Burp Suite User Forum

Create new post

Is there a way to determine which software is being used like Adobe Cold Fusion 9 or 10 ?

Hello, when I am doing a active scanning is there a way to detect what software is running. Like if the server process Adobe Cold Fusion or Apache or PHP or ASP.NET?

Last updated: Dec 01, 2016 09:48AM UTC | 1 Agent replies | 0 Community replies | How do I?

Dynamic URL cannot be spidered or scanned

Hi, We have an issue with a site that all the URL are generated on the fly with random URL string. They can only be clicked once. Any request sent to the same URL will invalidate the session. So spidering and scanning...

Last updated: Nov 29, 2016 09:55AM UTC | 1 Agent replies | 0 Community replies | How do I?

How do I automate Active Scanning

Hi! Which Extender APIs should I be looking at if I want to automate the following (similar to Carbonator but a bit different): 1. My extension runs in headless mode (as Carbonator does). 2. Target URL and the whole...

Last updated: Nov 29, 2016 09:53AM UTC | 1 Agent replies | 0 Community replies | How do I?

google translate through Burp proxy

In Google Chrome on configuring the browser with Burp proxy, google translate extension is not working.

Last updated: Nov 28, 2016 11:42AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Infiltrator

I have patched the burp infiltrator and a file named infiltrator.config is also present. But while scanning I am not getting the issues reported by infiltrator.

Last updated: Nov 23, 2016 01:37PM UTC | 3 Agent replies | 2 Community replies | How do I?

This is really awesome tool ever

This is really awesome tool ever.

Last updated: Nov 22, 2016 05:52AM UTC | 0 Agent replies | 0 Community replies | How do I?

Intruder options:

Under Intruder, there is a section named "Payload Encoding", it allows to URL encode certain characters. Why is burp doing so, in other words, why are we bothering to URL encode the payloads before they reach the web...

Last updated: Nov 21, 2016 04:48PM UTC | 2 Agent replies | 1 Community replies | How do I?

Port 25 needed for new SMTP Checks on Private Collaborator Server?

Hi, Does port 25 need to be opened in the firewall for the new SMTP checks to work on our private Collaborator Server and is there an option to set the listening port? aka "smtp": { "port" : 8025 } Thanks

Last updated: Nov 21, 2016 11:48AM UTC | 1 Agent replies | 2 Community replies | How do I?

Http History does not record calls from browser to webapi on the target site

I am using Burp Suite Professional 1.7.04 In an application that hosts a Silverlight component I can see calls to the component's host page in the Http History. The Silverlight component makes https REST API calls back...

Last updated: Nov 16, 2016 04:23PM UTC | 1 Agent replies | 0 Community replies | How do I?

Injecting special characters like " /,*,' " into an http request

Hi Mr. Stuttard, I have an http request which contains following...

Last updated: Nov 16, 2016 09:44AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Collaborator

Hi there, stupid question. How come i don't see the Collaborator tabs within my Burp app? I have my Burp pointing to use the public Collaborator servers but not seeing any of the tabs. What am I missing here? Thanks.

Last updated: Nov 15, 2016 07:10PM UTC | 2 Agent replies | 2 Community replies | How do I?

How do I manage JSON Web Token auth in Burp?

So, while doing active scanning and such, what's the best way to handle JSON Web Tokens that expire quickly? Basically when burp receives an auth failure, to run a post request and retrieve the new JWT to place in the header.

Last updated: Nov 14, 2016 08:10PM UTC | 2 Agent replies | 5 Community replies | How do I?

Replaying all request without payload

Hi, I have a requirement where i need to replay all the request i have in the target. Please suggest me a way to replay all the request.

Last updated: Nov 14, 2016 09:26AM UTC | 1 Agent replies | 0 Community replies | How do I?

Report highlight

Hi I've been using Burp for several year now and am a totally dedicated fan of this product! I have however not until now decided that I should create my own customized reports. There are several reason, but one major...

Last updated: Nov 11, 2016 08:07AM UTC | 1 Agent replies | 1 Community replies | How do I?

CSRF in POST request. Proxy only shows GET.

Found an interesting issue. A recent scan gave a CSRF finding in a POST. Going to the HTTP history tab multiple GETs to the same resource that was identified in the finding but no POSTs were found. How am I able to to create...

Last updated: Nov 07, 2016 03:29PM UTC | 1 Agent replies | 0 Community replies | How do I?

Active Directory Single Sign On

Hello team, Is it possible to use proxy tool when the application use authenthication on Windows Active Directory Single Sign On. Because when i use burp suite i face authorizathion issue. Pleaee help me to sort out

Last updated: Nov 04, 2016 01:43PM UTC | 1 Agent replies | 0 Community replies | How do I?

Manually Recover some items in Corrupt Project file?

I have a very large scan that took place over several days and my computer crashed at some point in the last few hours of the scan. Now the project file is corrupt and Burp cannot repair the scan issues. It was able to pull...

Last updated: Oct 31, 2016 04:00PM UTC | 1 Agent replies | 0 Community replies | How do I?

Registered in England and Wales (company no. 6719143)

We perform the payment of the renewal of the license number of the Company 6719143. the license has not been renewed We send e-payment support licensing@portswigger.net ; office@portswigger.net;

Last updated: Oct 31, 2016 08:56AM UTC | 1 Agent replies | 0 Community replies | How do I?

How "real world" is the CSRF PoC Generator

So here is my dilemma. I found a website that potentially has a CSRF vulnerability and when I proxy my traffic through Burp, generate the PoC html file, CSRF works. The thing as, as far as I know, the CSRF token isnt being...

Last updated: Oct 28, 2016 03:56PM UTC | 1 Agent replies | 0 Community replies | How do I?

Invisible listener for websocket traffic

I'm trying to see WebSocket traffic for an application on an iPhone. I've configured the iPhone and Burp using these two...

Last updated: Oct 28, 2016 09:46AM UTC | 1 Agent replies | 0 Community replies | How do I?

Page 295 of 313

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image