How do I? - Page 297 - Burp Suite User Forum

Need info for creating custom intruder gui

Hello All, I am working on a extension development which has a requirement for custom UI for intruder tab with default intruder functionalities (i.e. the ui is only different, core functionality will be same as intruder...

JavaScript not detected error?

I am getting

Form action hijacking

Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the...

Https not working on new phone

Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device...

Private Burp Collaborator Server is not working only for me apparently

I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar...

security testing

Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing...

Analysing a token in hex format with sequencer

Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is...

How do I use burp suite to scan hidden fields automatically

How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use...

not able access the mobile request after a successful configuration.

Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.

Sequencer

I have a question on how the sequencer works. Are the tests (monotest, poker, etc) executed on each token and then averaged? So with, for example, 5000 tokens you would have a "decent" average? I know that by definition the...

JRE Install didn't work.

I followed the "Getting Started" instructions. Checked for Java, did not find it, downloaded latest JRE, tried to install it and got error message to run SxsTrace. Not sure what to do next and finding nothing in any of your...

hi

Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote

How Do I: Tell Intruder that a particular field must be unique for every request?

Hey, I have a web app that has an "Add User" feature. The form submission includes lots of details (about 150) and one of the fields submitted is the "Username" field. I have used the pitchfork attack type and this...

http://burp problem. help plz

hello, After proxy connection, http://burp Only proxy history is shown at the time of input CA Certificate Icons do not exist in upper right corner Help plz

Trying to connect different proxy instead of localhost.. How can i do it?

Hi, I am accessing my application through some different proxy and port (not local) and also connected via VPN. Now i need to do security test of that application using Burp. Could you please give me the detailed...

How to write macro for JSF login page

I have a problem with writting macro for JSF login page. I have done every possible things (remove cookies, javax.faces.ViewState etc.) but I havent figured it out. Any ideas for this problem? Thank you in...

burp intruder

Deleting target, proxy, scanner and spider per domain

Hi, Is it possible from a custom plugin to delete target, proxy, scanner and spider information per domain? e.g. delete and target, proxy, scanner or spider information for www.abc.com, but keep rest? Many thanks, ...

How do I detect the current SSL protocol

Hi, I'm using Burp Suite Free Edition v1.7.22 Is there any way to view the current SSL protocol in use while intercepting traffic? SSL 3 vs TLS 1.1, etc.

Modify a response status code

Hi, Is it possible within a burp extension to change a responses status code? Or if not, is it possible within a burp extension to intercept a request (not a response) and generate an entire fake response instead of...