How do I? - Page 299 - Burp Suite User Forum

Can I customize the information stored in the project file?

Hi there! I have created 2 macros that have registered about 5 items. By a session handling rules, I have run one macro before scanning and another macros running after scanning. Then, the project file have become very...

Dropping requests to specific domains or hostnames without the Out-of-scope feature

I have a handful of hostnames / domains that I want requests to those domains dropped. Most of the requests are automated in nature e.g. browser requests to ^detectportal\.firefox\.com$ or ^apis\.google\.com$, hence, they...

Setting up Burp non-interactively (Docker)

Hi, So I was looking to make a docker image of burp (free) and had a quick question. Is there a switch I can pass to the burp JAR file on first run to automate the acceptance of the license agreement? This would be...

Intercepting Traffic

I have a problem and I hope you can assist me. My burp suite can successfully intercept both http/https originated from my browser (CA already installed) but whenever I try an arpspoof attack it doesn't intercept anything...

How do I change a http header value for active scan with stored state file?

Hi, One of applications I am testing is using authorization header for authentication. I stored the state and want to use it for active-scan next time. Would you advise me how to change the authorization header...

burp web interface

I am fresh new burp user, and already completed some of courses but now I cannot reach the burp web interface. Currently burp is working well but when I type http://burp it automatically sends me to tomcat it works page, not...

New license

How long does it take for a new license to get setup? I've been waiting for about 18 hours since purchase and I've had no confirmation by email just yet.

Extension priority during processHttpMessage()

Say you have multiple extensions which implement processHttpMessage(). How is the extension priority defined? For an example imagine a SOC team asks you to make all your requests with the same user agent, how do you make...

Unable to connect www.google.com or www.microsoft.com

Hi, My system IPv4 address : 196.196.9.197 and default gateway : 196.196.0.1 Broswer : Firefox Manual Proxy Setting 196.196.9.197 Port : 8080 In Burp Suite In tab Proxy > Options > Added Interface 196.196.9.197:80...

burp suite not capturing HTTPS in proxy

Hi, i followed all the setting ,and infact able to capture the request in proxy using other tool and i dont know why am not able to capture https request in proxy setting through burp suite. in proxy setting its endlessly...

Server configurations requirement for Burp suite Pro

Hi Team, We would like to use Burp suite Pro to run the source code scan for web application. But we are not sure to calculate how much size of hard disk is required to run VA / PT and RAM requirement and OS requirements....

Merge multiple servers' target info into one server/group

Hi, I'm running automation scripts against 5 different servers. All five servers are virtual machines that are clones of each other and have the exact same version of our software under test on them. When I run my...

Is their restrictions on testing Video upload with Generate CRSF PoC ?

I am using the Generate CRSF PoC to test the CSRF vulnerabilities of my site. But the Submit Request button seems to be disabled or inactive when I create a HTML to retest the upload of a video to my site? Is their...

Burp Suite Proxy will not intercept the site after Intercept mode is on

Even when intercept is turned on, burp suite does not intercept the request. I am able to see the HTTP request made under HTTP history and do an active scan but the status in scan queue gets stuck at 0% complete. Please...

How to resolve error code sec_error_unknown_issuer

How to resolve error code sec_error_unknown_issuer? Why this error occured ? I am using mozilla as well as chrome. Its not working on any of those.

Start Active Scan through Extension

I'm trying to write an extension that starts an Active Scan of a spider crawled URL. Is this possible? I tried calling the doActiveScan method in registerExtenderCallbacks method but it doesn't seem start Active Scan. In...

certificate pinning issue

Hi, We are testing an application which has certificate pinning, but the debug version includes the fingerprint of the charles server of the dev team. We have received this certificate in pfx format, can import into burp...

Penetration tests on standalone app using Burp

Hi , I am required to perform active PEN tests on standalone app using Burp. Need info on how to intercept the requests.. Can you please guide me on this ? Rds, Garry

Automate the scanning process with multiple or all types of known attacks over my web application

Automate the scanning process with multiple or all types of known attacks over my web application. Currently when I run the scanner and attack, only the server config issues are listed in reports and the individual...

Connection reset error or 502 bad gateway

I frequently get connection reset error or 502 Bad gateway error while i crawl through a website whereas the initial requests are 200. All the settings and certificates are in place. Not sure on what other settings to make? ...