How do I? - Page 292 - Burp Suite User Forum

spider for http basic auth w/o TLS

Hello all, http basic auth used in the clear (without TLS) is considered a security violation in my organization. We have a large number of web servers some with very deep levels of pages, so looking for this by hand is...

Intruder: Alternative Position Markers

Hello, How should I proceed if a request (e.g. in the body of a POST request) contains the character "§"? Since this character is the default intruder position marker, the intruder seems to get confused about that in...

Burp spider and archive.org

Is there any way to have the spider function NOT include files it finds on archive.org?

Burp Allowing Traffic Through Intercept

I'm having trouble intercepting traffic on Burp Suite Community Edition. It only captures maybe 1/10th of the traffic going through. All of the defaults are set on the Proxy > Options page and my web browser (mozilla...

Delayed confirmation email

Hello Burp support. I bought a license yesterday but I did not get the confirmation email. When I look at my creditcard I can see that the payment went trough. How long could the proces take? Kind regards

Intercept odd behavior

Hi Support. Seems that while Intercept works, I cannot see anything in "Raw" data tab, but I do see data in "Headers" and "Hex". If I try to forward to Repeater, same thing. Nothing is in HTTP History either. I have...

Restrict interception only on a particular app (Android)

Hi there, I'm new with Burp and want to intercept http & https requests only from specific android apps for testing purposes. I configured burp suite community edition (v.1.7.36) for proxy usage (I add an proxy listener as...

Spider Problem

Hello.Sometimes when I using Spider I logout in web application and return http response 500.I need to login again and start the spider.Can not this be automatic ?When i'm logout web application and spider is login again ?

Macros with Dynamic URL

How can this be done with BURP? I can get the macro working if the URLs are always the same but I'm stuck now that my POST requires a dynamic URL. Trying to do this with Macro/Extension: GET - www.domain.com where a...

How do I sniff packets of a http game?

I have a game, and I converted it’s commincation with the server from https to http so that the endpoint would be http instead. Now all the packets are decrypted and no longer protected. How do I sniff the game now,...

an error when install burp_infiltrator_java.jar on Linux

when I try to install burp_infiltrator_java.jar on linux, a error encountered, I would to share it: Exception in thread "main" java.awt.AWTError: Can't connect to X11 window server using ':0' as the value of the DISPLAY...

Unable to connect to internet with 127.0.0.1 proxy

Burp update HTTP header

Hi, I'm wondering if there is a simple way to update the HTTP header. Basically when a specific request is made a new token is sent in the response. How can I take that value from the response and put it into the header...

Static and Dynamic scan of .NET MVC web application coding in development environment

Hi, I am planning to buy two licenses of Burp Professional. Does Burp professional license includes all the modules/functionalities including static/dynamic scanning of developers actual coding. If not what should I need to...

PLS HELP

How do i use it pls send a video for understanding pls tell..... i have a latest laptop...SO PLS HELP....BY GIVING TRAINING

Spider request queue not stopping.

Hi, I have stopped the spider from running and cleared the queues. This was roughly 30 minutes ago. However, more and more requests are still getting queued. Why is this happening and how do I stop it?

Reroute Domain on Game Client

Hello, i’m working on a game called Marvel Contest of Champions, and i can intercept its proxy with Burp Suite and it gives me the different cloud servers that the data is stored on(mcoc-1800-fbaem.sparxcdn.net) and many...

Scanner: Ignore errors and continue

I am testing a target which intentionally resets the TCP connection if it receives certain kinds of invalid inputs. When performing an active scan, Burp will only perform so many requests before it aborts and reports...

How do I download a list of payloads

Where can I get a list of payloads?

export spider traffic

After spider the host, how can I export the traffic of spider to other tools ?