive or not ? I have to add the POC in the report.

why my base response in scanner is incorrect

I have a POST request POST /request/<ID> which gives successful response(200 OK) for a unique id value. But if the same id value is used again, then we get 4XX series of response with an error stating ID already...

Identifying presence of mobile code (STIG assessment)

Is there a list/suite of signatures to check for the presence of mobile code?

Importing Certificates

When attempting to import a certificate and key in DER format the following message appears. "Failed to import certificate: java.security:InvalidKeyException: IO Exception: DERInputStream: getLength(): lengthtag = 127....

Interception Not Working.

Websites aren't loading and I am not receiving the request in the interceptions tab. URLs appear in the history, I have the settings set to default; I have no idea what's wrong, obviously.

1539392247666 Proxy [3] The client failed to negotiate an SSL connection to gateway-carry.icloud.co

Hello, I am trying to connect burp to my phone. I make proxy listener on all interfaces and on port 8080. I then go to my ios device and connect to that proxy. I open up anything and it says "1539392247666 Proxy [3] The...

what payload type I should use in intruder , if password pattern has characters that are known

I am trying to brute forcing a login page using the intruder , attack type cluster bomb , I have defined the payload set 1 for username , in payload set 2 I want to brute the password , noting that I know that the pass...

I can get response in browser but can't when go through Burp

I'm using Burp to find the real video file URL of a web page. I can play the video without any issue in the browser. However, when I set the browser to go through Burp, it simply didn't get the response and wait...

Second User

Hi. Is there a way to create a second user for logging in to https://portswigger.net/users/youraccount? Actually we only have edv@reval.com. Thanks

BurpSuite Enterprise - Agent Health Status: Ouf of Disk Space

Hi everybody, Agents (1.0.04beta) seem to require at least 5GB free space in /tmp. That's what enterpriseAgent.log tells me: 2018-10-12 11:01:50 WARN n.p.enterprise.common.health.e - HealthCheckResult{type=10001,...

Automate Burpe with login Credentials

Hello All, I have two different websites I currently manually scan, both of them require me logging in to scan and spider. I was looking to automate my process with Carbonator but it doesn't seem to have a way for me to...

Network Traffic Control

Hi Support Center Members, We want to control the Network traffic(is caused by Burp) while we are conducting the "Scanner." Is there any function to control the Network traffic or use case(outside the function)? And...

Permission Denied: Connect Error

Whenever I try to open a url with http:// it comes up with an error, Permission Denied: Connect. I am using community edition and firefox. Thanks in advance

'Interface port 8080 is not running'

Hi, I am using Burp Suite 1.6 Free Edition. in proxy option and proxy Listeners section my Interface (127.0.0.1:8080), Running Check Box is not checked ! how do i?, i click the CheckBox but nothing to show. pls help me pic...

Can not using burp when application added Clouldflare

when i try to run my application , i got : Your connection is not private Attackers might be trying to steal your information from x.com (for example, passwords, messages, or credit cards). Learn...

Change parameter submitted during ActiveScan

After migrating to 2.0+, where can we modify the values submitted (POST) during an Audit scan (e.g. Peter Winter, etc.)

Burp Collaborator question

Hello, I hold a licence for Burp PRO and have a question about Burp Collaborator. A few days ago I ran some active scans against an application (some scans were run against a "request support/add ticket" kind of...

Static Application Security Testing

Our team has been discussion implementing SAST for our PHP code to help identify issues earlier in the development cycle. Would please provide a "How To", diagram, helpful hints etc on how we would accomplish this task? ...