How do I? - Page 295 - Burp Suite User Forum

%3cdiv Onload=alert() autofocus%3E%3c/div%3E

Ignore this

localhost in waiting forever

Hi all, im trying to use burp suite with DVWA in order to make some experiments. Burp Suite is configured as written in the guide available in the website. 127.0.0.1 and 8080 as a port. My localhost as well works fine. Proxy...

Repeater Connection reset

Hi Trying to test payload coming into one of our server (GET /producer/research_display.php?ID=-null+UNiON+ALL+SELECT+null,null,null,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54657374,n HTTP/1.1) and receiving...

Stored XSS - detection tweaks

Hi, Usually, when I'm going through some wizard, e.g. "Create new XXX", all that is required is to create new item XXX is to do a simple POST with all data included. I can then send this POST into the Burp and run active...

Burp Collaborator disappeared from default dropdown menu?

Hello, I am suddenly unable to find Burp Collaborator on dropdown menu. I am already familiar with using Burp Collab, but ever since my license recently expired and I updated Burp, I am unable to find a way to launch the...

Getting Scan result report

I have added scans to the burp suite professional and notice that under my scanner and scan queue tab that issues have been identified, however I am unable to view or print out a report on what the vulnerability were....

Scope Control

Domains can be in one of three states: in scope, out of scope, or undecided. A domain is undecided if it is not mentioned by any of the in/out of scope rules. In the site map, I would like Burp Suite to hide domains that I...

VPN Connection - No Proxy Results

I'm having trouble with getting results from a website I am connecting to over a VPN. I can get results in the Burp Proxy without the VPN going to Google or some other public site. When the VPN is on in get no results...

replace license file

Hello, My company has purchased a 6-user license file to be used by its empoloyees. What can we do in the event of an employee quitting or being fired, so that that employee will not be able to use that license? Is...

Java Error Occured during Pentesting on .jsp webpage

I have been prompted with the below java error on doing the Security testing with help of burp suite scanner to test for vulnerabilities . I would like to inform that response code of response is 400, 404 etc and session is...

cannot get burp proxy to work with firefox

not sure what is going wrong with this. I have all settings correct. In burp i have the interface set to 127.0.0.1 and port set as 8080 (I have tried other ports as well). In firefox I Have the proxy set to...

How do I manual add a vulnerability

Using the intruder functionality, i saw the application was vulnerable to a XSS (with a custom payload). Active/Passive Scan doesn't find it. So I have a hit but how can i flag this payload/result with this params as a...

Unable to intercept and edit requests and responses in Android Application.

Hello, Am testing an e-commerce application on my Xiaomi android mobile running on 4.4.4. I'm able to see the requests and responses but before I edit and change them, they reach their destination. i.e when i try to edit...

Burp Spider deleted controls in a SalesForce application

Hi - We recently spidered a Salesforce application and this resulted to changes in the application such as: Deleted custom field Changed the UI Skin Changed Enable Drag-and-Drop Editing on Calendar Views from on...

Purchased Burp Suite but have not received License

I purchased Burp Suite on May 10 for $349. It has been 5 days and I have still not received my License. Burp Suite is terrible and no one every responds to emails.

Import Client SSL Certificates (.CER files)

I was trying to load a .CER file into the Client SSL section for the proxy server, however it says it requires a password. Is there any way around this? I tried the Openssl method of setting a custom password except there...

Automate Burp License Activation

We are working on a project, where we wanted to deploy Burp on a container in a ci/cd. Is there a way to automate the Burp License Activation process programmatically eitherway in a headless mode ? Has anyone given it...

certificate_unknown

I have an iOS app I'm testing on an iPhone 5c running iOS 10.3.3. The Burp certificate is correctly installed on the device as I'm able to see https web requests and https app requests from other applications within Burp...

How do i prevent cookie ID injections in the request parameter?

I have a case where we recorded a bunch of URL's and re-scanning them. During the re-scan the session expired. So to create an active session i have created a session handling rule to trigger login and create a new Session...

Burp/run analytics

I would like to know how to run analytics