How do I? - Page 292 - Burp Suite User Forum

OctoDeploy Code Scans with Headless Burp Scanning? Oh My!

Hello Everyone, I am attempting to accomplish the following and I need some advice. End Goal: Setup Burp Suite to run in headless mode on a CentOS 7 box for scanning of company-owned domains on demand. We are using...

Macro: How to receive a parameter from POST response to use it in the next GET request

Hi community, I am currently testing a REST API and I would like to use a JSON parameter from a POST response in the next GET request. The workflow is the following: 1. POST to application like: POST...

Korean characters not displayed correctly in the Proxy response tab

Dear Burp Proxy support team, I tried to execute burp by using -Dencodingfile=EUR-KR options. However, in my response tab, Korean characters are only displayed as []. Do you have any suggestion on how to solve this...

Issues and advisory panel not showing in sitemap

Hi, Issues and advisory panels are not showing in sitemap. I am using free edition v1.7.27

I want to know how long a particular API has taken to load

Where I can find the time taken by API to load. I am using HTTP proxy. I know we can check time taken by using Repeater tab. But, I want to know the time taken by API when it is being used by an app or website on mobile.

Burp Intruder Payload Processor Extension for running custom shell/python scripts

Do you know of any extension allowing for running intruder payloads through custom shell/python script? That would be helpful if an app expects some specifically encoded/encrypted data for instance. Thanks, Mike

HTTPS IPv6 failed connection

Burp suite fails to connect when contacting HTTPS web servers that are exclusively IPv6. I can connect to IPv6 HTTP just fine but the I get an error with HTTPS. I do not have any issues with IPv4 HTTPS.

dont read this

sorry, i'll delete it asap<>"

Hide errors from client.

Hi! I am looking a way to hide the errors of burp suite from the client. Sometimes the Internet at our office doesn't connect to the desired website. Instead it redirects it to the ISP homepage. This happens rarely and...

Remember GUI state including column sizing

Hi, is there any way to make Burp remember the exact GUI state that it had when last used? With GUI state I'm referring e.g. to the sizing of columns especially inside the proxy history as well as in extensions such as...

Decoding Gzip/Deflate issues

I'm trying to read the contents of packets sent from an Android device and some packets where Burp can detect Gzip compression, it shows the contents, however there are often times I see packets with this information and...

Burpsuite to online proxy server

I am trying to fuzz my website through an online proxy.I can set the port, however i can not change the "Bind to address" into another IP other than localhost(127.0.0.1). How do i do this?

[intruder] brute forcer tickets get used up?

The website I am testing here does not have any captcha, however it does only allow one login per ticket. It is not a thing because the ticket gets regenerated when browser gets refreshed. How do I get burp suite to generate...

How do I clear all site maps/proxy history etc. quickly?

I can't find a simple way of clearing all the history quickly - I need to reset settings, select all targets, clear, select all proxy history, clear. Is there not a one button way to do this?

1.7.28 Freezing When Installing Plugins

Hi there, I'm running Kali (latest version/updates installed) and under 1.7.27, plugins will install without issue. However, under 1.7.28, installing plugins will cause Burp to hang. Typically this happens when...

Edit Issue Definitions

Hi! I would like to know if there is a way I can edit the default scanner issue definitions. I'd like to change them according to the needs of my organization. Thank you.

Burp Invisible Proxy Mode

So I have been reading over the last week how to setup burp with invisible/transparent proxy. I have a thick client on a Linux server. I have burp running on kali. I changed a route on the linux client so that any https...

How to intercept the traffic of application installed on Android Virtual Device

Hi Team, I have created the Android virtual device on the Windows system using the Android studio. Also I have installed an application on that AVD. Can anyone know how to intercept the traffic ?

Authenticated Scanning

Hi, I'm security engineer and want to do an authenticated scan on my organization websites. I already have a test account to perform the scan. We usually do scans and pen testing on the websites to find the...

Saving options

I created a temporary project, saved my configured options as a User Options, then I load the JSON and they're not in there. I have to turn off Burp Collaborator, have to change my Target view settings, have to reconfigure...