How do I? - Page 296 - Burp Suite User Forum

Bypass racaptcha on website login

How do i bypass recaptcha on website login/signup page at the time of making intruder attack?

Can you implement the Send Intruder technique to a project in Java, Android Studio or php??

I would like to know how Burp Suite performs the capture of the http request and how it is modified and how it is sent back to the destination server with the POST method. And I would also like to know if that attack can...

Captcha

Hi. I am trying to use burp suite for testing on a site but the site has a captcha and not sure how I can make burp suite bypass it ? The captcha is a image with 4 digits. I assume every time the page is loaded it changes...

Burp workings

Hii...I have tomcat server running which has vulnerable websites for the purpose of learning how to hack them..I have installed burp suite and now it is intercepting the requests but not forwarding the requests to tomcat...

Delete issues through extension

I created a burp extension in python that scans from a list of URLs and generates a report after it is done. I'm not able to find a method in the API that allows me to clear all reported issues. Is this possible? If so it...

WCF binary decode failure

I'm testing a fat client application that passes all its traffic through SSL, WCF binary encoded. It also looks like it is being compressed (Content-Type: x-deflate) which adds another level of PiTA. I'm using the "WCF...

How do I calculate the length in the proxy http history

I was wondering about the size in the length column (in proxy http history),it has been said in the documentation that the length refer to the response length but it dose not seems like this, for example I have length is...

Scanner very slow

Hi - I'm attempting a non-authenticated point and click scan of our SaaS application. There are over 1,300 items, many of which are 404.aspx and the help system. Why is it so slow? When I started it 12 hours ago, it seemed...

Basic Intruder Question using Base64 Encode

Im trying to use Burp to access my base64 protected site to see if it is possible, however I am having a problem learning about where positions should be tagged at in a base64 string. User-Agent: Mozilla/5.0 (Windows NT...

Enable parameters to be identified in a Target Analysis

I am running an instance of BURP Pro (v1.7.32) with both Passive and Active scanning enabled. When I run a Target Analysis and review what parameters were identified no of the password parameters were identified. Which...

XSS in text/javascript Content-Type

Burp scanner reports that on the text/javascript content type, XSS is possible with Severity: High, Confidence: Certain but I didn't find a way to prove it with a PoC. All modern browsers behave text/javascript files not as...

Change part of a URL in a project

Hi, We have extensively done browsing to record as most URLs as possible for a particular website, and tested that version, which resides in: www.mydomain.com/uat/application. Now we've moved the same website to...

Http headers manipulation

Burp tool is manipulating my http origin and referrer header. Please provide a way around to disable that

How to handle JWT sessions in burp.

What about applications which is having JWT as authentication, Session expires quickly in that, How to handle that ?

Unable to access server after adding same server and port in Burp Proxy settings

Hi I have added server ip and port being used in firefox proxy settings as well as in Burp Proxy settings, but I am unable to access server in browser. Each time I try to open server page, it open up the Burp Suite...

Use Burp Suite Community in compagny context

Hello, Can I use Burp Suite Community Edition in my compagny or I must purchase de Professionnal Edition ? Thanks in advance for your reply. Regards,

SOCKS proxy runs very slow

I configured my burp suite by default port (127.0.0.1:8080). I'm running Firefox 48, Java 8_101 (Both Latest versions) CA certificate is already installed. The problem is: When I use SOCKS proxy in User...

Replacement of XML value in the body

Hello, I would like to replace two different values in a SOAP request by the result of a local python script and thus for all SOAP requests that Burp proceeds (intruder, scanner...). Should I develop my own extension? If...

Get Spider Status thru API

I don't think, there is a way we can get the status of Spider tool thru API. Is this something that can be done in future updates?

testing an iPad application that uses Mobile Iron Tunnel VPN software

HI, Just wondering has anyone any security experience of testing iPad applications which use VPN Tunnel functionality on an iPad? What should I check? how I can intercept traffic using the VPN? Im looking to test to see...