Burp Suite User Forum

Create new post

Copying Repeater requests to new project

I have some HTTP requests that I want to copy into a fresh Burp project. I saved them via Burp's "Right-click ... Copy to file" function. When I use "Paste from file" to add an item to Repeater, the item is incomplete,...

Last updated: Jan 30, 2017 09:55AM UTC | 1 Agent replies | 0 Community replies | How do I?

unable to make burp while using mobile data over usb tethering

i am using mobile Internet to connect burp over Kali 32 bit over usb tethering ,, but after my first request it moves the screen from browser to burp and no further request is processed . i installed proper burp certificate...

Last updated: Jan 26, 2017 02:04PM UTC | 4 Agent replies | 5 Community replies | How do I?

Certificate help

Hello, I installed the Burp Certificates using the instructions provided but when I access a website I am trying to test I am still getting the warning that connection is not secure. Please help!

Last updated: Jan 26, 2017 09:06AM UTC | 1 Agent replies | 0 Community replies | How do I?

modifications visible in the proxy

Hello, I would like to implement a simmilar extension like this example: https://github.com/monikamorrow/Burp-Suite-Extension-Examples/blob/master/Example1FindReplace/BurpExtender/src/burp/BurpExtender.java However, I...

Last updated: Jan 24, 2017 03:30PM UTC | 3 Agent replies | 2 Community replies | How do I?

how to configure the session management

Hi, Regarding session management, I would like to confirm followings: (1) is it possible to configure login macro to do following: To login, I need to issue three different commands, assume a, b, c command a...

Last updated: Jan 20, 2017 04:27PM UTC | 1 Agent replies | 0 Community replies | How do I?

Config-file parameter on MacOS

Hi, How can I specify --user-config-file on MacOS ? Thanks for reply

Last updated: Jan 18, 2017 11:53AM UTC | 2 Agent replies | 1 Community replies | How do I?

scan report

Hi, I created a site map and saved the state. Is there a way to automatically send this site map to active scan and then automatically create a report? I noticed I can schedule the task for scan, but not for...

Last updated: Jan 17, 2017 10:00AM UTC | 2 Agent replies | 1 Community replies | How do I?

Burp Extension CSRF Token

Hello, I'm working on an extension where it will automatically grab the last response csrf token and insert it into the HTML header parameter for the POST request. I was able to parse out the CSRF token received from the...

Last updated: Jan 13, 2017 08:47PM UTC | 0 Agent replies | 2 Community replies | How do I?

How to configure a proxy chain with Burp as a last proxy?

I know that Burp can use an upstream proxy server. On the contrary, I need that Burp is the last proxy of a chain (using e.g. ZAP to handle all the traffic). Is it possible to configure Burp in this way? Any help is...

Last updated: Jan 13, 2017 09:01AM UTC | 1 Agent replies | 0 Community replies | How do I?

XML appears good, but Burp keeps giving me a "400" error during XXE Intruder attacks

I'm kind of at a loss and need another set of eyes. I'm attempting to set up XXE attack (Sniper) so we can test a fix, but I keep getting a "400 bad request" message. The payload I am using is as follows: POST...

Last updated: Jan 12, 2017 11:37PM UTC | 1 Agent replies | 2 Community replies | How do I?

comparing reports to view the changes

Ok, I have been scanning my company websites. What I need to do now, is to compared the reports for the mgmt. I save the reports HTML file I have search the BA store could not find anything like this. Is there...

Last updated: Jan 10, 2017 03:33PM UTC | 1 Agent replies | 1 Community replies | How do I?

Interception

Hello, I would like to make an extension for BurpSuite, which would intercept the requests, wait for a time interval, and then send the requests to the server. In the future I am planning also to modify these packets....

Last updated: Jan 09, 2017 11:48AM UTC | 2 Agent replies | 1 Community replies | How do I?

automatically scan the web site

Hi, my goal is to using Burp as a vulnerability scanner and scan the web site automatically. I built site map using spider and content discover, followed the instruction "using burp as a point-and-click scanner". Then I...

Last updated: Jan 09, 2017 09:14AM UTC | 1 Agent replies | 0 Community replies | How do I?

Burp Automated Scanning

While scanning an url having multiple parameters, if burp gets an vulnerability for a parameter does it check for all other parameters or it stops scanning for the url.

Last updated: Jan 09, 2017 08:46AM UTC | 1 Agent replies | 1 Community replies | How do I?

Licensing Burp Pro in VM Environment

In order to test one of our apps, I have to RAS into a VM environment that's not connected to the Internet and install Burp. After performing a manual activation of Burp Pro, I'm able to use Burp as expected. However,...

Last updated: Jan 05, 2017 06:15PM UTC | 0 Agent replies | 0 Community replies | How do I?

Help Alerts java.net.SocketException: Connection reset

When I am actively scanning our website on the internal IP address with Burp Suite Pro, I get a lot of java.net.SocketException: Connection reset So here is the setup of the scan I set the IP address to hostname in the...

Last updated: Jan 05, 2017 04:50PM UTC | 2 Agent replies | 2 Community replies | How do I?

Private Burp Collaborator Issues (Server HTTP connection Error + Verify Warning + Version Warning)

I have set up a private burp collaborator server in AWS using all custom ports but I have redirected the standard ports to these using iptables so from an external perspective they are fine. However I am having several...

Last updated: Jan 04, 2017 09:27PM UTC | 0 Agent replies | 1 Community replies | How do I?

Timings for Request/Responses

Burp Extender's getProxyHistory gives you an array of IHttpRequestResponse objects. How do you obtain the time the request was sent and the response was received? IRequestInfo and IResponseInfo don't appear to provide this...

Last updated: Jan 01, 2017 07:16PM UTC | 2 Agent replies | 2 Community replies | How do I?

reset session in intruder attack

Dears , is it possible while using intruder attack feature to reset the session every request to be able to pay pass the session expiry and continue the attack. https://owa.vodafone.com.eg/my.policy BR,

Last updated: Dec 28, 2016 11:13PM UTC | 1 Agent replies | 1 Community replies | How do I?

Burp Collaborator config

i have a ec2(cloud server amazon), and inside of this server i have a burp, running with "java -jar bur.jar --collaborator-server". In my local machine, i have burp pro. How can i configure my instance of burp in my local...

Last updated: Dec 28, 2016 11:23AM UTC | 2 Agent replies | 4 Community replies | How do I?

Page 297 of 317

Burp Suite Support Center

Your source for help and advice on all things Burp-related.

Burp Suite Support Center image