How do I? - Page 294 - Burp Suite User Forum

How do I configure BURP to ignore method OPTIONS on scope?

Hello there, How do I configure BURP to ignore method OPTIONS on scope? This is very annoying. Tks!

Connection types

Hello. In every single site my connection is closed is it ok?Can i use burp with closed connection or there is something wrong

how to generate different token or session id for every request that i made using intruder?

how to generate different token or session id for every request that i made using intruder? your support already give a suggest, i can change the token using random value using payload. But from my understanding, the...

Letsencrypt Support

Hi all, Is there a recommended way to use Letsencrypt certificates on collaborator at all? We're using it to handle all of the DNS for a dedicated domain solely for Burp so setting up another DNS server for one request to...

Burp Pro v1.7.34

Can i get trial version for win64? 2 day of trial period will be fine to check all i need. Thanks

Android traffic interception when app is accessed via VPN

hi , My Android app is accessible only when connected via VPN connection on my Android device. Please tell me how to intercept app traffic on my laptop running Burp tool Regards, Garry

Get the type of check being performed by the scanner using a BurpExtender script

Hi, When implementing a BurpExtender script, and specifically a http listener, I know i can check if the Scanner generated the http message like so: def processHttpMessage(self, toolFlag, messageIsRequest,...

Licensing and number of activations

Hi guys, while requesting for Burp trial license , i gave the 'number of users' to be one. Does that mean burp can be installed only once ? Because i was able to install in 3 locations (different systems) and the 4th time...

Doesn't Intercept Messages

When I run WebGoat as described in its user guide, it works exactly as it should. And, whenever I run Burp Suite as described in its documentation, it also works perfectly. However, when I attempt to use Burp Suite as a...

The type element in the XML report

From manual about Reporting: >> The type element contains an integer that uniquely identifies the issue type (SQL injection, XSS, etc.) For example, for SQL injection Type index is 0x00100200 (from here: ...

"failed to save project burp.czi"

Hey. When you save the project, here comes this error, tell me how to fix it error screenshot http://prntscr.com/j7d1wd

download sarfari CA certificate

According to the instructions, it says: In Safari, visit https://portswigger.net.In the warning dialog titled "Safari can't verify the identity ..." click "Show Certificate". Well, i go to to that site, using Safari, and...

Scanning abandoned due to too many errors (0% complete)

Hi, I am trying to scan and almost all the requests are getting abandoned due to errors and when checked in Alerts tabs it says "Timeout in transmission from xyz.com". Initially my application was accessible,and after...

Disable autocomplete inside Burp

Is it possible to disable Burp's autocomplete when entering in fields such as search term box in HTTP history? I have issues where it doesn't go away and leaves a blank box or I have to enter what I want and delete it...

XSS DOM-Based

Hi, I'm a relative n00b trying to understand DOM-based XSS from the following issue reported by Burp. I'm trying to figure out if this is false-positive or not. Having difficulty putting together a POC, identifying the...

Needs to know the kind of Security Pen-test in Prod Environment -Web AppSec

Can someone tell me about the various security testing in Web Application involved without creating any junk data in DB or collapsing Duplicating data with original data present and testing will be done in Production...

about web sockets

we are using web socket to connect multiple systems, so one of my pc is having to capture the login request for an application so in that time when i capturing the request automatically it is capturing another url of...

How do I run and existing project with saved target on command line

I captured traffic from the Buite Suite. Then I go from Target > Site Map > I righted click and did a active scan on the host I captured. I export the result manually and saved my project to my_captured_project.burp My...

updates

Why is it so that every time I open a new Burp session I get a pop screen stating that a new update is available. This happens even after updating it a few moments earlier. I'm trying to automate the scanning process and...

Target for scan

hey, if my target for scanning is https://xx.com, how would i create a rule or a policy to scan every sub-domain under the domain??