Burp Suite User Forum
Hello All, I am working on a extension development which has a requirement for custom UI for intruder tab with default intruder functionalities (i.e. the ui is only different, core functionality will be same as intruder...
I am getting
Hola Working on site that is reporting the new Burp finding for Form Action Hijacking (Reflective). The application has a POST parameter that is place in the form action html tag. Would you consider this finding in the...
Hi - Was able to use burp with my previous device (iphone 6), but trying to configure my new iphone 7 and not having any luck. Without cert installed I can access http sites with burp, but after installing the cert my device...
I'm trying to deploy an instance of Private Burp Collaborator Server but it seems that burp.jar is ignoring the parameter --collaborator-server. From the help I can see the option there. root@zion:~/Downloads# java -jar...
Hi Team, We have tested one app in which we have set cookie as secure & HTTPONLY from code level. But still its showing us below issue during scanning. "Cookie without httponly flag set" Kindly suggest why its showing...
Analysis of a token in hex format that is 4 bytes in total length, for example: AB FF 81 4E When I load a series of tokens into sequencer, it interprets the token lenght as 8, which is not the case. AB is one byte, FF is...
How do I use burp suite to scan hidden fields that show up when I spider a website. When I spider a website, I get two option submit or ignore. How do I test those hidden fields automatically to make sure no one can use...
Not able access the mobile request after a successful configuration with the mobile device as instruction shown over the portswigger page can anyone help me quick need urgent.
I have a question on how the sequencer works. Are the tests (monotest, poker, etc) executed on each token and then averaged? So with, for example, 5000 tokens you would have a "decent" average? I know that by definition the...
I followed the "Getting Started" instructions. Checked for Java, did not find it, downloaded latest JRE, tried to install it and got error message to run SxsTrace. Not sure what to do next and finding nothing in any of your...
Team, I am getting below error while running burp suite "client failed to negotiate an SSL connection to " " :443.remote
Hey, I have a web app that has an "Add User" feature. The form submission includes lots of details (about 150) and one of the fields submitted is the "Username" field. I have used the pitchfork attack type and this...
hello, After proxy connection, http://burp Only proxy history is shown at the time of input CA Certificate Icons do not exist in upper right corner Help plz
Hi, I am accessing my application through some different proxy and port (not local) and also connected via VPN. Now i need to do security test of that application using Burp. Could you please give me the detailed...
I have a problem with writting macro for JSF login page. I have done every possible things (remove cookies, javax.faces.ViewState etc.) but I havent figured it out. Any ideas for this problem? Thank you in...
<script>alert(1)</script> How burp insert this payload
Hi, Is it possible from a custom plugin to delete target, proxy, scanner and spider information per domain? e.g. delete and target, proxy, scanner or spider information for www.abc.com, but keep rest? Many thanks, ...
Hi, I'm using Burp Suite Free Edition v1.7.22 Is there any way to view the current SSL protocol in use while intercepting traffic? SSL 3 vs TLS 1.1, etc.
Hi, Is it possible within a burp extension to change a responses status code? Or if not, is it possible within a burp extension to intercept a request (not a response) and generate an entire fake response instead of...
Page 297 of 322
Your source for help and advice on all things Burp-related.